Fix deleteUser API to prevent deletion of the caller

[lucas-a-martins]

Description

Currently, ACS allows users to delete themselves by calling the deleteUser API via CLI. Fixing this behavior has been previously suggested in this comment, as it leaves room for errors if users don't pay enough attention (e.g., when using the console's autocomplete feature), since the parameter passed is the user's UUID and it's not easily identifiable to whom this UUID belongs. Furthermore, there's already a feature to prevent a user from deleting themselves via the UI; however, slower environments create a small window where it's possible for the user to click the button before it's disabled, allowing deletion even through the UI (see this comment).

This pull request addresses this issue by adding a validation that checks the caller's UUID and compares it with the UUID of the user they are trying to delete. If they are the same, an exception is thrown.

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• build/CI

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

I tested by creating a new user (Temp) and attempted to delete it using the same user via CloudMonkey.

An exception was thrown, and the user was not deleted.

Next, I attempted to delete the user via the UI by rapidly clicking the delete icon before being disabled. Once again, an exception was thrown without deleting the user as shown in the screenshot above.

🙈 Error: (HTTP 431, error code 4350) The caller is requesting to delete itself. As a security measure, ACS will not allow this operation. To delete user Temp (ID: 02392623-cd84-4695-ba49-ec187742b2cd, Domain: d57f818f-efe2-44e4-810c-820f048c3129), request to another user with permission to execute the operation. ```

[DaanHoogland]

clgtm, not sure if a unit test is in order for this, @lucas-a-martins ?

[lucas-a-martins]

clgtm, not sure if a unit test is in order for this, @lucas-a-martins ?

@DaanHoogland thanks for your review and approval. I've added some unit tests in the latest commit. Could you take a look and let me know what you think?

[DaanHoogland]

thanks @lucas-a-martins looks like you test both main possibilities 👍

[DaanHoogland]

@blueorangutan package

[blueorangutan]

@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[codecov]

Codecov Report

Attention: Patch coverage is 90.90909% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 30.96%. Comparing base (592038a) to head (fb606c6).
Report is 1 commits behind head on main.

Files	Patch %	Lines
...oudstack/api/command/admin/user/DeleteUserCmd.java	66.66%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #8691      +/-   ##
============================================
+ Coverage     23.14%   30.96%   +7.82%     
- Complexity    23348    33470   +10122     
============================================
  Files          5219     5355     +136     
  Lines        353412   375732   +22320     
  Branches      50883    54916    +4033     
============================================
+ Hits          81805   116358   +34553     
+ Misses       259762   243912   -15850     
- Partials      11845    15462    +3617     

Flag	Coverage Δ
simulator-marvin-tests	24.84% <54.54%> (+0.02%)	⬆️
uitests	4.36% <ø> (ø)
unit-tests	16.57% <72.72%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[blueorangutan]

Packaging result [SF]: ✖️ el7 ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 8767

[vishesh92]

clgtm

[vishesh92]

@blueorangutan package

[blueorangutan]

@vishesh92 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✖️ el7 ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 8772

[blueorangutan]

Packaging result [SF]: ✖️ el7 ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 8783

[blueorangutan]

Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 8788

[DaanHoogland]

@blueorangutan test alma9 kvm-alma9

[blueorangutan]

@DaanHoogland a [SL] Trillian-Jenkins test job (alma9 mgmt + kvm-alma9) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-9330)
Environment: kvm-alma9 (x2), Advanced Networking with Mgmt server a9
Total time taken: 48583 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr8691-t9330-kvm-alma9.zip
Smoke tests completed. 129 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File