Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs for disable/delete/anon, need to move to user admin section #7585
docs for disable/delete/anon, need to move to user admin section #7585
Changes from all commits
1f48426
2af33fd
ecaaa9b
ab50ea9
eafdc73
a3b51d7
c85691b
bb03310
e9845c0
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to add something that prevents a user from recreating a disabled account with the same username and/or email.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mheppler Can you talk a bit more about why? Is this the case of a malicious user or something else?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The first bullet here suggests we disable a user account in order to "disable the user's ability to log in to the Dataverse installation"... seems obvious that we don't leave the front door of the house open if we're trying to add a lock to the back door. I don't have a specific use case in mind. I don't see a list of use cases here in the guides, so I can't point to an existing one. Not trying to expand the scope or make more work for anyone. Just making sure we achieve what we set out to do.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mheppler thanks. As a concrete example, you're saying that if I have an account with danny@harvard.edu that gets disabled by an admin, I wouldn't be able to create a new account using danny@harvard.edu?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, email or username, both fields are validated on create to be unique.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just chiming in to make sure I understand. You both seem to be using "builtin" user examples (which is fine) but it applies equally to shib/oauth/oidc. For example, if my ORCID account is disabled on the Dataverse side, I am no longer able to create a Dataverse account using my ORCID account. Instead of a conflict of email addresses (like with builtin users) what's conflicting is the unique identifier within ORCID. Same with Shib (eppn is the unique identifier we use), etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I pushed e9845c0 to reflect my understanding but am not super happy with the phrasing. Feedback welcome.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just wanted to note that currently the
authenticateduserlookup
rows andbuiltinuser
rows (in the case of Builtin users) are also being kept. There has been a suggestion of deleting these rows (which would surely close the door to a "undisable" option in the future) but I haven't explored it at all. I'm getting closer (I hope) to pushing some working code that we can talk about.