Closed Bug 1561663 Opened 5 years ago Closed 4 years ago

Admins should be able to remove an account

Categories

(Webtools Graveyard :: Pontoon, enhancement, P3)

Product:
Webtools Graveyard
Component:
Pontoon
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: flod, Assigned: vishnutekale13, Mentored)

References

Details

Attachments

(3 files)

Link to GitHub pull-request: https://github.com/mozilla/pontoon/pull/1647
44 bytes, text/x-github-pull-request
Details | Review
Link to GitHub pull-request: https://github.com/mozilla/pontoon/pull/1652
44 bytes, text/x-github-pull-request
Details | Review
Link to GitHub pull-request: https://github.com/mozilla/pontoon/pull/1654
44 bytes, text/x-github-pull-request
Details | Review

I don't have a way to remove an account. Right now, it needs to be done via console, resetting the attributions for their contributions. That should be possible via UI, either Pontoon or Django admin.

To clarify: simply deleting the User object from the console also removes Translations the user has authored or reviewed.

One option is to deactivate a User from the Django admin.

Depends on: 1607696
No longer depends on: 1607696
See Also: → 1607696

(In reply to dolugen from comment #2)

One option is to deactivate a User from the Django admin.

That would leave the PII in the database and keep the profile URL accessible.

A possible solution would to set the on_delete=models.SET_NULL on the User ForeignKeys. Note that Django 2.0 makes the on_delete attribute required, so we can make the change as part of bug 1607696.

Another solution is to anonymize the PII in the user account, namely the email address and the display name:
https://support.mozilla.org/en-US/kb/pontoon-managing-account-data#w_what-data-do-you-receive-from-my-account

Now that we've upgraded to Django 2 (on stage only), all User model foreign keys on the Translation model have on_delete=models.SET_NULL, which means deleting the user no longer deletes translations the user has submitted or reviewed.

We still delete the following related models, which I think is OK:

  • UserProfiles (settings)
  • User-group relationships (permissions)
  • Social accounts, Social application tokens, Email Addresses (authentication data)
  • Django admin log entries
  • Notifications

We also delete terminology entries submitted by the user, which we shouldn't (even if we aren't likely to use that field at Mozilla for now).

I'm not sure about these, though. Which should we keep and which should be thrown away?

  • Comments
  • Action log entries
  • Permission change log entries

Flod, Axel, do you have opinions?

Flags: needinfo?(l10n)
Flags: needinfo?(francesco.lodolo)

(In reply to Matjaz Horvat [:mathjazz] from comment #4)

I'm not sure about these, though. Which should we keep and which should be thrown away?

  • Comments
  • Action log entries
  • Permission change log entries

I think we should keep these, and assign them to a unique user ID, not to a generic one.

Flags: needinfo?(francesco.lodolo)

Thanks!

(In reply to Francesco Lodolo [:flod] from comment #5)

I think we should keep these, and assign them to a unique user ID, not to a generic one.

I'm curious, what's the purpose of setting the user value on these object to a unique anonymized ID vs, just setting it to NULL like we do with translations?

I think it's useful to know who promoted whom, even if that user doesn't exist anymore in Pontoon. Same for comments, or understanding who approved a translation. I didn't realize we're doing that for translations, and I think there would be value in having the same approach.

(In reply to Francesco Lodolo [:flod] from comment #7)

I think it's useful to know who promoted whom.

I don't think that's possible - we need to delete all PII.

What's the use-case for this bug? Vandalism or something else?

If it's PII, I think it's still valuable to be able to distinguish one sock puppet from another. Also shows how many individuals have been involved when in a team.

Flags: needinfo?(l10n)

(In reply to Axel Hecht [:Pike] from comment #9)

What's the use-case for this bug? Vandalism or something else?

We can't prevent vandalism by deleting accounts. They create a new one the first time they "log in" after the account is deleted. We'd need a different solution for this.

It's PII (and GDPR).

Also shows how many individuals have been involved when in a team.

Good point!

So to fix this bug, we need to:

  1. Set on_delete on the following fields to models.SET(get_sentinel_user):
  • Translation: user, approved_user, unapproved_user, rejected_user, unrejected_user
  • Comment: author
  • ActionLog: performed_by
  • PermissionChangelog: performed_by, performed_on
  • Term: created_by
  1. Make sure translations and comments referencing "Deleted User X" work OK.
  2. Document how to delete an account in the PM docs.
Mentor: m
Priority: -- → P3

(In reply to Matjaz Horvat [:mathjazz] from comment #8)

(In reply to Francesco Lodolo [:flod] from comment #7)

I think it's useful to know who promoted whom.

I don't think that's possible - we need to delete all PII.

How would it be a PII? That would be a user, with a numeric ID, that won't have any data from the original user.

Right, in which case you no longer "know who promoted whom".

Anyhow, I agree it's useful to distinguish between deleted users, so let's do it.

Type: defect → enhancement

Given that we'll now have deleted users in our DB (is_active=False), we'll need to identify places they should be hidden from.

So far I can only think of one - the Contributors pages. As part of bug 1645044, we should also exclude them from the mentions.

Assignee: nobody → vishnutekale13
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Product: Webtools → Webtools Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: