feat: completely remove domain from RoleManager when calling DeleteDomains

[D0000M]

close #1492
The original DeleteDomains() only performed the task of DeleteAllUsersByDomain(), but now DeleteDomains() will delete all associated policies as well.

[hsluoyz]

@oppiliappan plz review

[hsluoyz]

@tangyang9464 plz review

[Copilot]

Pull Request Overview

This PR enhances the DeleteDomains method to remove all related policies and role manager entries when domains are deleted, adds synchronization support, updates the interface, implements domain deletion in the default role manager, and introduces tests for the new behavior.

• Expand Enforcer.DeleteDomains to loop through all domains, remove filtered policies, and clear role manager entries
• Add DeleteDomains to SyncedEnforcer and to the RoleManager interface/implementations
• Create tests in rbac_api_with_domains_test.go covering domain deletion scenarios

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
rbac_api_with_domains.go	Updated DeleteDomains logic to remove policies and clean up role manager
rbac_api_with_domains_synced.go	Added DeleteDomains wrapper to SyncedEnforcer
rbac_api_with_domains_test.go	Added TestDeleteDomains and helper to verify domain deletions
rbac/role_manager.go	Introduced DeleteDomain to the RoleManager interface
rbac/default-role-manager/role_manager.go	Implemented DeleteDomain in the default role managers
model_test.go	Stubbed DeleteDomain on custom test role manager

Comments suppressed due to low confidence (2)

rbac_api_with_domains_test.go:303

• The test ignores both the boolean result and the error from DeleteDomains. Add assertions to verify ok is true and err is nil before checking policies.

	_, _ = e.DeleteDomains(domains...)

rbac_api_with_domains.go:147

• [nitpick] Consider making the comment imperative (e.g., // DeleteDomains deletes all associated policies and grouping policies and cleans up the role manager) to better reflect the implemented behavior.

// DeleteDomains would delete all associated policies.

[tangyang9464]

@D0000M
I looked through the historical commits ((#784 #790 )) of the DeleteDomains-related APIs and found that their function is to delete both the g and p policies (the comments and documentation of the related APIs are a bit vague, and they describe it as would delete all associated users and roles).

The key problem of this issue #1492 is that DomainRoleManager is a later implementation that does not take into account the DeleteDomains-related APIs.
Therefore, I think this fix should only require adding the deletion of RoleManager in the DeleteDomains and other APIs, and there is no need to modify the deletion logic of DeleteDomains for the policy, because it is correct.

[tangyang9464]

LGTM

[github-actions]

🎉 This PR is included in version 2.109.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