Ability to delete user, location, rider responsibility or deliverable.
Opened this issue · 4 comments
There is no delete mechanism in place for users, locations, rider responsibilty or deilverables. They need to be removed without compromising any connections to other tables.
Deleted users also need to be disabled and deleted from cognito.
There could also be a disable user function.
@duckbytes I'm interested in working on this issue.
Nice, thanks.
I think the best way to start would be to allow admins to "disable" a user, vehicle or location. This would require adding that flag to the schema at amplify/backend/api/platelet/schema.graphql. Don't worry about setting auth rules on the schema for now, just don't show the option to anyone who doesn't have the ADMIN role on the front end.
Once that flag is set, any list queries to those models in other parts of the app will need to filter out disabled items.
For disabling a user it will need to be done in a lambda function (look at amplify/backend/function/plateletAdminAddNewUser/src/index.js for an example) so that the user is disabled in cognito as well. You can add lambda mutation functions with amplify add function and then reference it in the schema under type Mutation.
Amplify does some weird behaviour sometimes when things that are linked to other items are fully deleted, so for any full delete a soft delete that just strips the fields on the model might be better. This would also impact deletions to rider responsibility or deliverable types as they are linked to often.
@duckbytes
I got a little confused. Let’s start with the first part on what flag to add. You mean to add a property on User, Location, Vehicle, RiderResponsibility, Deliverable in schema.graphql like disable: Boolean.
Then only someone with ADMIN role can toggle this flag; so I will need a button and write some mutation in src/graphql/mutations.js for those schemas with something like "disableVehicle". Then any component that queries these lists will need a filter function before it renders.
I think disabled: Int! would be best. Set to 1 if disabled or 0 if enabled.
Only admins can make changes to those models so there is no need to do a per flag check on their role. With the exception of the User model, where the person logged in can also change it. However a User should only be disabled by a lambda function anyway, which can be restricted to Admin.
There's no need to write a mutation, you can use DataStore.save instead. With the exception of the User lambda again which should use the appsync client, you can copy the generated mutation updateUser from src/graphql/mutations.js as a basis to a new file in the generated lambda src directory. Remember to run amplify codegen and amplify codegen models after you update the schema so that everything is up to date.
When it comes to querying the list, you can filter in the DataStore query itself. e.g.:
const users = await DataStore.query(models.User, (u) => u.disabled("ne", 1));
https://docs.amplify.aws/lib/datastore/data-access/q/platform/js/ covers some of the DataStore stuff.
If you're using offline mode, the default user won't have the ADMIN role. Edit src/App.js and uncomment lines 44 and 45 to put DataStore and models into the window.
Then open the console and run:
const userQuery = await DataStore.query(models.User, u => u.name("eq", "offline"))
await DataStore.save(models.User.copyOf(userQuery[0], updated => updated.roles = ["USER", "ADMIN", "COORDINATOR", "RIDER"]))
If it worked you should be able to refresh the page and have access to the Admin stuff from the nav menu and also the ability to edit vehicle/user profiles.