yii2-usuario icon indicating copy to clipboard operation
yii2-usuario copied to clipboard

Published 20 hours ago verified publisher icon 2amigos

Auth assignment is not removed when user is deleted

Open Eseperio opened this issue 7 years ago • 6 comments

What steps will reproduce the problem?

Create a user, assign a role or permission. Then delete that user.

What is the expected result?

Auth assignments should be removed.

What do you get instead?

Auth assigments stay in db. If users table is replaced with new data users will inherit all users permisions.

Eseperio avatar Dec 08 '17 16:12 Eseperio

The foreign key constraint of all related tables to the user table tbl_user with ON DELETE CASCADE configuration can be a solution to mitigate above.

kartik-v avatar Jan 16 '18 10:01 kartik-v

Agreed with @kartik-v, any help?

tonydspaniard avatar Jan 17 '18 12:01 tonydspaniard

The fix could be to add these foreign key ON DELETE CASCADE constraints in the yii2-usuario migration scripts via ALTER TABLE commands. Currently the documentation suggests to use yii2 default rbac migration at yii/rbac/migrations... this may need to change and the rbac database creation scripts may need to be included within the yii2-usuario migrations here... and the dependency on yii/rbac/migrations can be removed.

Having said that ... not sure why a foreign key constraint for assignmentTable has not been added in yii/rbac/migrations source in the first place - then the integrity check would have been maintained then and there (irrespective of whether the ON DELETE CASCADE constraint exists or not). But I realised that the user module and user table is not a part of core yii framework or its core rbac migration script and hence the constraint is not included.

If we need to retain yii\rbac\migrations.. maybe a third migration script that could be run after the rbac migration script to alter the auth_assignment table and incorporate the foreign key constraint would be useful - or you need to ensure that yii\rbac\migrations is run before the yii2-usuario migrations.

kartik-v avatar Jan 18 '18 10:01 kartik-v

I understand that creating the foreign key would solve the problem, though in this case I'd implement the part that simply deletes the assignments when the User model is deleted in the afterDelete() event.

tsdogs avatar Apr 13 '18 16:04 tsdogs

I'd go for the afterDelete solution too...

maxxer avatar May 10 '18 09:05 maxxer

I'd agree with @kartik-v it will be rezolved with 1 delete query. Else you will have multiple and have to make sure everything works as expected..

TerraSkye avatar May 10 '18 11:05 TerraSkye