X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/48b87a694a78f09e8e7c6d05212f1e21aa2423d3..31c6426b70e2b277087188dad2b9b346c904f30b:/services/api/app/models/user.rb

diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index e2c4130b0c..b86ac6c975 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -111,27 +111,12 @@ class User < ArvadosModel
 
   def self.setup(user, openid_prefix, repo_name=nil, vm_uuid=nil)
     login_perm_props = {identity_url_prefix: openid_prefix}
-    if user.uuid
-      found = User.find_by_uuid user.uuid
-    end
-
-    if !found
-      if !user.email
-        raise "No email found in the input. Aborting user creation."
-      end
-
-      if !user.save
-        raise "Save failed"
-      end
-    else
-      user = found
-    end
 
     # Check oid_login_perm
     oid_login_perms = Link.where(tail_uuid: user.email,
-                                head_kind: 'arvados#user',
-                                link_class: 'permission',
-                                name: 'can_login')
+                                   head_kind: 'arvados#user',
+                                   link_class: 'permission',
+                                   name: 'can_login')
 
     if !oid_login_perms.any?
       # create openid login permission
@@ -148,30 +133,60 @@ class User < ArvadosModel
       oid_login_perm = oid_login_perms.first
     end
 
-    # create repo, vm, and group links
-    response = {user: user, oid_login_perm: oid_login_perm}
-
-    user.setup_repo_vm_links(repo_name, vm_uuid, response)
-
-    return response
+    return [oid_login_perm] + user.setup_repo_vm_links(repo_name, vm_uuid)
   end 
 
   # create links
-  def setup_repo_vm_links(repo_name, vm_uuid, response)
+  def setup_repo_vm_links(repo_name, vm_uuid)
     repo_perm = create_user_repo_link repo_name
-    if repo_perm
-      response[:repo_perm] = repo_perm
+    vm_login_perm = create_vm_login_permission_link vm_uuid, repo_name
+    group_perm = create_user_group_link
+
+    return [repo_perm, vm_login_perm, group_perm, self].compact
+  end 
+
+  # delete user signatures, login, repo, and vm perms, and mark as inactive
+  def unsetup
+    # delete oid_login_perms for this user
+    oid_login_perms = Link.where(tail_uuid: self.email,
+                                 head_kind: 'arvados#user',
+                                 link_class: 'permission',
+                                 name: 'can_login')
+    oid_login_perms.each do |perm|
+      Link.delete perm
     end
 
-    vm_login_perm = create_vm_login_permission_link vm_uuid, repo_name
-    if vm_login_perm
-      response[:vm_login_perm] = vm_login_perm
+    # delete repo_perms for this user
+    repo_perms = Link.where(tail_uuid: self.uuid,
+                            head_kind: 'arvados#repository',
+                            link_class: 'permission',
+                            name: 'can_write')
+    repo_perms.each do |perm|
+      Link.delete perm
     end
 
-    group_perm = create_user_group_link
-    if group_perm
-      response[:group_perm] = group_perm
+    # delete vm_login_perms for this user
+    vm_login_perms = Link.where(tail_uuid: self.uuid,
+                                head_kind: 'arvados#virtualMachine',
+                                link_class: 'permission',
+                                name: 'can_login')
+    vm_login_perms.each do |perm|
+      Link.delete perm
     end
+
+    # delete any signatures by this user
+    signed_uuids = Link.where(link_class: 'signature',
+                              tail_kind: 'arvados#user',
+                              tail_uuid: self.uuid)
+    signed_uuids.each do |sign|
+      Link.delete sign
+    end
+
+    # mark the user as inactive
+    self.is_active = false
+    self.save!
+
+    return self
   end 
 
   protected