Request account removal #447
Conversation
Added admin-level endpoints to delete an account from queue, or ignore the request. All actions are logged and stored in a separate table. Ignore functionality was removed as a user-accessible endpoint.
Confirming send_email is cause of test failure in CI.
Set disable_authentication = False for the purposes of testing in CI.
Removed disable_authentication from server_config.json. Disabled account deleted send_email() for testing.
This reverts commit e1b35f9.
charles-cowart
force-pushed
the
request_account_removal
branch
from
37a1117 to
2954b83
Compare
charles-cowart
force-pushed
the
request_account_removal
branch
from
91c164a to
fffbe33
Compare
Another 0101.sql has already been merged into the repository.
Removed unneeded closing quote
|
@cassidysymons Ready for review/approval/merge. |
|
|
||
| # delete the entry from queue. account_delete() will fail | ||
| # w/out this. | ||
| cur.execute("DELETE FROM delete_account_queue WHERE account_id" |
There was a problem hiding this comment.
Maybe I missed it, but shouldn't this method call the account deletion? If it does not, we create (possible) scenario, particularly if multiple transactions are involved, where the account is migrated to the account_removal_log but not actually deleted
There was a problem hiding this comment.
This is handled in allow_removal_request():
delete_user() is called immediately after update_queue() returns and we're sure the change was committed and no RepoExceptions occurred. I believe @cassidysymons and I discussed it previously and we thought better of touching the existing delete code. He might remember it better than I do.
|
make sure new repo has success and failure tests as needed. |
|
@cassidysymons @wasade Unit tests for removal_queue_repo are in. I'm going to address the remaining issues now. |
|
@wasade @cassidysymons Tentatively done. Comments appreciated. |
| return jsonify(code=200, message="Request Accepted"), 200 | ||
|
|
||
|
|
||
| def cancel_request_remove_account(account_id, token_info): |
There was a problem hiding this comment.
verify this has an endpoint.
There was a problem hiding this comment.
Endpoint added. I apparently added cancel_request_remove_account () for completeness. The UI doesn't use this functionality because we didn't want the user to cancel a request once they made it, and do it again. The UI will instead show a 'Your account deletion request is being reviewed.' msg instead.
Endpoint added for cancel_request_remove_account(). This endpoint is not currently used by the UI. API test updated to distinguish between removing the user from the queue using cancel_request_remove_account() vs (admin) ignore_removal_request(). Disposition must now be either 'deleted' or 'ignored'.
|
@cassidysymons tentatively good. Please feel free to review. |
| -- intention is to record the admin who accepted or denied the request | ||
| -- here. This means that an account_id may appear more than once if the | ||
| -- user makes multiple requests. | ||
| disposition VARCHAR(8), |
API support for an account removal queue.