User can create a request for deletion/anonymization

[imorland]

Create a 'Data management' section in user settings (/settings)

Should include:

• Opens a modal asking for a brief message (optional) seen by the admin/mod processing the request
• Asks prompt to re-enter password
• Send an email to the user to confirm their email is up-to-date
• Once link in the email is opened, the request is queued for action by admins/mods

[askvortsov1]

Send an email to the user to confirm their email is up-to-date

Do we want this? Isn't it usually enough to verify password?

[katosdev]

This should also send a confirmation email to say “your request has been received” or is that part of confirming that the email is up-to-date?

[imorland]

My thinking here is that (I believe) an email ackowledging final deletion/final anonymization has been completed. Thought it wise to confirm deliverability?

Can also serve as a 'request recieved'

[askvortsov1]

an email ackowledging final deletion/final anonymization has been completed

That's absolutely crucial IMO.

[imorland]

Controller created in #13

[Hona]

Will this be configurable to only allow deanonymizing deletion?

[askvortsov1]

There will be settings in admin to control which modes are enabled.

Could you clarify what you mean by "deanonymizing deletion"?

[Hona]

Hi, @askvortsov1, basically what I mean is when a user deletes their account, we still want to keep the forum history - but I assume their name would have to be removed from the posts?

[askvortsov1]

Anonymization would scramble all the data on the user object, deletion would delete the user instance. In either case, the posts themselves would remain.

[Hona]

Ah - if multiple users anonymize would the 'dummy' usernames (I'm not sure how that would be handled) still appear as separate users - to make it easier to read a past conversation?

[askvortsov1]

Yeah, usernames would be randomly generated, as they have to be unique.

On deletion, it would appear as "deleted user" for all.