refactor(guard): user can be deleted only if he owns no projects (#237)

forestileao · web-flow · commit 23cc5d09abcb · 2025-04-23T12:12:16.000-03:00
diff --git a/guard/lib/guard/api/project.ex b/guard/lib/guard/api/project.ex
@@ -43,6 +43,20 @@ defmodule Guard.Api.Project do
     end
   end
 
+  def user_has_any_project?(user_id) do
+    {:ok, channel} = GRPC.Stub.connect(Application.fetch_env!(:guard, :projecthub_grpc_endpoint))
+
+    req = build_list_by_owner_id_request(user_id, 1)
+
+    case InternalApi.Projecthub.ProjectService.Stub.list(channel, req, timeout: 30_000) do
+      {:ok, response} when response.metadata.status.code == 0 ->
+        response.projects |> length > 0
+
+      _ ->
+        false
+    end
+  end
+
   defp delete_project(channel, project_id, org_id, user_id) do
     req =
       InternalApi.Projecthub.DestroyRequest.new(
@@ -62,12 +76,22 @@ defmodule Guard.Api.Project do
     end
   end
 
-  defp build_list_by_org_id_request(org_id, page) do
+  defp build_list_by_org_id_request(org_id, page),
+    do: build_list_request(org_id: org_id, page: page)
+
+  defp build_list_by_owner_id_request(owner_id, page),
+    do: build_list_request(owner_id: owner_id, page: page)
+
+  def build_list_request(opts) do
     InternalApi.Projecthub.ListRequest.new(
-      metadata: InternalApi.Projecthub.RequestMeta.new(org_id: org_id),
+      metadata:
+        InternalApi.Projecthub.RequestMeta.new(
+          user_id: opts[:owner_id] || "",
+          org_id: opts[:org_id] || ""
+        ),
       pagination:
         InternalApi.Projecthub.PaginationRequest.new(
-          page: page,
+          page: opts[:page] || 1,
           page_size: @project_page_size
         )
     )
diff --git a/guard/lib/guard/grpc_servers/user_server.ex b/guard/lib/guard/grpc_servers/user_server.ex
@@ -306,6 +306,10 @@ defmodule Guard.GrpcServers.UserServer do
           User.User.new(id: user_id)
 
         {:ok, user} ->
+          if Guard.Api.Project.user_has_any_project?(user_id) do
+            grpc_error!(:invalid_argument, "User #{user_id} is owner of projects.")
+          end
+
           handle_delete_with_owned_orgs(user.id)
       end
     end)
diff --git a/guard/test/guard/grpc_servers/user_server_test.exs b/guard/test/guard/grpc_servers/user_server_test.exs
@@ -590,22 +590,80 @@ defmodule Guard.GrpcServers.UserServerTest do
 
       request = User.DeleteWithOwnedOrgsRequest.new(user_id: user.id)
 
-      {:ok, response} = channel |> Stub.delete_with_owned_orgs(request)
+      with_mock InternalApi.Projecthub.ProjectService.Stub,
+        list: fn _channel, _req, _opts ->
+          {:ok,
+           InternalApi.Projecthub.ListResponse.new(
+             metadata: InternalApi.Projecthub.ResponseMeta.new(status: %{code: 0}),
+             projects: []
+           )}
+        end do
+        {:ok, response} = channel |> Stub.delete_with_owned_orgs(request)
+
+        id = user.id
+        assert %User.User{id: ^id} = response
+
+        # check if the user is deleted
+        assert nil == FrontRepo.get(FrontRepo.User, id)
+        assert nil == FrontRepo.get(FrontRepo.RepoHostAccount, repo_host_account.id)
+        assert nil == FrontRepo.get(FrontRepo.Member, member.id)
+
+        receive do
+          {:user_deleted_test, received_message} ->
+            user_deleted = User.UserDeleted.decode(received_message)
+            assert user_deleted.user_id == user.id
+        after
+          5000 -> flunk("Timeout: Message not received within 5 seconds")
+        end
+      end
+    end
 
-      id = user.id
-      assert %User.User{id: ^id} = response
+    test "delete_with_owned_orgs should not delete the user if he has owned projects", %{
+      grpc_channel: channel
+    } do
+      {:ok, user} = Support.Factories.RbacUser.insert()
+      {:ok, _oidc_user} = Support.Factories.OIDCUser.insert(user.id)
 
-      # check if the user is deleted
-      assert nil == FrontRepo.get(FrontRepo.User, id)
-      assert nil == FrontRepo.get(FrontRepo.RepoHostAccount, repo_host_account.id)
-      assert nil == FrontRepo.get(FrontRepo.Member, member.id)
+      {:ok, _} =
+        Support.Members.insert_user(
+          id: user.id,
+          email: user.email,
+          name: user.name
+        )
 
-      receive do
-        {:user_deleted_test, received_message} ->
-          user_deleted = User.UserDeleted.decode(received_message)
-          assert user_deleted.user_id == user.id
-      after
-        5000 -> flunk("Timeout: Message not received within 5 seconds")
+      {:ok, _repo_host_account} =
+        Support.Members.insert_repo_host_account(
+          login: "test",
+          name: "test",
+          github_uid: "123123",
+          user_id: user.id,
+          token: "token",
+          revoked: false,
+          permission_scope: "repo"
+        )
+
+      {:ok, _member} = Support.Members.insert_member(github_uid: "123123")
+
+      request = User.DeleteWithOwnedOrgsRequest.new(user_id: user.id)
+
+      with_mock InternalApi.Projecthub.ProjectService.Stub,
+        list: fn _channel, _req, _opts ->
+          {:ok,
+           InternalApi.Projecthub.ListResponse.new(
+             metadata: InternalApi.Projecthub.ResponseMeta.new(status: %{code: 0}),
+             projects: [
+               %InternalApi.Projecthub.Project{
+                 metadata: InternalApi.Projecthub.RequestMeta.new(user_id: user.id)
+               }
+             ]
+           )}
+        end do
+        {:error, grpc_error} = channel |> Stub.delete_with_owned_orgs(request)
+
+        assert %GRPC.RPCError{
+                 status: GRPC.Status.invalid_argument(),
+                 message: "User #{user.id} is owner of projects."
+               } == grpc_error
       end
     end
 
