User Self Delete

Note: We are moving the topics of this forum and it will be deleted at some point

Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
User avatar
imkingdavid
Registered User
Posts: 1050
Joined: Thu Jul 30, 2009 12:06 pm

User Self Delete

Post by imkingdavid »

This was discussed for 3.1, but no RFC was ever created, to my knowledge. So here it is.

As proposed by callumacrae, I suggest that a new feature be added in 3.2 that allows users to delete themselves, if given permission.

Of course, there should be multiple levels of deletion, as described in this post by EXreaction:
So what I see wanted is a few options:

No deleting of accounts allowed
"Soft" deleting of accounts allowed (keep the user's profile information, but anomalize the account to the public)
Profile deleting of accounts allowed (this would delete all information of that user's profile but keep important content to the forum like posts (anomalized))
Complete removal of accounts allowed (this would remove everything, including posts)

The last three should be deletion options for the user account as well from the user management in the ACP

Permission setting for users to delete their own accounts, global settings for the method of deleting and global allowing of deleting
Also, there should be a way for user accounts to be undeleted by administrators (and, if they have permission, the user that has been deleted). For the former, there could be a simple button in the user management area. For the latter, where the user undeletes his/her own account, we might be able to do something like facebook does. When you deactivate your Facebook account, you can easily reactivate it by simply logging back in. Of course, this should be able to be disabled if the adminsitrators want the user's account to stay deleted until the staff feel comfortable undeleting it.

Something that should be discussed is how to handle "deleted" accounts. For the second and third option in the quoted section above, the username (at least, but possibly also the email) should be disallowed for future registrations to prevent complications if the account needs to be undeleted. For the final option above, that won't matter as the account will be removed from the database totally. In any case, for the second and third options, the user's information should be viewed as Anonymous for all normal users, whereas authorized users should still be able to see the user's information (with a flag or notice saying that the user's account has been deleted).

So... anything I missed? Comments? Suggestions?

See Ticket.

EDIT: BTW, I am currently working on this feature, but if someone else wants to as well we can see whose implementation is better. :)
I do custom MODs. PM for a quote!
View My: MODs | Portfolio
Please do NOT contact for support via PM or email.
Remember, the enemy's gate is down.

User avatar
imkingdavid
Registered User
Posts: 1050
Joined: Thu Jul 30, 2009 12:06 pm

Re: [RFC] User Self Delete

Post by imkingdavid »

I know it's a bit premature, but I have already gotten a potentially buggy, but for the most part working version of this. I haven't modified the places required for SQL changes (i did them manually on my working copy just to get it working). Here's my writeup of changes. It's not all of the file changes, but just keeping track of new constants, permissions, language entries, etc.
This feature allows users with permissions to delete or deactivate their own user account based on forum configurations.

New configuration settings:
  • account_delete_method - How to handle account deletion
    • Values:
    • 0 - No self-account deletion allowed (administrators may still do so via ACP)
    • 1 - Soft delete/Deactivate; user accounts are deactivated, and all data is saved. Undoable. Account will appear to not exist if a normal user attempts to view profile.
    • 2 - Profile delete; user account is deleted, along with profile data and private messages. No undo. User's posts will appear as posted by Anonymous.
    • 3 - Hard delete; user account, posts, profile data, and private messages are deleted. No undo.
New Constants (link to corresponding config values above):
  • SELF_ACCOUNT_DELETE_NONE = 0
  • SELF_ACCOUNT_DELETE_SOFT = 1
  • SELF_ACCOUNT_DELETE_PROFILE = 2
  • SELF_ACCOUNT_DELETE_HARD = 3
  • INACTIVE_SOFT_DELETE = 5
New Language Variables:
  • language/xx/ucp.php -

    Code: Select all

    'DELETE_ACCOUNT'            => 'Delete your account?',
        'DELETE_ACCOUNT_SOFT'        => 'If you check this box, your account will be deactivated. All account information and topics/posts will be saved, and you can reactivate your account by logging back in.',
        'DELETE_ACCOUNT_PROFILE'    => 'If you check this box, your account will be deleted. All profile information and private messages will be removed, but posts and topics will be saved. An administrator can recreate your account.',
        'DELETE_ACCOUNT_HARD'        => 'If you check this box, your account will be permanently deleted along with all information, including topics/posts, private messages, and profile data.',
        'DELETE_ACCOUNT_FAIL'        => 'You do not have permission do delete your account. If you no longer wish to keep your account, contact an administrator.', 
  • language/xx/acp/permissions_phpbb.php -

    Code: Select all

        'acl_u_delete_self'    => array('lang'    => 'Can delete own account', 'cat' => 'profile'), 
  • language/xx/acp/common.php -

    Code: Select all

    'INACTIVE_REASON_SOFT_DELETE'    => 'User soft deleted',
New Permissions:
  • acl_u_delete_self - If Yes, user can delete own account; deletion method dependent on global configuration
As I said, I know that working on something for 3.2 before 3.1 is even near released is a bit premature. But I figured I might as well get some work done and then adapt it as needed for 3.2 when the time comes.

