[MAGNOLIA-4806] MgnlUserManager is missing method to delete user Created: 30/Jan/13  Updated: 19/May/22  Resolved: 19/May/22

Status: Closed
Project: Magnolia
Component/s: core, security
Affects Version/s: 4.5.6
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Will Scheidegger Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: core, usermanager
Remaining Estimate: 0.25d
Time Spent: Not Specified
Original Estimate: 0.25d

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Users cannot be deleted anymore. MgnlUser.getUserNode() is deprecated in a harsh way (throwing an UnsupportedOperationException) and its JavaDoc links to wrong replacement methods. When looking at the user manager classes, no methods to delete users can be found and the methods that could help you get the job done are protected. The following ugly hack solves the problem, but... seriously?

Ugly hack to delete a user
        UserManager userManager = SecuritySupport.Factory.getInstance().getUserManager(userManagerName);
        // get the existing user
        MgnlUser user = (MgnlUser) userManager.getUser("some_username");
        if (user != null) {
            Method method = MgnlUserManager.class.getDeclaredMethod("getRepositoryName", new Class[0]);
            method.setAccessible(true);
            String repositoryName = (String) method.invoke(userManager, new Object[0]);
            Session session = MgnlContext.getJCRSession(repositoryName);
            method = MgnlUserManager.class.getDeclaredMethod("findPrincipalNode", String.class, Session.class);
            method.setAccessible(true);
            Node userNode = (Node) method.invoke(userManager, user.getName(), session);
            if (activateUserAfterModification()) {
                // Are we on the author instance?
                if (ServerConfiguration.getInstance().isAdmin()) {
                    deactivateUser(user);
                }
            }
            userNode.remove();
            session.save();
        }


 Comments   
Comment by Roman Kovařík [ 19/May/22 ]

Hello,

This ticket is now marked as closed due to one of the following reasons:

  • A long period of inactivity
  • Uses an old or Beta version of an application, module, or framework that we no longer support
  • The issue is no longer reproducible or has been fixed in later versions

If you are still facing a problem or consider this issue still relevant, please feel free to re-open the ticket and we will reach out to you.

Thank you,
The Magnolia Team

Generated at Mon Feb 12 03:59:13 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.