Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: implement deleteUsers mutation #10498

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat: implement deleteUsers mutation #10498

wants to merge 2 commits into from

Conversation

tianrunhe
Copy link
Contributor

@tianrunhe tianrunhe commented Nov 19, 2024
edited
Loading

Description

Part 1 of #10186

Testing scenarios

mutation {
  deleteUsers(emails: [
    "[email protected]",
    "[email protected]"
  ]) {
    ...on ErrorPayload {
      error {
        message
      }
    }
    ...on DeleteUsersSuccess {
      success
    }
  }
}

Final checklist

  • I checked the code review guidelines
  • I have added Metrics Representative as reviewer(s) if my PR invovles metrics/data/analytics related changes
  • I have performed a self-review of my code, the same way I'd do it for any other team member
  • I have tested all cases I listed in the testing scenarios and I haven't found any issues or regressions
  • Whenever I took a non-obvious choice I added a comment explaining why I did it this way
  • I added the label Skip Maintainer Review Indicating the PR only requires reviewer review and can be merged right after it's approved if the PR introduces only minor changes, does not contain any architectural changes or does not introduce any new patterns and I think one review is sufficient'
  • PR title is human readable and could be used in changelog

@tianrunhe tianrunhe linked an issue Nov 19, 2024 that may be closed by this pull request
User can mass select and delete members from the members page #10186
Open
1 task
@tianrunhe tianrunhe changed the title feat/massUserDeletion feat: implement deleteUsers mutations Nov 19, 2024
@tianrunhe tianrunhe changed the title feat: implement deleteUsers mutations feat: implement deleteUsers mutation Nov 19, 2024
Dschoordsch
Dschoordsch requested changes Nov 20, 2024
View reviewed changes
Copy link
Contributor

@Dschoordsch Dschoordsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this would work, but I'm a bit skeptical if it's the correct approach. If I'm a contractor at Contractors United and join Megacorp for a job, I don't want them to be able to delete my whole account just because they have admin rights there.

packages/server/postgres/constants.ts
@@ -2,5 +2,6 @@ export const USER_EMAIL_LIMIT = 500
export const USER_PREFERRED_NAME_LIMIT = 100
export const USER_OVERLIMIT_COPY_LIMIT = 500
export const USER_REASON_REMOVED_LIMIT = 2000
export const USER_BATCH_DELETE_LIMIT = 100
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

-1 this is not used anywhere. Did you forget to check this in the mutation?

packages/server/graphql/public/mutations/deleteUsers.ts
return {error: {message: 'Provide emails'}}
}

if (emails.length > USER_EMAIL_LIMIT) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

-1 wrong limit

packages/server/graphql/public/mutations/deleteUsers.ts
}

if (emails.length > USER_EMAIL_LIMIT) {
return {error: {message: 'Cannot delete more than 100 users at once'}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 would be nice if the 100 in the error message would be replaced with the limit variable as well.

packages/server/graphql/public/mutations/deleteUsers.ts
{authToken, dataLoader}: GQLContext
) => {
if (emails.length === 0) {
return {error: {message: 'Provide emails'}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 'No emails provided' is more intuitive to understand in my opinion

packages/server/graphql/public/typeDefs/DeleteUsersSuccess.graphql
@@ -0,0 +1,3 @@
type DeleteUsersSuccess {
success: Boolean!
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 this seems redundant because it's always true. A list of deleted emails or just the count might be useful instead.

@Dschoordsch
Copy link
Contributor

I think there are 2 possible scenarios we could implement:

  1. the org owns the user, i.e. it owns the email domain the user is registered with, then they can delete it
  2. the org does not own the user, then we should only remove it from the org

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Dschoordsch Dschoordsch Dschoordsch requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
size/m
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

User can mass select and delete members from the members page
2 participants
@tianrunhe @Dschoordsch