DeD1rk
commented
5 months ago A simple solution without any new model/fields would be to just make a periodic task (similar to mailinglist sync) that compares the list of staff members with the gsuite accounts in members.thalia.nu, creates any missing accounts and suspends other accounts.
But then we do still have the updating (on username change) and deletion timing that is fragile. So the more complete solution would be to add a model with FK to user, the username on gsuite, and suspension timestamp. Then periodically:
- Create gsuite account (and such a model) for each staff member that doesn't have one yet.
- Update any account where the member__username doesnt match the gsuite username.
- Suspend any account where the user is no longer staff (and set the suspension timestamp).
- Delete any account that's been suspended for some time.
Describe the bug
Google Workplace users don't seem to be suspended. For example, Sebastiaan Versteeg's account remained (I suspended it by hand to test things out). I have looked for some other people and they still all have accounts so I think it's just broken
How to reproduce
Yeah that's the thing
Expected behaviour
Properly remove accounts when people are no longer active anymore.
I think it would be good improve the logic a little bit: make a model in some app with a one-to-on field to a member, registering the fact that this person should have an account (or not), and possible a date that the account should be removed. Then the sync logic can at least be made more readable, more versatile and the sync can be made idempotent.
Screenshots
Additional context