Issue status update for http://drupal.org/node/19055 Project: Drupal Version: 4.5.2 Component: node.module Category: bug reports Priority: normal Assigned to: Anonymous Reported by: menesis Updated by: nedjo Status: patch The legal issues of ownership and privacy are important and closely related to the question of deleting users, but maybe the user module isn't the place to deal with them. Rightly or wrongly, these questions won't be of primary concern to everyone. There is already a (contributed) legal.module. Should user.module stick to the mechanics of user deletion and some basic options for what to do with leftover content, as suggested above, and leave any legal enhancements to changes to the legal.module? nedjo Previous comments: ------------------------------------------------------------------------ March 17, 2005 - 10:23 : menesis Attachment: http://drupal.org/files/issues/node_user_delete.diff (507 bytes) When a user is deleted, all nodes which he created can't be accessed anymore, because they have non-existing uid and queries which select from node and user tables fail. There are two ways to fix that: 1) also delete nodes. 2) reset nodes' author to Anonymous. 1 is most probably undesirable side effect. When I encountered such problem I was happy those nodes were still in database and I could bring them back by changing uid. Otherwise I would have lost the content. Here is a simple patch which implements 2) - sets node.uid to 0 (Anonymous). ------------------------------------------------------------------------ March 17, 2005 - 10:34 : chx At this state I strongly -1 the patch. I'd like to see a message about what happened (maybe a number of nodes changed would be nice, too) but this is a minor thing -- mayor is that I feel unpublishing such nodes is a must. Let the admin decide whether it fits her purposes to let other uses see them as Anonymous posts or do something else. ------------------------------------------------------------------------ March 17, 2005 - 10:39 : moshe weitzman when we first implemented deletion of users, we discussed a lot and decided to not delete the whole uid row; we removed the email address and set the users.status = 0. I must have missed the patch which implemented the full deletion from the database. I think full deletion is too dangerous because all nodes and comments will disappear, as you've noted. So my suggestion is to soften the deletion which is found in user_edit() as it used to be. ------------------------------------------------------------------------ April 9, 2005 - 08:20 : Carl McDade How hard would it be to change delete the user but change any content using that users id to first user ownership? This would prevent the house of cards effect. ------------------------------------------------------------------------ April 9, 2005 - 13:04 : Steven We'd need to make every module which stores anything user-related to respond on the user delete event, and then change ownership. It sounds like a large hassle, and I agree with moshe that resetting the e-mail adress and blocking the account is much easier and safer. ------------------------------------------------------------------------ April 9, 2005 - 13:20 : nedjo There are several different actions that might be wanted in different situations. How about a followup page after user deletion providing options, e.g., User [name] had [number] of posts and [number] of comments. What do you wish to do with this content? Action: [] Leave it in its current status. [] Unpublish it. [] Delete it. Unless you delete the content, it should be assigned to a different user. What do you wish to do? [] Assign it to the admin user. [] Assign it to anonymous user. [] Assign it to a different user ________. ------------------------------------------------------------------------ April 9, 2005 - 13:26 : chx I will be a PITA, but there are legal issues, too. If I post something, I will have copyright on it, and the most important is the attribution right which -- if I remember correctly -- is not even transferable. In short, it's a legal minefield if you change a post's author. ------------------------------------------------------------------------ April 9, 2005 - 16:13 : nedjo Good point. It's a bit of a knotty question, isn't it? Seen from another point of view, there are privacy and personal information issues. In my home jurisdiction of British Columbia, Canada, for example, a Personal Information and Privacy Act says that personal information may be kept only with informed concent, must be produced on request, and must be destroyed as soon as it is no longer required. Are the data Drupal logs included here? If so, a deleted user may have a legal right to know that all data kept on them have been likewise deleted. Yet it is often necessary and appropriate to retain information entered by someone no longer on record. A concrete example: The organization I work for maintains a Drupal-based inventory of local food producers. When a departing staff member deleted her user account, I was chagrined to find that all her records (most of what we had) had disappeared. In this case, the data entry was done on work time and belonged to the organization. I revived her work by reassigning it to another user. I'm not sure where this leaves us. Should we consider an "owner" field, distinct from the author? ------------------------------------------------------------------------ April 9, 2005 - 16:39 : chx I see some conflict here. If my private data can not be kept for some reason (yes, Hungarian laws similar) how could I exercise my rights as the copyright holder? We stumbled upon a hornet nest. ------------------------------------------------------------------------ April 9, 2005 - 16:45 : Chris Johnson Keeping an owner (oid) in addition to the author (uid) seems like a major part of the right solution. For author copyrighted work, the owner and author are likely to be the same person. In such a case, either the authored, copyrighted work should be deleted along with the user, or the author should be deactivated but remain so that attribution for copyright can be made. For work owned by someone else as in Nedjo's example of food producers (this is called "work for hire" in the USA, and means the person hiring owns the work, not the author), the owner is different than the author. When the author is deleted, the nodes could be assigned to the owner, or anyone the owner designates. The user interface for accomplishing this is a problem to be solved.