Skip to content

feat(graphql): add deleteOwner mutation for self-serve account deletion#1419

Open
thomasrockhu-codecov wants to merge 1 commit into
mainfrom
th/self-serve-account-deletion
Open

feat(graphql): add deleteOwner mutation for self-serve account deletion#1419
thomasrockhu-codecov wants to merge 1 commit into
mainfrom
th/self-serve-account-deletion

Conversation

@thomasrockhu-codecov

Copy link
Copy Markdown
Contributor

Summary

  • Adds a deleteOwner GraphQL mutation so a user can delete their own personal account or an organization they administer.
  • The DeleteOwnerInteractor authorizes with ensure_is_admin (covers both a user deleting themselves and an org admin) and routes the deletion through TaskService().delete_owner(ownerid=...) — the same code path the Django admin OwnerAdmin.delete_model / delete_queryset use, so self-serve deletions are marked, obfuscated, and hard-deleted identically to staff-initiated ones.
  • Wires the mutation into the schema/resolver registry following the existing mutation pattern.

Details

New files:

  • codecov_auth/commands/owner/interactors/delete_owner.py
  • graphql_api/types/inputs/delete_owner.graphql
  • graphql_api/types/mutation/delete_owner/ (delete_owner.graphql, delete_owner.py, __init__.py)

Registration:

  • codecov_auth/commands/owner/owner.py (delete_owner command)
  • graphql_api/types/mutation/{mutation.graphql, mutation.py, __init__.py}

Errors returned via the standard union: UnauthenticatedError | UnauthorizedError | NotFoundError.

Test plan

  • DeleteOwnerInteractor unit tests: unauthenticated → Unauthenticated; unknown owner → NotFound; non-admin/non-member → Unauthorized; personal account and org-admin paths call TaskService.delete_owner with the correct ownerid.
  • deleteOwner mutation tests: dispatch to command, unauthenticated error, personal-account deletion succeeds, deleting another owner is unauthorized.
  • CI runs the full pytest suite (requires Postgres; not runnable locally in this environment).

Made with Cursor

Adds a `deleteOwner` GraphQL mutation so users can delete their own
personal account or an organization they administer. The interactor
authorizes via `ensure_is_admin` (covering both a user deleting
themselves and an org admin) and routes the deletion through
`TaskService().delete_owner`, the same code path the Django admin uses.

Co-authored-by: Cursor <cursoragent@cursor.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant