Versions Compared

Old Version 11

changes.mady.by.user Anil Gupta

Saved on

compared with

New Version Current

changes.mady.by.user Anil Gupta

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

...

  • Verify the sync steps is successfully completed else perform the pending actions.

  • Update the user entry in sunbird.user_organisation (async) - May not be required.

    • isdeleted - True

    • orgleftdate - system date

  • Update the user’s name in nodeBB as Deleted User to display in discussion forum.

  • Group - TBD

  • Send the AUDIT telemetry event after successful/failure update/deletion of the above tables.

User delete API:

...

Expand
Code Block
json
languagetitleDELETE '{{host}}/api/user/v1/delete/{{userId}}'
Code Block
curl --location --request DELETE '{{host}}/api/user/v1/delete/{{userId}}' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{api_key}}' \
--header 'x-authenticated-user-token: {{user_token}}'
Expand
titleResponse

...

language
Code Block
json
{
    "id": "api.user.delete",
    "ver": "1.0",
    "ts": "2023-08-28T13:54:45Z+05:30",
    "params": {
        "resmsgid": "a638c46e-63a5-47de-bf00-029cbe435e5e",
        "msgid": null,
        "err": null,
        "status": "successful",
        "errmsg": null
    },
    "responseCode": "OK",
    "result": {
        "response": "SUCCESS",
        "userId": "{{userId}}"
    }
}

Delete User Kafka Event

...

Property

...

Description

organisationId

It helps to identify user belongs to which organisation

userId

Deleted user id

suggested_user

If user have role other than PUBLIC, than suggested user list can be send in the event for each role user is having.

Expand
titleSample event
Code Block
{
  "eid": "BE_JOB_REQUEST",
  "ets": 1619527882745,
  "mid": "LP.1619527882745.32dc378a-430f-49f6-83b5-bd73b767ad36",
  "actor": {
    "id": "delete-user",
    "type": "System"
  },
  "context": {
    "
channel": "01309282781705830427", "
pdata": {
      "id": "org.sunbird.platform",
      "ver": "1.0"
    }
,
"env":
"dev" 
},
  "object": {
    "id": "<deleted-userId>",
    "type": "
DeleteUser
User"
  },
  "edata": {
    "organisationId": "<organisationId>"
    "userId": "
<userId>
<deleted-userId>",
    "
action
suggested_users":
"delete-user",
[
"iteration": 1
	{
} }

Transfer Ownership

Ownership transfer API

...

  • This API will trigger the kafka event to transfer-ownership flink job, to precess the things asynchronously. This API will validate if “toUserId“ has all the roles of from user.

Request

Code Block
curl --location --request POST '{{host}}/api/user/v1/ownership/transfer' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{api_key}}' \ --header 'x-authenticated-user-token: {{user_token}}' \ --data-raw '{ "request":{ "organisationId": "{{organisationId}}", "toUserId": "{{TO_UUID}}
 		"role": "ORG_ADMIN",
    		"users": ["<orgAdminUserId>"]
    	},
    	{
    		"role": "CONTENT_CREATOR",
    		"users": ["<contentCreatorUserId>"]
    	},
    	{
    		"role": "COURSE_MENTOR",
    
		"
fromUserId
users":
"{{FROM_UUID}}"
["<courseMentorUserId>"]
    	}
}'

Response:

Code Block
languagejson
{
"id": "api.user.ownership.transfer"
],
    "
ver
action": "
1.0", "ts": "2023-08-28T13:54:45Z+05:30
delete-user",
    "
params
iteration":
{
1
"resmsgid": "a638c46e-63a5-47de-bf00-029cbe435e5e", "msgid": null, "err": null, "status": "successful", "errmsg": null }, "responseCode": "OK", "result": { "status": "Ownership transfer event is pushed successfully!" } }

Flink Job

Transfer ownership:

Sample kafka event

Code Block
{
  "eid": "BE_JOB_REQUEST",
  "ets": 1619527882745,
  "mid": "LP.1619527882745.32dc378a-430f-49f6-83b5-bd73b767ad36",
  "actor": {
    "id": "ownership-transfer",
    "type": "System"
  },
  "context": {
    "channel": "01309282781705830427",
    "pdata": {
      "id": "org.sunbird.platform",
      "ver": "1.0"
    },
    "env": "dev"
  },
  "object": {
    "id": "do_11329603741667328018",
    "type": "OwnershipTransfer"
  },
  "edata": {
    "organisationId": "{{organisationId}}",
    "toUserId": "{{TO_UUID}}",
    "fromUserId": "{{FROM_UUID}}"
    "action": "ownership-transfer",
    "iteration": 1
  }
}

...

Batch

  • Fetch the list of open and ongoing batches created by fromUserId from sunbird_courses.course_batch table.

  • Update the user entry in sunbird_courses.course_batch table for open and ongoing batches only.

    • createdby

  • If the user is added as a course mentors to any batch, than use the search API to find out the batches and than remove the userId from mentors column in sunbird_courses.course_batch table.

...

}
}

Deleted Users search curl

User search API can be used to get the more detail about user. e.g. name.

