Fix admin_mode enforcement in AdjournedGroupDeletionWorker
What does this MR do and why?
Currently if the admin_mode
and group + project deletion protection are
enabled, a group with projects cannot be deleted. The admin_mode
session
value is not persisted to Sidekiq when GroupDestroyWorker
is called by
AdjournedGroupDeletionWorker
.
This MR allows passing an admin_mode
flag
to GroupDestroyWorker
, which will create a temporary admin session to
delete the group. This ensures other polcy checks such as blocking or
user permissions are still enforced, while bypassing the admin_mode
check, which should only be checked when the deletion is scheduled.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Steps to reproduce
- ensure you are not simulating SaaS locally, this is easier to reproduce on SM
- enable "Admin mode" under Admin, Settings, General, Sign-in restrictions
- set "Allowed to delete projects" to "Administrators" under Admin, Settings, General, Visibility and access controls
- set "Deletion Protection" to "Keep deleted groups only for 7 days" under Admin, Settings, General, Visibility and access controls
- as an Admin user, create a group with a project
- as the admin user, remove the group via the group settings page (not from the admin groups page)
- update the group deletion schedule date to more than 7 days in the past, via the console:
pp GroupDeletionSchedule.all
gds = GroupDeletionSchedule.last
gds.update!(marked_for_deletion_on: '2023-03-01')
- run the
adjourned_group_deletion_worker
sidekiq cron job by selecting "Enqueue Now" under Admin, Monitoring, Background Jobs, Cron - observe that the group is deleted and the group deletion schedule is gone
Related to #403878 (closed)