Updating the users in the database

[jonnybazookatone]

Periodically users may remove their accounts on the API. This deletion should be forwarded to the libraries user databases and any of the related libraries of that user. Two ways to carry this out:

1. Periodically update the database by comparing the two databases.
2. Receive a signal from the API that this user has been removed.

[jonnybazookatone]

For now we will go for option of a cronjob, and in the future we may have asynchronous updates using RabbitMQ.

[jonnybazookatone]

I think the following will suffice:

class RemoveStaleUsers(object):

    list_of_api_users = response.get(url_for('user_endpoint')).json()

    list_of_service_users = [user.absolute_id in Users.query.all()]

    removal_list = []
    for service_user in Users.query.all():
        if service_user.absolute_uid not in list_of_api_users:
            try:
                # other related deletions
                ... 
                db.session.delete(service_user)
            except:
                db.session.rollback()

    db.session.commit()

Also, must pay attention to how deletions are propogated to libraries and permissions, which can be a mess in principle. When a User is deleted, any Permission that user has, and also the Libraries, must be deleted. Should check if this can be done natively by SQLAlchemy. Need to do the following:

• Delete all the libraries for which the user is the owner
• For all of the libraries for which the user is the owner, should delete the permissions for all other libraries (this should occur if cascade is on)
• Delete all other permissions for which the user is not the owner

As for the testing, need to have either stub data or a mocking service for the API database. Makes more sense to have stub data, but must cover all the cases outlined in the previous list.

[jonnybazookatone]

So, the following should work:

1. Delete all the libraries the user owns - this should delete all associated permissions via cascade (both the users and all other external users)

[jonnybazookatone]

This would then be:

class RemoveStaleUsers(object):

    list_of_api_users = response.get(url_for('user_endpoint')).json()

    list_of_service_users = [user.absolute_id in Users.query.all()]

    removal_list = []
    for service_user in Users.query.all():
        if service_user.absolute_uid not in list_of_api_users:
            try:
                # other related deletions
                libraries, permissions = db.session.query(Permissions, Libraries)
                                         .join(Permissions.library)
                                         .filter(Permissions.user_id == service_user.id)
                                         .all()     
                [db.session.delete(library) for library in libraries]           
                db.session.delete(service_user)
            except:
                db.session.rollback()
    db.session.commit()