Skip to content

user deletion after effects#42

Open
praveen-bhosle wants to merge 1 commit into
mainfrom
fix/user-deletion-after-effects
Open

user deletion after effects#42
praveen-bhosle wants to merge 1 commit into
mainfrom
fix/user-deletion-after-effects

Conversation

@praveen-bhosle

@praveen-bhosle praveen-bhosle commented Jun 24, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Description

This PR ensures that when a user is deleted from the system, their license assignment, and access permissions are cleanly purged. Specifically, it removes the user from the users_list of the single license they are assigned to and deletes their relation tuples from the Ory Keto database to prevent orphaned access rights.

What’s Included

  • Logic to automatically locate the license associated with the user and remove the user ID from its users_list upon user deletion.
  • Integration with Ory Keto to clean up and delete all relation tuples associated with the deleted user.
  • Database clean-up handlers/hooks triggered on the user delete event.

Why This Change

Without this change, deleting a user leaves orphaned references inside its assigned license and stale permission tuples inside the Keto DB. Since a user is tied to exactly one license, ensuring this precise cleanup maintains data consistency across our primary database and authorization layer while closing potential security gaps.

Acceptance Criteria

  • Deleting a user successfully updates their associated license by removing them from its users_list.
  • Deleting a user triggers a call to Keto that completely purges their relation tuples.

How to Test

  1. Run the updated test suite targeting access control and user deletion:
pytest tests/integration/access/test_check_access.py
  1. Verify License Cleanup Logic: Ensure test_check_access correctly asserts that after a user deletion event, fetching the assigned license returns a users_list that no longer contains the deleted user's ID.
  2. Verify Keto Tuple Cleanup Logic: Ensure the test successfully calls get_access_relations post-deletion and asserts that all relation tuples associated with that user have been completely purged from Keto.

Tech Guide

  • Hooked into the user deletion service layer to cascade cleanups.
  • Optimized query to target and update the specific single license the user belongs to rather than a bulk lookup.
  • Added a Keto client wrapper call to handle the deletion of relation tuples via the Keto Write API.
  • Testing: Updated test_check_access to act as an integration test verifying both the DB license array update and the Keto tuple eviction via get_access_relations.

Checklist

  • Self-reviewed my code
  • Added comments for complex logic
  • Added/updated tests
  • All tests pass locally
  • Have added Tech Guide and User Guide

@praveen-bhosle praveen-bhosle linked an issue Jun 24, 2026 that may be closed by this pull request
user deletion after effects #26
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amoghar29 amoghar29 amoghar29 approved these changes
@LeastAction-Labs LeastAction-Labs Awaiting requested review from LeastAction-Labs

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

user deletion after effects

2 participants

@praveen-bhosle @amoghar29