Solution - Plugin
This solution suggests implementation of the feature in the core.
Take all code in I3e323bcc2 and its related changes, and move that code into a plugin named “Delete Groups”. Essentially, the plugin will have an endpoint that deletes a group.
It is only possible to delete a group if the following prerequisites are met:
- The calling user is an administrator
- The given group is not a system group
- The given group is an internal group (it is assumed that we will not allow to delete external groups)
- The given group is not the owner of any other group(s)
- The given group is not a member of any other group(s)
- The given group is not mentioned in any project’s ACLs
If prerequisites are not met error message describing the root cause will be presented to the user e.g. Group “foo” cannot be deleted since it owns groups “bar”, “pub”.
There is no limitation on scale here.
- Write a script that deletes the groups. Not very clean but it is an option.
- Plugin REST endpoint that deletes the group. By default, the endpoint should
move the group to
refs/deleted-groupsand also ensure that the deletion shows up in the audit log. We could also add a configuration option that allows deleting the group completely. One problem with this is the time for implementing this option. It requires adding some functionality that nobody asked for, and also editing the creation of a new group (if the group is in
refs/deleted-groups, move it from
deleted-groupsand connect it to the audit log of the previously created group).
- Implementing group deletion as a plugin is challenging due to possibility of GUI implementation of delete group on the group page. Existing plugin support lack an endpoint for modifying group UI config page. There is also limitation with using private methods for manipulating groups.
- Simple and fast to implement.
- Doesn’t break the functionality of groups such as audit log and always being able to restore groups.
- It is a plugin, and it requires maintenance.
- Before it could become a core plugin group deletion operation would have to be recorded in the audit log.
Add a feature switch to enable or disable the functionality. By default the functionality is disabled.
This should not take more than a few days to implement, since most of the code is already written.