d-maurer
commented
3 years ago Georg Pfolz wrote at 2021-4-22 03:18 -0700:
After removing a user in the ZODB User Manager, its entry remains in the ZODB Role Manager.
Is this deliberately so? I could imagine that re-adding the user later with the same User ID would regrant him/her the same roles. I'm not sure if I like the idea...
Wouldn't it be better to remove the deleted users from ZODB Role Manager also?
It is a side effect of the modular design of PAS: each plugin is responsible for a single task (e.g. manage users, manage roles, etc) with minimal interaction between the various plugins.
In my view, you should not expect updates of other plugins when you locally modify a plugin (e.g. the user manager). It is a different matter when you use methods of the user folder itself: those methods might know that deleting a user may affect various plugins and coordinate their updates (however, likely they do not yet do it).
In summary: from a semantic point of view, deleting a user should also delete records involving this user (e.g. associated roles). However, from the PAS architecture, this is not natural.
Look at the source code to find out whether deleting a user notifies an event. If this is the case, then you could register a subscriber for that event and update the dependent plugins used in your setup.
georgpfolz
After removing a user in the ZODB User Manager, its entry remains in the ZODB Role Manager.
Is this deliberately so? I could imagine that re-adding the user later with the same User ID would regrant him/her the same roles. I'm not sure if I like the idea...
Wouldn't it be better to remove the deleted users from ZODB Role Manager also?