This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Users without 'Delete users' permission can delete themselves #6095
Comments
It’s expected behavior. |
Just out of curiosity... Why is it preferable for Users to be able to delete themselves, even if they don't have Delete User permission? |
I swear there's an amendment for that... Sorry. I'll show myself out. |
Because it’s their own account, they can do what they want with it. |
What about situations where deleting a User could cause a rippling deletion of other content? By deleting themselves, a User could accidentally break site functionality, expunge necessary records, etc. (Theoretically, they could even do this from the front-end by sending a properly formed request, without any explicit UI provided.) |
That’s a risk, yeah. I’ll go ahead and reopen and label this as an enhancement request, for a new user permission. |
Another potential issue which I don't think is covered is an admin deleting themselves if they are the last admin. |
Avatar II: The Last Admin |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Description
Users who do not have the 'delete users' permission can delete themselves. I'm not sure if theis is a bug or feature. A new 'can delete self' permission might be required.
Steps to reproduce
Additional info
The text was updated successfully, but these errors were encountered: