Orphaned Groups

[linux4life798]

It looks like groups linger around after the last member leaves.
This should be looked into.

[khush-bhatia]

Just FYI, I intentionally included group memberships in user model . Since mongodb is a document store, data that is often read together should be saved in same document. Since groups are used for access control and read performance is very important for access control, I made this design choice.

Because of this design, deleting orphaned groups becomes non trivial. If you decide to change the model to make delete groups easier, please keep ACL read performance in consideration in the new design.

Following are two suggestions to fix this bug with the current design:

1. Everytime a member is deleted from group, do a search to see if there are no more members left in group.
2. Run an independent piece of code that periodically scans and deletes empty groups.

[linux4life798]

Yep, that makes sense.
The first option seems like the most direct.

Do you need to worry about race conditions in Node.js+express+mongoose+magic-elves? Like TOCTU for checking group membership and deleteing it? Does mongo+mongoose prevent deletion of documents that are referenced?
Does Node.js + express have the notion of locks?

Thanks!