Solution - Plugin
This solution suggests writing a simple plugin that enables deletion of groups.
Take all code in I3e323bcc2 and its related changes, and move that code into a plugin named “Delete Groups”. Essentially, the plugin will have an endpoint that deletes a group.
It is only possible to delete a group if the following prerequisites are met:
- The calling user is an administrator
- The given group is not a system group
- The given group is an internal group (it is assumed that we will not allow to delete external groups)
- The given group is not the owner of any other group(s)
- The given group is not a member of any other group(s)
- The given group is not mentioned in any project’s ACLs
If prerequisites are not met error message describing the root cause will be presented to the user e.g. Group “foo” cannot be deleted since it owns groups “bar”, “pub”.
There is no limitation on scale here.
Write a script that deletes the groups. Not very clean but it is an option.
Plugin REST endpoint that deletes the group. By default, the endpoint should move the group to
refs/deleted-groupsand also ensure that the deletion shows up in the audit log. We could also add a configuration option that allows deleting the group completely. One problem with this is the time for implementing this option. It requires adding some functionality that nobody asked for, and also editing the creation of a new group (if the group is in
refs/deleted-groups, move it from
deleted-groupsand connect it to the audit log of the previously created group).
- Simple and fast to implement.
- Doesn’t break the functionality of groups such as audit log and always being able to restore groups.
- It is a plugin, and it requires maintenance.
- Before it could become a core plugin group deletion operation would have to be recorded in the audit log.
Since most of the code is already written and proposed for review as a core REST API, the plan is to migrate that code into a plugin. Also, need to just add documentation.
This should not take more than a few days to implement, since most of the code is already written.