Expand
titleCurl

curl --location '{{host}}/api/user/v3/search' \
--header 'Authorization: {{kong_api_key}}' \
--header 'X-Authenticated-User-token: {{keycloak_access_token}}' \
--header 'Content-Type: application/json' \
--data '{
"request": {
"filters": {
"status": 2, "updatedDate": {">=": "2023-05-10 08:41:50:752+0000"}
}
}
}'

OTP Template

Expand
titleEmail Template

<html><head><meta name="viewport" content="width=device-width"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title></title><style>@media only screen and (max-width:620px){table[class=body] h1{font-size:28px!important;margin-bottom:10px!important}table[class=body] a,table[class=body] ol,table[class=body] p,table[class=body] span,table[class=body] td,table[class=body] ul{font-size:16px!important}table[class=body] .article,table[class=body] .wrapper{padding:10px!important}table[class=body] .content{padding:0!important}table[class=body] .container{padding:0!important;width:100%!important}table[class=body] .main{border-left-width:0!important;border-radius:0!important;border-right-width:0!important}table[class=body] .btn table{width:100%!important}table[class=body] .btn a{width:100%!important}table[class=body] .img-responsive{height:auto!important;max-width:100%!important;width:auto!important}}@media all{.ExternalClass{width:100%}.ExternalClass,.ExternalClass div,.ExternalClass font,.ExternalClass p,.ExternalClass span,.ExternalClass td{line-height:100%}.apple-link a{color:inherit!important;font-family:inherit!important;font-size:inherit!important;font-weight:inherit!important;line-height:inherit!important;text-decoration:none!important}}</style></head><body class="" style="color:#000!important;background-color:#f6f6f6;font-family:sans-serif;-webkit-font-smoothing:antialiased;font-size:14px;line-height:1.4;margin:0;padding:0;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%"><table border="0" cellpadding="0" cellspacing="0" class="body" style="border-collapse:separate;mso-table-lspace:0;mso-table-rspace:0;width:100%;background-color:#f6f6f6"><tbody><tr><td style="font-family:sans-serif;font-size:14px;vertical-align:top"> </td><td class="container" style="font-family:sans-serif;font-size:14px;vertical-align:top;display:block;Margin:0 auto;max-width:580px;padding:10px;width:580px"><div class="content" style="box-sizing:border-box;display:block;Margin:0 auto;max-width:580px;padding:10px"><span class="preheader" style="color:transparent;display:none;height:0;max-height:0;max-width:0;opacity:0;overflow:hidden;mso-hide:all;visibility:hidden;width:0"></span><table class="main" style="border-collapse:separate;mso-table-lspace:0;mso-table-rspace:0;width:100%;background:#fff;border-radius:3px"><tbody><tr><td class="wrapper" style="font-family:sans-serif;font-size:14px;vertical-align:top;box-sizing:border-box;padding:20px"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse:separate;mso-table-lspace:0;mso-table-rspace:0;width:100%"><tbody><tr><td style="font-family:sans-serif;font-size:14px;vertical-align:top"><table border="0" cellpadding="0" cellspacing="0" class="btn btn-primary" style="border-collapse:separate;mso-table-lspace:0;mso-table-rspace:0;width:100%;box-sizing:border-box"><tbody><tr><td align="left" style="font-family:sans-serif;font-size:14px;vertical-align:top;font-family:sans-serif;font-size:14px;font-weight:400;margin:0;Margin-bottom:15px">Hello User,<br><p>To confirm the deletion of your $installationName account, please enter the following OTP: $otp.</p><p>This OTP is valid for the next $otpExpiryInMinutes.</p><p>If you did not request this account deletion, please ignore this message or contact our support team immediately at $supportEmail.</p><p>Thank you for using $installationName.</p>Best regards,<br>The $installationName Team</td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></div></td><td style="font-family:sans-serif;font-size:14px;vertical-align:top"> </td></tr></tbody></table></body></html>

Code Block
Hello User,

To confirm the deletion of your Sunbird Ed account, please enter the following OTP: [OTP Code].

This OTP is valid for the next [Time Limit, e.g., 5 minutes]. 

If you did not request this account deletion, please ignore this message or contact our support team immediately at [Support Email].

Thank you for using Sunbird Ed.

Best regards,
The Sunbird Ed Team

  • SMS

Code Block
Dear User, to confirm the deletion of your Sunbird Ed account, please enter the following OTP: [OTP Code].This OTP is valid for the next [Time Limit, e.g., 5 minutes]. If you did not request this account deletion, please ignore this message or contact our support team immediately.

Backward compatibility Approach:

As part of backward compatibility, ‘User Deletion Flink Job’ mentioned above can be deployed; ‘delete-user’ kafka topic can be created and events to the kafka topic can be inserted via scripts by passing users' information as part of the topic for completing user deletion activity.

Manage Learn -

As part of the Manage Learn use case, the user’s PII data is captured and/or used in the below-mentioned workflows -

  1. A complete snapshot of a user’s profile which includes name (first and last name) as well as masked email and phone is captured under various collections in MongoDB (observations, projects, survey, and programUsers) at the start of any transaction i.e. the moment a user starts working on a survey, or project or decides to join a program. This is done to give the Program manager the details of the user as it was when he/she started working on the resource and is not affected by his/her profile change later. This means a user’s name, location, role, and sub roles which is later used for certificate generation using Sunbird RC is the same when he/she started the resource.

  2. When the Program Manager requests reports via the Program Dashboard about the details of each and every user who has worked on a resource or has joined the program, the user’s email and phone along with the name is provided via a CSV using the Lern Data Product. These details are fetched in real-time at the moment of generating the on-demand report from the common and shared Redis and Cassandra storage. No change is required here since the expectation is user’s name, email phone will be deleted from the common storage and replaced with the “Deleted User” string, We will just need to test this once to confirm the entry from the reports is not removed but just the PII data is removed.

Info

Note - No other place in Logs, Druid, ES or Neo4j does Manage Learn workflow write to

...

NOTE: None of the services should log the user PII data.

TBD

  • Cron Job:

    • Run on specific intervals to do the sanity check of deletion.

Checklist:

...

.

References