Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BC-5628 cyclic data deletion #4557

Merged
merged 116 commits into from
Nov 28, 2023
Merged

Conversation

bn-pass
Copy link
Contributor

@bn-pass bn-pass commented Nov 15, 2023

Description

Links to Tickets or other pull requests

https://ticketsystem.dbildungscloud.de/browse/BC-5628

Changes

Datasecurity

Deployment

New Repos, NPM pakages or vendor scripts

Approval for review

  • DEV: If api was changed - generate-client:server was executed in vue frontend and changes were tested and put in a PR with the same branch name.
  • QA: In addition to review, the code has been manually tested (if manual testing is possible)
  • All points were discussed with the ticket creator, support-team or product owner. The code upholds all quality guidelines from the PR-template.

Notice: Please remove the WIP label if the PR is ready to review, otherwise nobody will review it.

WojciechGrancow and others added 30 commits October 19, 2023 23:19
@bn-pass bn-pass removed the WIP This feature branch is in progress, do not merge into master. label Nov 17, 2023
@bn-pass bn-pass requested a review from SevenWaysDP November 22, 2023 02:02
Copy link
Member

@mamutmk5 mamutmk5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do not the deletion cronjob execute the deletion and why do it call the api?
Form me it's look like the code base has all what you need to delete the data at database and so on.
From my view the cyclic data deletion cron job should work without an server api call and execute the delition self, it's more secure.

@bn-pass
Copy link
Contributor Author

bn-pass commented Nov 22, 2023

Why do not the deletion cronjob execute the deletion and why do it call the api? Form me it's look like the code base has all what you need to delete the data at database and so on. From my view the cyclic data deletion cron job should work without an server api call and execute the delition self, it's more secure.

@mamutmk5 It shouldn't be like that as it's an anti-pattern: this way the CronJob would get a "side access" to the main schulcloud-server's database. According to the best standards only the schulcloud-server should have access to its own database, no other apps/jobs should have a direct access and manipulate the main schulcloud-server database's data. That's why we've only put the trigger to delete the data in the CronJob, but the main operation execution remains in the schulcloud-server's deployment responsibility (which is exposed through the Admin API).

@bn-pass bn-pass requested a review from mamutmk5 November 22, 2023 16:27
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

100.0% 100.0% Coverage
0.0% 0.0% Duplication

@WojciechGrancow WojciechGrancow merged commit af700bb into main Nov 28, 2023
46 of 47 checks passed
@WojciechGrancow WojciechGrancow deleted the BC-5628-cyclic-data-deletion branch November 28, 2023 09:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants