Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Delete Users #323

Closed
pozylon opened this issue Feb 15, 2021 · 5 comments
Closed

Delete Users #323

pozylon opened this issue Feb 15, 2021 · 5 comments
Assignees
@pozylon
Labels
feature request Suggest an idea for this project
Projects
Open Source development
Milestone
v2.0

Comments

@pozylon
Copy link
Member

pozylon commented Feb 15, 2021
edited

Currently, when a customer wants to remove customer data because of privacy, he needs to overwrite the user with cryptic data because there is no user deletion :)

Actually deleting would have an effect on:

ProductReviews.author
...
@pozylon pozylon added the feature request Suggest an idea for this project label Feb 15, 2021
@Mikearaya
Copy link
Contributor

duplicate of #50

@pozylon pozylon mentioned this issue Jul 28, 2021
Open
@pozylon
Copy link
Member Author

pozylon commented Jul 28, 2021
edited

The solution we are proposing regarding that matter will be the introduction of a user delete method and mutation which will essentially:

  • Mark user as deleted
  • Keep userId
  • Anonymize the e-mail with userID@deleted.unchained.local
  • Remove all optional profile data, overwrite all existing required profile data
  • Remove all tokens, remove IP information etc.

That way we still have an auditable system and no broken order histories, product reviews etc.

@pozylon pozylon self-assigned this Jul 28, 2021
@pozylon
Copy link
Member Author

pozylon commented Oct 13, 2021

Okay, after discussion with @Mikearaya we do this in 2 steps:

  1. Phase: Simple Deleted Flag
  • Keep User as is with all data, but set DELETED status
  • Rename e-mail to e-mail@deleted_(random-hash).unchained.local
  • Rename username to username-deleted_(random-hash).
  • Add simple button to controlpanel to trigger that mutation
  • Change inner working of unchained to always skip deleted users when querying and restrict userId as input to check for deleted status
  • Expose status in GraphQL API on User entity to everybody (public)
  1. Phase: Right to Forget
  • Extend User query to get removed users
  • A special button for removed users to remove them completely
  • Requirements not clear yet: completely erase all private data? anonymize? how?
  • Will lead to change of historic data maybe
  1. Phase: Tackle other Main data with deletion flags
  • Countries
  • Currencies
  • Languages
  • (Assortments)
  • ((Filters))

@pozylon pozylon added this to the Unchained 1.0 milestone Jan 26, 2022
@pozylon pozylon modified the milestones: Unchained 1.0, v1.1 Feb 25, 2022
@pozylon pozylon modified the milestones: v1.2, v2.0 Jul 14, 2022
@pozylon
Copy link
Member Author

pozylon commented Dec 8, 2022

Due to the fact that most users have additional data stored on the user and 3rd party collections, a permanent removal of a user doesn't make sense by default. Right to forget (GDPR) rules should be enforced by custom implementations that cover all the data that is potentially containing personal data.

@pozylon
Copy link
Member Author

pozylon commented Dec 8, 2022

A simply soft deletion for users is implemented now

@pozylon pozylon closed this as completed in 0c1db83 Dec 8, 2022
Open Source development automation moved this from To do to Done Dec 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pozylon pozylon

Labels
feature request Suggest an idea for this project
Projects
Open Source development
Done
Roadmap
Archived in project
Milestone
v2.0
Development

No branches or pull requests
2 participants
@pozylon @Mikearaya