MindTouch Community Portal
Logged in: Logged in as: Log in
Register
Search:
Page last modified 15:38, 12 Mar 2009 by MaxM
User:dev > Specs > User deletion
Page Notifications Off

User deletion

    Overview

    Users should be deletable from the user management screen in control panel just like groups currently are.

    Proposed Behavior (#1)

    • Q: What happens to their contributions?
      • A1: At delete time you're allowed to reassign contributions to another existing user.
      • A2: Front end has a means of displaying a the attribution of a file upload/page change/comment/etc for when the user isn't found. An image or ??? can take the place of the username.
    • After deletion if a user with the same name gets created, it's a different user and it does not get the old changes attributed to them.

    Proposed Behavior (#2)

    The gist: Extend "disabled" to become "deleted" by adding a status in the XML and disabling a few API features; this would behave very similarly to deleted pages.

    When a user is deleted, the user account gets flagged as "deleted". This isn't so different from being "disabled," but the API would have to return some sort of status in the XML.

    Upon selection of user deletion, Deki:

    •  Updates the user's status to that of "deleted":
      • None of the API features related to this user are available
        • Because of this, there would be no username collisions - a new username could be created, even if the disabled user had the same username.
    • Deletes the user's userpage

    Any user who is created with the same name as the deleted user will be treated as a new user.

    Flagged username

    Attribution to a user should not be lost, even if that user is deleted. A user being deleted, should means that the user is no longer allowed access to Deki, and that this user has "moved on." This shouldn't mean that the user never existed at all. I'm not a huge fan of attributing the changes to another user (in that case, why wouldn't a user just rename the user and disable them?)

    My feeling is that the API would return information about this user in the page/file metadata, but somehow modify the XML to just return the username with some sort of deleted status message. This would allow the front-end to continue to display the attribution, but indicate a user has been deleted. For example:

    Page last modified by RoyK.
    Page last modified by RoyK.

    I'm not sure what ramifications this has on the API, as it means that the API would have to block external access to this user's features (GET:user/=username), but still need be able to retrieve that information internally for return of metadata.

    The upside of this approach is it does allow for "undelete", which means we could remove the "disable" functionality from Deki - disable would be delete, and we could easily undelete users as well. (And in the case of username conflicts, we can username renames).

    Proposed Behavior (#3)

    Give admins a choice if they want to delete a user and remove any record of them (behavior#1) OR mark them as removed with attribution preserved (behavior#2).

    In some cases a user simply needs to be deleted from the system -- as a simple undo from the user creation -- with no trace left of the user and the username freed up.

    In other cases a user is no longer in the organization and others need to see previous work attributed back to them while seeing that the user is no longer active. This can be handled as described in behavior #2 above through an api attribute marking the user as disabled and the front end showing the user with a strikethrough.

    This gives an admin a choice as to whether they want to permanently delete and free up the name or to simply mark the user as disabled.

    Proposed Behavior (#4)

    If a user doesn't have contributions

    • account record is deleted
    • same user name becomes available for new account

    User has contributions:

    • account is disabled.
    • UI asks if the user page should be deleted (archived) (default: no)
    • UI asks if the user should be renamed (default: no)
    • UI strikes out usernames throughout the wiki
    • user name not available for new account unless admin renames user

    Contribution can be one or more of:

    • Comment posted outside of user page
    • Page edits outside of user page
    • Attachment outside of user page

     

    UI allows batch delete

     

    API Feature: DELETE: user/{ID}

    Returns 200 if a user is deleted

    Returns an error code if user has contributions and cannot be deleted

    Error raised if user references in tables:

    • archive
    • pages
    • old
    • resources
    • resourcerevs
    • comments
    • transactions

    Tables to have rows removed matching user reference

    • user_groups
    • user_grants
    • banusers
    Tag page
    What links here

    Files 0

    Attach file or image
     
    Viewing 1 of 1 comments: view all
    #1
    maphew says:
    I am in favourof keeping content of deleted users while keeping their name intact. However instead of striking out the deleted username please use something else which doesn't have the negative connotation of strike-through. For me this brings to mind associations of "deleted because of bad behaviour" or somesuch. Simple black unhyperlinked text would do just fine.

    Actually thinking a little deeper. It would often be good to keep the users home page also as there will likely be significant information there about who they were and the nature of their relationship to the site.

    What really needs to be dis-entangled is "username which can login" from "page about username".
    Posted 08:39, 10 Mar 2009
    Viewing 1 of 1 comments: view all
    You must login to post a comment.
    MindTouch Social Knowledge Base

    Copyright © 2011 MindTouch, Inc. Powered by