Hello Dataverse developpers,
I have a "small" question regarding data persistence in Dataverse.
Some context first. For one of our project, we are using Dataverse 5.3 with ORCID authentication. During our tests, we came across the issue https://github.com/IQSS/dataverse/issues/4356
Not a big problem technically. When a user is deleted, the token created in the table oauth2tokendata is not deleted before, raising an error on the constraint fk_oauth2tokendata_user_id.
We could live with it but, planning to go into production, we would prefer to delete users right from the API in case we would have to.
In order to fix it, I've started my journey in the source code of Dataverse and the pointers related to development for the project.
I managed to write a first fix, successfully working in our test environment but I still have a question before proposing the solution.
The fix would be in edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean.removeAuthentictedUserItems() where entries related to a user in other tables like userbannermessage and fileaccessrequests are deleted.
This method is called from edu.harvard.iq.dataverse.api.Admin.deleteAuthenticatedUser() where the exception is actually raised.
The methods in removeAuthentictedUserItems() called to delete the entries are using SQL queries (eg. deletePendingAccessRequests()). But I noticed the exception raised is coming from EclipseLink. And the ORM is used in edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean.deleteAuthenticatedUser(), the service called from the API. I also notice a CRUD class OAuth2TokenDataServiceBean is available for mapping this table but does not implement a delete method.
So, finally :), should I rather being using the ORM for persistence in that case or is it ok to follow what has been done in removeAuthentictedUserItems() with SQL queries ?
Thank you for your feedback.