This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Users without 'Delete users' permission can delete themselves #6095
Comments
|
It's expected behaviour:
|
|
It’s expected behavior. |
|
Just out of curiosity... Why is it preferable for Users to be able to delete themselves, even if they don't have Delete User permission? |
I swear there's an amendment for that... Sorry. I'll show myself out. |
|
Because it’s their own account, they can do what they want with it. |
|
What about situations where deleting a User could cause a rippling deletion of other content? By deleting themselves, a User could accidentally break site functionality, expunge necessary records, etc. (Theoretically, they could even do this from the front-end by sending a properly formed request, without any explicit UI provided.) |
|
That’s a risk, yeah. I’ll go ahead and reopen and label this as an enhancement request, for a new user permission. |
brandonkelly
added
enhancement
Another potential issue which I don't think is covered is an admin deleting themselves if they are the last admin. |
|
Avatar II: The Last Admin |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Description
Users who do not have the 'delete users' permission can delete themselves. I'm not sure if theis is a bug or feature. A new 'can delete self' permission might be required.
Steps to reproduce
Additional info
The text was updated successfully, but these errors were encountered: