Skip to content

Fix admin_mode enforcement in AdjournedGroupDeletionWorker

Andrew Evans requested to merge 403878-atevans-fix-delayed-group-deletion-with-admin-mode into master

What does this MR do and why?

Currently if the admin_mode and group + project deletion protection are enabled, a group with projects cannot be deleted. The admin_mode session value is not persisted to Sidekiq when GroupDestroyWorker is called by AdjournedGroupDeletionWorker .

This MR allows passing an admin_mode flag to GroupDestroyWorker , which will create a temporary admin session to delete the group. This ensures other polcy checks such as blocking or user permissions are still enforced, while bypassing the admin_mode check, which should only be checked when the deletion is scheduled.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Steps to reproduce

  • ensure you are not simulating SaaS locally, this is easier to reproduce on SM
  • enable "Admin mode" under Admin, Settings, General, Sign-in restrictions
  • set "Allowed to delete projects" to "Administrators" under Admin, Settings, General, Visibility and access controls
  • set "Deletion Protection" to "Keep deleted groups only for 7 days" under Admin, Settings, General, Visibility and access controls
  • as an Admin user, create a group with a project
  • as the admin user, remove the group via the group settings page (not from the admin groups page)
  • update the group deletion schedule date to more than 7 days in the past, via the console:
pp GroupDeletionSchedule.all
gds = GroupDeletionSchedule.last
gds.update!(marked_for_deletion_on: '2023-03-01')
  • run the adjourned_group_deletion_worker sidekiq cron job by selecting "Enqueue Now" under Admin, Monitoring, Background Jobs, Cron
  • observe that the group is deleted and the group deletion schedule is gone

Related to #403878 (closed)

Merge request reports