Skip to content

Implement cascading deletion of user roles and edits with project visibility #3971

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

Implement cascading deletion of user roles and edits with project visibility #3971

wants to merge 4 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Oct 28, 2025
edited
Loading

User deletion left orphaned UserRole and UserEdit records in the database. The deletion dialog provided no visibility into which projects would be affected.

Backend Changes

  • UserController: Enhanced DeleteUser to cascade delete all associated UserRole and UserEdit records. Added validation to prevent admin user deletion (returns 403).
  • New endpoint: GET /v1/users/{userId}/projects returns project names and roles for deletion confirmation.
  • UserProjectInfo DTO: Simple model containing projectId, projectName, and role.
// Cascade deletion implementation
foreach (var (projectId, userRoleId) in user.ProjectRoles)
    await _userRoleRepo.Delete(projectId, userRoleId);

foreach (var (projectId, userEditId) in user.WorkedProjects)
    await _userEditRepo.Delete(projectId, userEditId);

Frontend Changes

  • ConfirmDeletion dialog: Fetches and displays user's project memberships with roles before deletion. Shows loading/error states appropriately.
  • backend/index.ts: Added getUserProjects() function and UserProjectInfo interface.

Tests

Added 5 test cases covering:

  • Cascading deletion of roles and edits
  • Admin user deletion prevention
  • Project listing endpoint (happy path, auth, not found)
Original prompt

This section details on the original issue you should resolve

<issue_title>DeleteUser should interact with project roles and user edits</issue_title>
<issue_description>A site admin, from site settings can delete any non-admin user. Several issues:

  • There's a dialog confirming deletion, but no warnings what projects the user is on or what edits they have
  • When the user is deleted, their user roles and user edits are orphaned in the database
  • The frontend gui prevents admins from deleting other admins, but the backend controller doesn't prevent it

Currently it requires a maintenance script to delete projects and the script handles all the cleanup. Perhaps it should be the same with users. From the gui, would we want the ability to disable accounts instead of deleting them (like archiving a project)?

Todo:

  • In the confirm-deletion dialog, list projects the user is in and what their role is in each project.
  • When the user is deleted, also:
    • delete all their user roles
    • update the projects to remove those roles
    • delete all the user edits</issue_description>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

This change is Reviewable

Copilot AI changed the title [WIP] Update user deletion process with role and edit management Implement cascading deletion of user roles and edits with project visibility Oct 28, 2025
Copilot AI requested a review from imnasnainaec October 28, 2025 19:11
Copilot finished work on behalf of imnasnainaec October 28, 2025 19:11
@github-actions
Copy link

github-actions bot commented Oct 28, 2025

⚠️ Commit Message Format Issues ⚠️
commit c84025e3c1:
1: T1 Title exceeds max length (74>72): "Add frontend support for displaying user projects in deletion confirmation"

@codecov
Copy link

codecov bot commented Oct 28, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 71.23288% with 21 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.36%. Comparing base (0298e39) to head (c209918).

Files with missing lines Patch % Lines
...ts/SiteSettings/UserManagement/ConfirmDeletion.tsx 0.00% 20 Missing ⚠️
Backend/Controllers/UserController.cs 98.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #3971      +/-   ##
==========================================
- Coverage   74.40%   74.36%   -0.04%     
==========================================
  Files         291      291              
  Lines       10790    10862      +72     
  Branches     1351     1360       +9     
==========================================
+ Hits         8028     8078      +50     
- Misses       2373     2393      +20     
- Partials      389      391       +2
Flag Coverage Δ
backend 85.57% <98.11%> (+0.11%) ⬆️
frontend 65.65% <0.00%> (-0.22%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@imnasnainaec imnasnainaec added the 🟩Low Low-priority PR label Oct 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@imnasnainaec imnasnainaec Awaiting requested review from imnasnainaec

At least 1 approving review is required to merge this pull request.

Assignees

@imnasnainaec imnasnainaec

Copilot code review Copilot

Labels

backend frontend 🟩Low Low-priority PR test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

DeleteUser should interact with project roles and user edits

2 participants

@imnasnainaec