Filter out deleted users and organizations from the superuser list

Superusers were getting confused because the users/orgs were being disabled and renamed, but still appeared in the list until they were GCed by the background worker. Now we just hide them.

Fixes https://jira.coreos.com/browse/QUAY-936

data/model/organization.py

@@ -1,6 +1,6 @@
 
 from data.database import (User, FederatedLogin, TeamMember, Team, TeamRole, RepositoryPermission,
-                           Repository, Namespace)
+                           Repository, Namespace, DeletedNamespace)
 from data.model import (user, team, DataModelException, InvalidOrganizationException,
                         InvalidUsernameException, db_transaction, _basequery)
 
@@ -145,8 +145,13 @@ def get_all_repo_users_transitive_via_teams(namespace_name, repository_name):
           .where(Namespace.username == namespace_name, Repository.name == repository_name))
 
 
-def get_organizations():
-  return User.select().where(User.organization == True, User.robot == False)
+def get_organizations(deleted=False):
+  query = User.select().where(User.organization == True, User.robot == False)
+
+  if not deleted:
+    query = query.where(User.id.not_in(DeletedNamespace.select(DeletedNamespace.namespace)))
+
+  return query
 
 
 def get_active_org_count():

data/model/test/test_organization.py

@@ -0,0 +1,22 @@
+import pytest
+
+from data.model.organization import get_organization, get_organizations
+from data.model.user import mark_namespace_for_deletion
+from data.queue import WorkQueue
+from test.fixtures import *
+
+@pytest.mark.parametrize('deleted', [
+  (True),
+  (False),
+])
+def test_get_organizations(deleted, initialized_db):
+  # Delete an org.
+  deleted_org = get_organization('sellnsmall')
+  queue = WorkQueue('testgcnamespace', lambda db: db.transaction())
+  mark_namespace_for_deletion(deleted_org, [], queue)
+
+  orgs = get_organizations(deleted=deleted)
+  assert orgs
+
+  deleted_found = [org for org in orgs if org.id == deleted_org.id]
+  assert bool(deleted_found) == deleted

data/model/test/test_user.py

@@ -33,16 +33,30 @@ def test_validation_code(token_lifetime, time_since, initialized_db):
     expect_success = convert_to_timedelta(token_lifetime) >= convert_to_timedelta(time_since)
     assert expect_success == (result is not None)
 
+
 @pytest.mark.parametrize('disabled', [
   (True),
   (False),
 ])
-def test_get_active_users(disabled, initialized_db):
-  users = get_active_users(disabled=disabled)
+@pytest.mark.parametrize('deleted', [
+  (True),
+  (False),
+])
+def test_get_active_users(disabled, deleted, initialized_db):
+  # Delete a user.
+  deleted_user = model.user.get_user('public')
+  queue = WorkQueue('testgcnamespace', lambda db: db.transaction())
+  mark_namespace_for_deletion(deleted_user, [], queue)
+
+  users = get_active_users(disabled=disabled, deleted=deleted)
+  deleted_found = [user for user in users if user.id == deleted_user.id]
+  assert bool(deleted_found) == (deleted and disabled)
+
   for user in users:
     if not disabled:
       assert user.enabled
 
+
 def test_mark_namespace_for_deletion(initialized_db):
   def create_transaction(db):
     return db.transaction()

data/model/user.py

@@ -825,10 +825,17 @@ def get_private_repo_count(username):
           .count())
 
 
-def get_active_users(disabled=True):
-  query = User.select().where(User.organization == False, User.robot == False)
+def get_active_users(disabled=True, deleted=False):
+  query = (User
+           .select()
+           .where(User.organization == False, User.robot == False))
+
   if not disabled:
     query = query.where(User.enabled == True)
+
+  if not deleted:
+    query = query.where(User.id.not_in(DeletedNamespace.select(DeletedNamespace.namespace)))
+
   return query