fix(invitation): remove user relation on invitation delete#1678
fix(invitation): remove user relation on invitation delete#1678whoAbhishekSah wants to merge 1 commit into
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughSummary by CodeRabbit
WalkthroughBroadened Service.Delete relation removal to target all relation tuples anchored on the invitation object (no RelationName), and added a regression test that asserts no SpiceDB relations remain for the invitation after AcceptOrganizationInvitation. ChangesInvitation relation cleanup fix
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 2✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Coverage Report for CI Build 27123722556Coverage increased (+0.004%) to 43.414%Details
Uncovered ChangesNo uncovered changes found. Coverage RegressionsNo coverage regressions found. Coverage Stats
💛 - Coveralls |
whoAbhishekSah
force-pushed
the
fix/invitation-relation-cleanup
branch
from
47109aa to
9860a1c
Compare
whoAbhishekSah
force-pushed
the
fix/invitation-relation-cleanup
branch
from
9860a1c to
6ee0e73
Compare
Invitation creation writes two SpiceDB tuples on the invitation object: app/invitation:<id>#user and app/invitation:<id>#org. Delete filtered by the org relation name only, so the #user tuple leaked on every accept, expire, and delete, accumulating orphan relations. Drop the relation-name filter so Delete removes every relation anchored on the invitation object (same pattern role.Delete already uses). Adds an e2e regression assertion: after accepting an invitation, no relation remains on the invitation object. Refs #1661 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
whoAbhishekSah
force-pushed
the
fix/invitation-relation-cleanup
branch
from
6ee0e73 to
51a4eb2
Compare
Manual testing notesTested this against a local Frontier build of this branch (Postgres + SpiceDB). Summary below. What an invitation createsFor each
What we testedCreated a fresh org and two invitations (one for each cleanup path), then checked the DB and SpiceDB before and after:
In both cases SpiceDB had marked the tuples as deleted (it does a soft delete, setting a Bonus: the bug was realBefore running anything, the test DB already had 2 leftover NoteThis PR stops new leaks but does not clean up tuples that already leaked before the fix. Cleaning up existing orphans is a separate task. ✅ Working as expected. |
2 participants
What
Invitation creation writes two SpiceDB tuples anchored on the invitation object:
app/invitation:<id>#user@app/user:<email>app/invitation:<id>#org@app/organization:<org>Invitation.Deletefiltered the relation delete by the org relation name only, so the#usertuple was left behind on every accept, expire, and delete. These orphan tuples accumulated in SpiceDB over time.Fix
Drop the
RelationNamefilter inDeleteso it removes every relation anchored on the invitation object (the same patternrole.Deletealready uses).Acceptalready routes its cleanup throughDelete, so accept is covered too.Test
Extends the existing
TestInvitationAPIaccept flow with an assertion that, after accepting an invitation,ListRelationsreturns no relation on the invitation object. Verified the assertion fails without the fix (leftover#usertuple) and passes with it.Addresses gap (3) of #1661.