deleted or merged persons/teams can have memberships left over which cannot be revoked

Bug #393914 reported by Daniel Holbach
24
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Critical
Curtis Hovey

Bug Description

Symptoms
========

Delete user foo (or team foo). Someone else adds foo to a team at the same time. After the delete the user or team will still be in the new team (sometimes).

A 403 will be raised if the merged team was private. Even if the team was deactivated,
the +members page can not be viewed by team admins because no one has permission to
view the merged team.

Diagnosis
=========

When person foo is deleted / merged a job executes to remove all the teams / memberships. This is naturally racey - unless it is delayed longer than the longest possible web transaction, it will not see all newly added memberships, and there are nothing causing contention on common rows, so neither transaction will fail.

The current situation is that we run the update job after most transactions so new occurrences of this should be fairly rare (but short of an audit, not impossible).

Possible solutions
==================

* Run a garbo job looking for memberships of deleted person/teams.

* Ensure that the purge process runs after *all* possible transactions adding membership (and team participation) rows... web ops, scripts, backend jobs.

A garbo job will have progressively slower performance but is simple to implement.

Related branches

Revision history for this message
Daniel Holbach (dholbach) wrote :

This currently breaks a script I need to get the loco-directory rolling. :-)

Curtis Hovey (sinzui)
Changed in launchpad-registry:
importance: Undecided → Low
status: New → Triaged
Tom Haddon (mthaddon)
tags: added: canonical-losa-lp
Curtis Hovey (sinzui)
tags: added: merge-deactivate
Revision history for this message
Curtis Hovey (sinzui) wrote :

I think we want a garbo job to clean this up daily.

Changed in launchpad:
importance: Low → High
tags: added: 404
Revision history for this message
Robert Collins (lifeless) wrote :

There are race conditions here; adding FOO to team BAR does not alter the FOO row itself, so no conflict is generated. So yes, a garbo job is indeed needed.

summary: - ~team membership of ~X-merged can not be deactivated
+ deleted or merged persons/teams can have memberships left over which
+ cannot be revoked
description: updated
Revision history for this message
Curtis Hovey (sinzui) wrote :

There is a secondary case where the team merged team is already deactivated and it continues to be listed, but a 403 error will be raised because both the object and the page cannot be accessed even by Lp admins.

Changed in launchpad:
assignee: nobody → Curtis Hovey (sinzui)
importance: High → Critical
description: updated
tags: added: 403
tags: added: privacy teams
Curtis Hovey (sinzui)
Changed in launchpad:
status: Triaged → In Progress
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :
tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
Curtis Hovey (sinzui)
tags: added: qa-ok
removed: qa-needstesting
Curtis Hovey (sinzui)
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.