Bug 1497881

Summary: user accounts which have been deleted can still be added to groups, given systems and loans
Product: [Retired] Beaker Reporter: Dan Callaghan <dcallagh>
Component: generalAssignee: Dan Callaghan <dcallagh>
Status: CLOSED CURRENTRELEASE QA Contact: Anwesha Chatterjee <achatter>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 24CC: achatter, dcallagh, mjia, rjoost
Target Milestone: 24.5Keywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-10-27 06:47:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dan Callaghan 2017-10-03 01:09:16 UTC 
When a user account is "deleted" / removed, we make sure that Beaker also cleans up any resources belonging to that account. The account can no longer log in or submit jobs, however there is currently nothing stopping somebody *else* from giving resources to the account after it is removed.

Specifically it should not be possible to:
* loan a system to a removed account
* change a system's owner to be a removed account
* add a removed account to a group
* add a removed account to a system access policy
because these are all the things that get cleaned up as part of the removal process, so we expect them to stay that way afterwards.
Comment 1 Dan Callaghan 2017-10-06 07:07:22 UTC 
https://gerrit.beaker-project.org/5864 disallow lending systems to deleted users
https://gerrit.beaker-project.org/5865 disallow giving systems to deleted users
https://gerrit.beaker-project.org/5866 disallow adding deleted users to groups
https://gerrit.beaker-project.org/5867 disallow adding deleted users to access policies
Comment 3 Anwesha Chatterjee 2017-10-23 04:27:30 UTC 
Verified that deleted user cannot be  
* loaned to a system
* a system's owner 
* added to a group
* added to a system access policy
Comment 4 Dan Callaghan 2017-10-27 06:47:26 UTC 
Beaker 24.5 has been released.