Remove group permissions on delete event

2025-07-29 18:19:44 +02:00 · 2018-03-09 09:51:44 +00:00 · 2018-03-09 09:51:44 +00:00 · 359e0e29eb
commit 359e0e29eb
parent 1c4a4424e5
7 changed files with 236 additions and 142 deletions
--- a/domain/group/endpoint.go
+++ b/domain/group/endpoint.go
@ -202,6 +202,7 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	// Delete group and associated membership data
 	_, err = h.Store.Group.Delete(ctx, g.RefID)
 	if err != nil {
 		ctx.Transaction.Rollback()
@ -210,6 +211,15 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	// Delete permissions associated with group
+	_, err = h.Store.Permission.DeleteGroupPermissions(ctx, groupID)
+	if err != nil {
+		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
 	ctx.Transaction.Commit()

 	h.Store.Audit.Record(ctx, audit.EventTypeGroupDelete)
--- a/domain/permission/mysql/store.go
+++ b/domain/permission/mysql/store.go
@ -289,3 +289,13 @@ func (s Scope) DeleteSpaceCategoryPermissions(ctx domain.RequestContext, spaceID

 	return b.DeleteWhere(ctx.Transaction, sql)
 }
+
+// DeleteGroupPermissions removes all roles for the specified group
+func (s Scope) DeleteGroupPermissions(ctx domain.RequestContext, groupID string) (rows int64, err error) {
+	b := mysql.BaseQuery{}
+
+	sql := fmt.Sprintf("DELETE FROM permission WHERE orgid='%s' AND who='role' AND whoid='%s'",
+		ctx.OrgID, groupID)
+
+	return b.DeleteWhere(ctx.Transaction, sql)
+}
--- a/domain/storer.go
+++ b/domain/storer.go
@ -88,17 +88,18 @@ type PermissionStorer interface {
 	AddPermissions(ctx RequestContext, r permission.Permission, actions ...permission.Action) (err error)
 	GetUserSpacePermissions(ctx RequestContext, spaceID string) (r []permission.Permission, err error)
 	GetSpacePermissions(ctx RequestContext, spaceID string) (r []permission.Permission, err error)
-	DeleteSpacePermissions(ctx RequestContext, spaceID string) (rows int64, err error)
-	DeleteUserSpacePermissions(ctx RequestContext, spaceID, userID string) (rows int64, err error)
-	DeleteUserPermissions(ctx RequestContext, userID string) (rows int64, err error)
-	DeleteCategoryPermissions(ctx RequestContext, categoryID string) (rows int64, err error)
-	DeleteSpaceCategoryPermissions(ctx RequestContext, spaceID string) (rows int64, err error)
 	GetCategoryPermissions(ctx RequestContext, catID string) (r []permission.Permission, err error)
 	GetCategoryUsers(ctx RequestContext, catID string) (u []user.User, err error)
 	GetUserCategoryPermissions(ctx RequestContext, userID string) (r []permission.Permission, err error)
 	GetUserDocumentPermissions(ctx RequestContext, documentID string) (r []permission.Permission, err error)
 	GetDocumentPermissions(ctx RequestContext, documentID string) (r []permission.Permission, err error)
 	DeleteDocumentPermissions(ctx RequestContext, documentID string) (rows int64, err error)
+	DeleteSpacePermissions(ctx RequestContext, spaceID string) (rows int64, err error)
+	DeleteUserSpacePermissions(ctx RequestContext, spaceID, userID string) (rows int64, err error)
+	DeleteUserPermissions(ctx RequestContext, userID string) (rows int64, err error)
+	DeleteCategoryPermissions(ctx RequestContext, categoryID string) (rows int64, err error)
+	DeleteSpaceCategoryPermissions(ctx RequestContext, spaceID string) (rows int64, err error)
+	DeleteGroupPermissions(ctx RequestContext, groupID string) (rows int64, err error)
 }

 // UserStorer defines required methods for user management