database: remove 2nd param from AccessTokens.DeleteByID (!25681) · Merge requests · Warren Gifford / sourcegraph

Warren Gifford requested to merge mrn/access-tokens-delete-by-id into main Oct 05, 2021

Created by: mrnugget

This param is not required. access_tokens.id is the primary key for the table and unique, we don't need to also pass in subject_id.

In the GraphQL layer the token is loaded too and permissions are checked against token.SubjectUserID, so there's also no additional hidden benefit to passing in this 2nd param.

It makes the method harder to use, though, because one needs to load the token first to delete it (I'm working with access tokens in a separate branch).

I suspect it's a leftover from a refactor where the permission check was in DeleteByID.

database: remove 2nd param from AccessTokens.DeleteByID

Merge request reports