yuuvis® RAD Q&A

0 votes
by (200 points)

We are using the recycle bin and want to keep it. Hard delete is no option for us.

For certain object types we restrict delete access, however, because there may be dependencies that would lead to orphan objects, or because deleting the object impacts another object's status. We use custom actions, therefore, that first check what needs to be done, then call a microservice that runs with higher privilege, as recommended elsewhere here in the q&a.

The problem is that we need to provide user credentials to the service for the soft-delete operation, because only user accounts have a recycle bin. When we switch to API-key authentication, a deletion attempt will lead to an error saying the system user doesn't have a recycle bin.

We know that this way of authentication is deprecated, but we know of no other way to get what we want. Are we overlooking something?

1 Answer

0 votes
by (19.9k points)
selected by
 
Best answer

Hi Stephan,

if all objects can be put in the same recycle bin, then you can change your microservice to not use the feign client but use a http framework and do the authentication with user-credentials itself.

If the objects should be put in the recycle bin of the user that started the custom action, the best thing would be to let the microservice return a list of object-IDs (Item-IDs) back to the custom action and then iterate over these within the custom action and call the soft-delete endpoint for each Item-ID. Since the custom action is run in the calling user's context, the objects will be put in this user's recycle bin.

Best regards
Nicolai

by (200 points)
Thanks, Nicolai.

Would the latter approach also work when we the user's roles deny delete access to the object, which is why we need a custom deletion in the first place? Or why would the custom action have higher privilege if it is run with the calling user's context?
by (19.9k points)
No in that case it won't work - it also makes it impossible to put the objects into the recycle bin of that user.
by (200 points)
Then we need to go through the service. Thanks!
...