feat(server,web): add force delete to immediately remove user #7681
Conversation
web/src/lib/components/admin-page/delete-confirm-dialoge.svelte
Outdated
Show resolved
Hide resolved
samholton
force-pushed
the
feature/add-user-force-delete
branch
from
85bf4d3
to
37474fb
Compare
web/src/lib/components/admin-page/delete-confirm-dialoge.svelte
Outdated
Show resolved
Hide resolved
jrasm91
force-pushed
the
feature/add-user-force-delete
branch
from
cf5a716
to
325a2b1
Compare
|
I added some websocket stuff, and cleaned up a few things. Let me know what you think and I'll probably merge it tomorrow if it looks good to you. |
| Queue user and assets for immediate deletion | ||
| </label> | ||
|
|
||
| <input id="forceDelete" type="checkbox" class="form-checkbox h-5 w-5 color" bind:checked={forceDelete} /> |
There was a problem hiding this comment.
Accidentally deleting a user is still a little too easy in my opinion, even with this extra checkbox. How about requiring an additional email input for permanent deletions, kinda like github does when deleting a repository?
Also the color class doesn't exist
There was a problem hiding this comment.
Alex had this same idea and I think it is a good one. I don't care if it is done now or in a separate pull request.
There was a problem hiding this comment.
I should have time this weekend to work on that - can do it here or in a new PR, doesn't matter to me either. You thinking an input box that appears when you check the box that disables the button until the user id is entered? Or a separate screen like github that shows up after you click delete that then asks you input?
Removed the color class, not sure where I copied that from
There was a problem hiding this comment.
Added the extra input logic for force delete
There was a problem hiding this comment.
Updated screenshots, the force checkbox jumping when enabling it may be a bit disorienting
| @@ -211,11 +218,11 @@ | |||
| </button> | |||
| {/if} | |||
| {/if} | |||
| {#if isDeleted(immichUser)} | |||
| {#if immichUser.deletedAt && immichUser.status === UserStatus.Deleted} | |||
There was a problem hiding this comment.
Deleting a user can fail and will forever be in the removing state with no available actions from the UI. A cancel button would be a solution, but is probably too complex to implement. Maybe we can leave the restore option available?
There was a problem hiding this comment.
It is a little tricky because your can't actually restore the user besides in that error situation. Showing the button right away might be confusing.
| await this.albumRepository.restoreAll(id); | ||
| return mapUser(user); | ||
| return this.userRepository.update(id, { deletedAt: null, status: UserStatus.ACTIVE }).then(mapUser); |
There was a problem hiding this comment.
userRepository.restore becomes unused
There was a problem hiding this comment.
Sweet. We should delete that code then.
There was a problem hiding this comment.
removed and pushed
|
Maybe a admin password for confirmation could be a more secure idea? |
The original intention was more about confirmation than authorization. I believe the GitHub workflow has the confirmation followed by MFA. I haven't actually tried disabling password with my oauth enabled, but could potentially be an issue if you have passwords disabled |
Addresses #1616