You can view the latest progress here on my GitHub fork of develop
I do custom MODs. PM for a quote!
View My: MODs | Portfolio
Please do NOT contact for support via PM or email.
Remember, the enemy's gate is down.

User avatar
AmigoJack
Registered User
Posts: 110
Joined: Wed May 04, 2011 7:47 pm
Location: グリーン ヒル ゾーン
Contact:

Re: [RFC] User Self Delete

Post by AmigoJack »

The idea is a good one, as it confirms to the self-determination of one's data and gives the user to delete his own profile along with his posts (or at least remove username and date everywhere [which might be a challenging task for posts which quoted that user or where users have manually written that username]).

The undelete feature is rather horrible to me and mixes up inactive accounts with deleted accounts. In this case I'm for a fifth user type instead of adding huge code which tries to revert everything or additional tables which will hold everything for a possible restore later. The fifth user type could also be linked to pruning: if the user has not requested to enable his account again for ...maybe 6 months, it will be deleted irreversable.

User avatar
Dragosvr92
Registered User
Posts: 624
Joined: Tue May 31, 2011 12:08 pm
Location: Romania
Contact:

Re: [RFC] User Self Delete

Post by Dragosvr92 »

The idea is good, but i will never allow my users to have this option.
Soft deletion isnt the same as Deactivate the user?
Previous user: TheKiller
Avatar on Memberlist 1.0.3

Atramez_Zeton
Registered User
Posts: 32
Joined: Mon May 08, 2006 10:14 am

Re: [RFC] User Self Delete

Post by Atramez_Zeton »

+1 for Deactivate not for delete, in case the account got hacked then the user would lose all of his data.

User avatar
Dragosvr92
Registered User
Posts: 624
Joined: Tue May 31, 2011 12:08 pm
Location: Romania
Contact:

Re: [RFC] User Self Delete

Post by Dragosvr92 »

^yeah.

I think only this one should be included:
"Soft" deleting of accounts allowed (keep the user's profile information, but anomalize the account to the public)
That would be the same option/feature that facebook provides. After you log in, in your account, it should notify you that its disabled and if you wish to re-enable it. Fb just logs you in and activates it back, without asking you if you want to enable it.
Previous user: TheKiller
Avatar on Memberlist 1.0.3

User avatar
imkingdavid
Registered User
Posts: 1050
Joined: Thu Jul 30, 2009 12:06 pm

Re: [RFC] User Self Delete

Post by imkingdavid »

The current PR includes multiple options, which can be configured by the administrator. I haven't worked on this in a while, but if I remember correctly, deactivate is the default setting if the delete permission is given. Other people may want to allow users to actually delete their accounts, so that is also an option. But the users are restricted by whatever the admin decides is allowable.
I do custom MODs. PM for a quote!
View My: MODs | Portfolio
Please do NOT contact for support via PM or email.
Remember, the enemy's gate is down.

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC] User Self Delete

Post by Pony99CA »

Out of curiosity, what happens now when a user with posts is deactivated? Are the posts visible?

If they are, I don't see much use in having both Deactivate and Soft Delete. Just deactivate the user and display "Anonymous" (or whatever) as the user name. If the user reactivates (he should be able to, right?), then his user name shows up again.

I also don't think that the user should ever be able to hard delete himself; that should require an Admin action.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
MichaelC
Development Team
Development Team
Posts: 889
Joined: Thu Jan 28, 2010 6:29 pm

Re: [RFC] User Self Delete

Post by MichaelC »

Soft deleting a user would probably soft delete their posts (so they are hidden). Deactivating a user just stops them from logging in/posting if I recall correctly.
Formerly known as Unknown Bliss
psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
No unsolicited PMs please except for quotes.

Atramez_Zeton
Registered User
Posts: 32
Joined: Mon May 08, 2006 10:14 am

Re: [RFC] User Self Delete

Post by Atramez_Zeton »

MichaelC wrote:Soft deleting a user would probably soft delete their posts (so they are hidden).
like facebook deactivation.
MichaelC wrote:Deactivating a user just stops them from logging in/posting if I recall correctly.
but their posts will remain, also this feature should be fixed with tagging if the user deactivated his account the tag link will go.
tagging RFC https://area51.phpbb.com/phpBB/viewtopi ... 08&t=42807

Post Reply