Project

General

Profile

Actions
Copy link

Bug #19501

closed

unsetup should remove all sharing permissions for the deactivated user

Added by Tom Clegg about 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Tom Clegg
Category:
API
Target version:
2022-10-26 sprint
Story points:
-
Release:
Arvados 2.5.0
Release relationship:
Auto

Description

Currently "unsetup" removes VM login and repo perms, deletes SSH keys and API tokens, etc., but retains collection/project-sharing permissions. This is not desirable because
  • if the user is re-setup, they will have access to the previously shared items, which the admin might not expect/desire
  • the deactivated user may appear in "currently shared with..." lists, which seems confusing

There is a slight wrinkle here that "manage" permission links are deleted by unsetup. This appears to be an accident: the comment suggests only (Arvados-hosted) repository permissions are deleted, but the db query is not restricted to repos.

    # delete repo_perms for this user                                                                                                                                                       
    Link.where(tail_uuid: self.uuid,
               link_class: 'permission',
               name: 'can_manage').destroy_all

Subtasks 1 (0 open1 closed)

Task #19506: Review 19501-unsetup-permissionsResolvedTom Clegg10/17/2022Actions

Related issues

Related to Arvados - Bug #20831: User unsetup method does not consistently remove permissions in a federationResolvedPeter Amstutz11/13/2023Actions
Actions
Copy link

Also available in: Atom PDF