No way to delete api users or web backends from the web ui

[darylrobbins]

As far as I can tell, there is currently no way to remove an API user (you can disable them though) or a web backend.

[brylie]

This seems to be a two part question. What do you mean by 'web backends' in your issue title?

Do you mean 'API Backends', as the admin menu indicates (Configuration > API Backends)? If so, you may delete an API Backend by clicking the 'Delete API' link below the 'Save' button.

[darylrobbins]

Thanks for responding. This was actually more of a feature requests/bug report than a question. I decided to group two missing delete links into one issue.

In addition to API Backends, version 0.8.0 added Web Backends (api.data.gov#146). There are available from the same menu as the latter. However, unlike API Backends, they don't have a corresponding Delete link. I suspect this was an omission.

The other part was the inability to delete users. This may possibly be by design to preserve the integrity of the analytics. However, it's kind of annoying to not be able to delete a user before they have made any significant contribution to the analytics (i.e. if they were created in error in the first place).

[GUI]

Oops, the inability to delete Website Backends was definitely an oversight. That should be fixed in master with NREL/api-umbrella-web#13

The inability to delete users was indeed by design for analytics purposes (as you had guessed). That being said, if you feel like deleting users would be useful, that shouldn't be too difficult to implement.

Although, it might be worth noting that we don't actually delete any records in the admin currently. Instead, we perform soft deletes everywhere else in the admin, so when you "delete" an API Backend or Website Backend, the data is still there, it just sets a deleted_at flag on the record in the database and then hides it from view in the admin

If we took a similar approach for API users, then a "deleted" API user would be extremely similar to the concept of a disabled user which we already implement, with the difference simply being whether or not we show the API user in the admin. Of course, we could actually delete records, but I personally tend to be delete-averse in production systems, but that might just be me. If we were to take the soft delete approach for users, would this distinction between deleted and disabled accounts still be valuable to you? I can see how a delete (even if it's a soft delete) might be useful if you're wanting to tidy up some test accounts. But let me know if you have any thoughts or preferences.

[darylrobbins]

Problem

Well, I see several scenarios for wanting to "delete" a user:

1. Elimination of a test account
2. To correct an error made when creating a new account
3. A real bonafide user who will no longer be accessing the API

It was the first scenario that spawned this issue in the first place. As we gear up to go-live with our external demo/evaluation environment, I'm accumulating a lot of test accounts.

Given that you can change the email in the admin interface, the second scenario likely wouldn't actually require deleting anything.

And then we come to scenario three, where we could accumulate a lot of inactive users to deal with in the admin interface.

Alternatives

I'd agree with your stance on deleting production data.

However, I'd say soft deleting api users is a bad idea. I can see this resulting in confusion for others adopting API Umbrella. How do you reactivate/recreate a user who once existed and you now want back? I'm sure we could come up with solutions to all these problems, but likely not worth the complexity.

In the case of test accounts, I'm fine with deleting them in Mongo when the need arises. The need is more frequent now but will decrease once we reach production.

Proposal

So, now we come to what I think is the bedrock of the issue. I have a long list of current and former users, which makes it more difficult to manage the current users -- the ones that are currently relevant.

So, why not support filtering users by their state (defaulting to active only) and provide some visual indication in the table if the user is active or not. This allows us to maintain referential integrity, while managing information overload.

(I will open a separate issue for the case of Admin Users)

[GUI]

I'm going to go ahead and close this issue. The ability to delete other resources was addressed, although we still only allow api keys to be disabled for analytics purposes.

But please feel free to speak up if anyone still feels the need to delete api keys from the database directly in the web admin, and we can revisit this.

[narasingraju]

@darylrobbins @brylie We can delete the users from mongodb database by giving the folowing query:
db.apiusers.deleteMany({})