[Fix #4576] Do not delete projects which have multiple users #4577
Conversation
readthedocs/core/signals.py
Outdated
| @@ -79,12 +80,16 @@ def decide_if_cors(sender, request, **kwargs): # pylint: disable=unused-argumen | |||
| def delete_projects_and_organizations(sender, instance, *args, **kwargs): | |||
| # Here we count the owner list from the projects that the user own | |||
| # Then exclude the projects where there are more than one owner | |||
| projects = instance.projects.all().annotate(num_users=Count('users')).exclude(num_users__gt=1) | |||
| # Add annotate before filter | |||
| # https://bit.ly/2Nne6ZJ | |||
There was a problem hiding this comment.
nit: I'd use the original link from the docs instead of this one that hides the topic/section
There was a problem hiding this comment.
the link is >100 charecters. linter raise error on that!
There was a problem hiding this comment.
I personally prefer to put a # noqa or similar on this line and have the original link to the docs.
There was a problem hiding this comment.
+1 on dropping bitly link from code. pointing to a github issue or self-reference the pr, or noqa on the line all work for this case.
| obj.refresh_from_db() | ||
| assert obj.id | ||
| obj_users = obj.users.all() | ||
| assert len(obj_users) == 1 |
There was a problem hiding this comment.
We need to take the queryset value in memory eventually. So better to use len() to reduce single COUNT sql query
There was a problem hiding this comment.
I wouldn't use len to count queryset elements independently of the context.
|
There are two unrelated tests failing (yaml config file) |
| import pytest | ||
|
|
||
| from django.contrib.auth.models import User | ||
| from django_dynamic_fixture import G |
There was a problem hiding this comment.
nitpick: we don't use django_dynamic_fixture.G at all, it's a poorly named variable -- linting would pick up on this if we were running pre-commit on our tests. django_dynamic_fixture.get is also poorly named, but much better than G. My personal preference is import django_dynamic_fixture as fixture; fixture.get.
|
|
||
|
|
||
| @pytest.mark.django_db | ||
| class TestProjectOrganizationSignal(object): |
There was a problem hiding this comment.
I'm mostly certain we have tests for both of these cases already. Can you provide test output of these tests without your patch applied?
There was a problem hiding this comment.
I missed adding tests while implementing the feature for both of the case.
Here is the output without applying my patch
=============================================================================== FAILURES ===============================================================================
______________________________________ TestProjectOrganizationSignal.test_multiple_users_project_organization_not_delete[Project] ______________________________________
self = <readthedocs.core.tests.test_signals.TestProjectOrganizationSignal object at 0x10eb85d30>, model_class = <class 'readthedocs.projects.models.Project'>
@pytest.mark.parametrize('model_class', [Project, RemoteOrganization])
def test_multiple_users_project_organization_not_delete(self, model_class):
"""
Check Project or RemoteOrganization which have multiple users do not get deleted
when any of the user delete his account.
"""
obj = django_dynamic_fixture.get(model_class)
user1 = django_dynamic_fixture.get(User)
user2 = django_dynamic_fixture.get(User)
obj.users.add(user1, user2)
obj.refresh_from_db()
assert obj.users.all().count() > 1
# Delete 1 user of the project
user1.delete()
# The project should still exist and it should have 1 user
> obj.refresh_from_db()
core/tests/test_signals.py:52:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
../.tox/py36/lib/python3.6/site-packages/django/db/models/base.py:592: in refresh_from_db
db_instance = db_instance_qs.get()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = [], args = (), kwargs = {}, clone = [], num = 0
def get(self, *args, **kwargs):
"""
Performs the query and returns a single object matching the given
keyword arguments.
"""
clone = self.filter(*args, **kwargs)
if self.query.can_filter() and not self.query.distinct_fields:
clone = clone.order_by()
num = len(clone)
if num == 1:
return clone._result_cache[0]
if not num:
raise self.model.DoesNotExist(
"%s matching query does not exist." %
> self.model._meta.object_name
)
E readthedocs.projects.models.DoesNotExist: Project matching query does not exist.
../.tox/py36/lib/python3.6/site-packages/django/db/models/query.py:387: DoesNotExist
________________________________ TestProjectOrganizationSignal.test_multiple_users_project_organization_not_delete[RemoteOrganization] _________________________________
self = <readthedocs.core.tests.test_signals.TestProjectOrganizationSignal object at 0x10eb9f9b0>, model_class = <class 'readthedocs.oauth.models.RemoteOrganization'>
@pytest.mark.parametrize('model_class', [Project, RemoteOrganization])
def test_multiple_users_project_organization_not_delete(self, model_class):
"""
Check Project or RemoteOrganization which have multiple users do not get deleted
when any of the user delete his account.
"""
obj = django_dynamic_fixture.get(model_class)
user1 = django_dynamic_fixture.get(User)
user2 = django_dynamic_fixture.get(User)
obj.users.add(user1, user2)
obj.refresh_from_db()
assert obj.users.all().count() > 1
# Delete 1 user of the project
user1.delete()
# The project should still exist and it should have 1 user
> obj.refresh_from_db()
core/tests/test_signals.py:52:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
../.tox/py36/lib/python3.6/site-packages/django/db/models/base.py:592: in refresh_from_db
db_instance = db_instance_qs.get()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = [], args = (), kwargs = {}, clone = [], num = 0
def get(self, *args, **kwargs):
"""
Performs the query and returns a single object matching the given
keyword arguments.
