Actions
Bug #19501
closed
unsetup should remove all sharing permissions for the deactivated user
Story points:
-
Release:
Release relationship:
Auto
Description
Currently "unsetup" removes VM login and repo perms, deletes SSH keys and API tokens, etc., but retains collection/project-sharing permissions. This is not desirable because
- if the user is re-setup, they will have access to the previously shared items, which the admin might not expect/desire
- the deactivated user may appear in "currently shared with..." lists, which seems confusing
There is a slight wrinkle here that "manage" permission links are deleted by unsetup. This appears to be an accident: the comment suggests only (Arvados-hosted) repository permissions are deleted, but the db query is not restricted to repos.
# delete repo_perms for this user
Link.where(tail_uuid: self.uuid,
link_class: 'permission',
name: 'can_manage').destroy_all
Related issues
Updated by Peter Amstutz about 2 years ago
- Target version changed from 2022-09-28 sprint to 2022-10-12 sprint
Updated by Peter Amstutz about 2 years ago
- Target version changed from 2022-10-12 sprint to 2022-10-26 sprint
Updated by Tom Clegg about 2 years ago
19501-unsetup-permissions @ 61ee61895a33008c70e5a294407cf55efc19622c -- developer-run-tests: #3319
Updated by
Updated by Tom Clegg about 2 years ago
- Status changed from In Progress to Resolved
Applied in changeset arvados|c235da62cb5425e3906f58f398e84e70fec9ae87.
Updated by Brett Smith over 1 year ago
- Related to Bug #20831: User unsetup method does not consistently remove permissions in a federation added
Actions