Solution - Plugin
Overview
This solution suggests implementation of the feature in the core.
Detailed Design
Take all code in I3e323bcc2 and its related changes, and move that code into a plugin named “Delete Groups”. Essentially, the plugin will have an endpoint that deletes a group.
It is only possible to delete a group if the following prerequisites are met:
- The calling user is an administrator
- The given group is not a system group
- The given group is an internal group (it is assumed that we will not allow to delete external groups)
- The given group is not the owner of any other group(s)
- The given group is not a member of any other group(s)
- The given group is not mentioned in any project’s ACLs
If prerequisites are not met error message describing the root cause will be presented to the user e.g. Group “foo” cannot be deleted since it owns groups “bar”, “pub”.
Scalability
There is no limitation on scale here.
Alternatives Considered
- Write a script that deletes the groups. Not very clean but it is an option.
- Plugin REST endpoint that deletes the group. By default, the endpoint should
move the group to
refs/deleted-groups
and also ensure that the deletion shows up in the audit log. We could also add a configuration option that allows deleting the group completely. One problem with this is the time for implementing this option. It requires adding some functionality that nobody asked for, and also editing the creation of a new group (if the group is inrefs/deleted-groups
, move it fromdeleted-groups
and connect it to the audit log of the previously created group). - Implementing group deletion as a plugin is challenging due to possibility of GUI implementation of delete group on the group page. Existing plugin support lack an endpoint for modifying group UI config page. There is also limitation with using private methods for manipulating groups.
Pros and Cons
Pros:
- Simple and fast to implement.
- Doesn’t break the functionality of groups such as audit log and always being able to restore groups.
Cons:
- It is a plugin, and it requires maintenance.
- Before it could become a core plugin group deletion operation would have to be recorded in the audit log.
Implementation Plan
Add a feature switch to enable or disable the functionality. By default the functionality is disabled.
Time Estimation
This should not take more than a few days to implement, since most of the code is already written.