"""
clone = self.filter(*args, **kwargs)
if self.query.can_filter() and not self.query.distinct_fields:
clone = clone.order_by()
num = len(clone)
if num == 1:
return clone._result_cache[0]
if not num:
raise self.model.DoesNotExist(
"%s matching query does not exist." %
> self.model._meta.object_name
)
E readthedocs.oauth.models.DoesNotExist: RemoteOrganization matching query does not exist.
../.tox/py36/lib/python3.6/site-packages/django/db/models/query.py:387: DoesNotExist
================================================================= 2 failed, 2 passed in 12.99 seconds ==================================================================
ERROR: InvocationError for command '/Users/safwan/readthedocs/.tox/py36/bin/py.test core -s --reuse-db -vvv' (exited with code 1)
There was a problem hiding this comment.
Maybe is worth it to add a test for the delete_account view too
There was a problem hiding this comment.
Yeah, I am going to add some test on that! but its out of scope of this PR!
will open another PR for that!
There was a problem hiding this comment.
Great, test output looks good. That's what I'd expect if the delete cascaded to the project
readthedocs/core/signals.py
Outdated
| @@ -79,12 +80,16 @@ def decide_if_cors(sender, request, **kwargs): # pylint: disable=unused-argumen | |||
| def delete_projects_and_organizations(sender, instance, *args, **kwargs): | |||
| # Here we count the owner list from the projects that the user own | |||
| # Then exclude the projects where there are more than one owner | |||
| projects = instance.projects.all().annotate(num_users=Count('users')).exclude(num_users__gt=1) | |||
| # Add annotate before filter | |||
| # https://bit.ly/2Nne6ZJ | |||
There was a problem hiding this comment.
+1 on dropping bitly link from code. pointing to a github issue or self-reference the pr, or noqa on the line all work for this case.
| .exclude(num_users__gt=1)) | ||
| oauth_organizations = (RemoteOrganization.objects.annotate(num_users=Count('users')) | ||
| .filter(users=instance.id) | ||
| .exclude(num_users__gt=1)) |
There was a problem hiding this comment.
These changes should conform to our styleguide by running pre-commit on the file
There was a problem hiding this comment.
I think it does not break PEP8 styleguide. Can you explain how it would change?
There was a problem hiding this comment.
Perhaps a link to the style guide is warranted. I don't know of any RTD style guide outside of what the tests do. I searched our docs but I came up empty.
There was a problem hiding this comment.
We have the style guide inside pre-commit p:
There was a problem hiding this comment.
Yup, no explicit styleguide. it's all enforced by pre-commit via yapf and friends. In this specific case, we opt for no right side alignment of variables and arguments. Both are pep8 compliant, but right side alignment is too unreadable and annoying to maintain.
There was a problem hiding this comment.
Info on pre-commit procedure is here:
https://docs.readthedocs.io/en/latest/contribute.html#contributing-to-development
safwanrahman
force-pushed
the
project_delete
branch
from
11b6633 to
f46abb5
Compare
|
updated! |
There was a problem hiding this comment.
Overall, this is a good fix.
At some level, this bug was a mismatch between the expectations of the user and reality. One thing that would clear this up is to show on the delete screen exactly what is going to be removed by a user deleting their account (at least the projects). The Django Admin does this and I think it's a good pattern. That way there are fewer surprises.
| .exclude(num_users__gt=1)) | ||
| oauth_organizations = (RemoteOrganization.objects.annotate(num_users=Count('users')) | ||
| .filter(users=instance.id) | ||
| .exclude(num_users__gt=1)) |
There was a problem hiding this comment.
Perhaps a link to the style guide is warranted. I don't know of any RTD style guide outside of what the tests do. I searched our docs but I came up empty.
| # https://github.com/rtfd/readthedocs.org/pull/4577 | ||
| # https://docs.djangoproject.com/en/2.1/topics/db/aggregation/#order-of-annotate-and-filter-clauses # noqa | ||
| projects = (Project.objects.annotate(num_users=Count('users')).filter(users=instance.id) | ||
| .exclude(num_users__gt=1)) |
There was a problem hiding this comment.
I ran this query and it seems correct to me.
|
Showing changes would be interesting. Though:
Fixing the logic here i think matches user expectations at least |
|
I like @davidfischer's idea about showing what's going to delete. Although, I think we can implement that in another PR and merge this fix soon since it's an important bug and may cause more nightmares to us dealing with the backups. Also, I'd like to think and discuss a little more about what to show. On one side, I suppose that showing the Projects to be deleted is enough, but that seems to be the "common sense" thought and maybe doesn't worth to make it explicit. On another side, I don't want to go too verbose, as @agjohnson said. Maybe we can take a look at what other services do for a similar flow. |
I think only showing the projects is good. If deleting their account means deleting a lot of projects I think it would be nice to know that.
This is not quite correct. Deleting a user in the admin would not delete any projects. We implemented custom logic to delete projects based on a signal. If we plan to only show which projects are deleted, then we only need to copy our own logic.
That's fair. |
|
I want to get this out and style fixes weren't applied. I merged manually. |
|
Thanks @agjohnson. Sorry I missed the styling issue with the pull request discussion! |
Fixes #4576
The query was limiting the users before annotation because of django's backward relation query. the Documentation of django does not provide much information about it, but I have gone through the differentiate of the sql query and found the root cause.
I have also added tests for this so it should not happen again. I should have written the tests when I implemented the feature in #3214.
@agjohnson @humitos r?