Workspace owner is not able to delete a workspace.

crossid / accessbot

Streamline resource access grants with AI-Powered chatbot

https://www.crossid.io

Other

2 stars 0 forks source link

Workspace owner is not able to delete a workspace. #105

Closed asaf closed 6 months ago

asaf commented 6 months ago

Yields Not authorized to delete this workspace

ErezSha commented 6 months ago

@asaf I think you might hit the following scenario:

Log in to a workspace 1 with a user -> get a token with workspace_id 1
Create a workspace number 2.
Try to delete workspace number 2 with the token from step 1 -> workspace_id on the token is different from the workspace_id you're trying to delete.

If I'm correct that this is the scenario, we need to decide - When deleting a workspace, does the user must login to the workspace beforehand?

If I'm incorrect about the scenario, I'll need help reproducing.

asaf commented 6 months ago

I don't think we should allow any method after workspace creation without being a member of the workspace general except what is mandatory, which is workspace creation and auth configuration (maybe even this should be avoided)

I tried with the token where the user is member of the org.

ErezSha commented 6 months ago

@asaf It works fine for me when I try to delete a workspace which I'm a member of. Maybe you can debug and see which condition fails?

asaf commented 6 months ago

there was a static _workspaceid set with some value on the notebook, cleaned it up. Still getting:

update or delete on table "workspaces" violates foreign key constraint "checkpoints_workspace_id_fkey" on table "checkpoints"
DETAIL:  Key (id)=(Ba0tzOD2lo) is still referenced from table "checkpoints".

I'm assigning this issue to you to clean up checkpoints.