On Tuesday 10 August 2010 14:53:35 Marcus Hüwe wrote:
On 2010-08-10 11:56:49 +0200, Adrian Schröter wrote:
On Sunday 08 August 2010 22:30:30 Marcus Hüwe wrote:
On 2010-08-08 14:15:41 -0600, Srinidhi B wrote:
<SNIP>
So, the correct fix would be to update all projects / packages to which this user belongs and only then delete the user from the db? Or should there be some more checks?
Hmm yes + the groups_users table. Additionally the backend needs to be informed too otherwise the user would still be in the project/package metadata.
Yes, actually I would like to remove the "delete user" functionality at all. It can only create trouble and even permission/secrurity problems later.
On the one hand it might cause a lot of problems if it's not implemented correctly but on the other hand this is a "crucial" functionality IMHO. So we would need a concept which solves (or avoids) all the issues...
I am not aware of issues on the OBS actually (backend is not doing anything with the user lists). But if you use OBS as central database for your user accounts you may run into problems with other infrastructure. Or with remote OBS instances if we add more OBS interconnect functionality. Okay, it is an Admin-only option in the end, so the admin should know what he is doing ...
Or we modify the function to lock the user.
Locking would be a nice additional feature:)
Locking exists already ;) -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org