[drupal-devel] [bug] deleted users' nodes disappear

nedjo drupal-devel at drupal.org
Sat Apr 9 20:13:21 UTC 2005 

Issue status update for http://drupal.org/node/19055

 Project:      Drupal
 Version:      4.5.2
 Component:    node.module
 Category:     bug reports
 Priority:     normal
 Assigned to:  Anonymous
 Reported by:  menesis
 Updated by:   nedjo
 Status:       patch

Good point.  It's a bit of a knotty question, isn't it?  Seen from
another point of view, there are privacy and personal information
issues.  In my home jurisdiction of British Columbia, Canada, for
example, a Personal Information and Privacy Act says that personal
information may be kept only with informed concent, must be produced on
request, and must be destroyed as soon as it is no longer required.  Are
the data Drupal logs included here?  If so, a deleted user may have a
legal right to know that all data kept on them have been likewise
deleted.
Yet it is often necessary and appropriate to retain information entered
by someone no longer on record.  A concrete example:  The organization I
work for maintains a Drupal-based inventory of local food producers. 
When a departing staff member deleted her user account, I was chagrined
to find that all her records (most of what we had) had disappeared.  In
this case, the data entry was done on work time and belonged to the
organization.  I revived her work by reassigning it to another user.
I'm not sure where this leaves us.  Should we consider an "owner"
field, distinct from the author?


nedjo



Previous comments:
------------------------------------------------------------------------

March 17, 2005 - 10:23 : menesis

Attachment: http://drupal.org/files/issues/node_user_delete.diff (507 bytes)

When a user is deleted, all nodes which he created can't be accessed
anymore, because they have non-existing uid and queries which select
from node and user tables fail.
There are two ways to fix that:
1) also delete nodes.
2) reset nodes' author to Anonymous.
1 is most probably undesirable side effect. When I encountered such
problem I was happy those nodes were still in database and I could
bring them back by changing uid. Otherwise I would have lost the
content.
Here is a simple patch which implements 2) - sets node.uid to 0
(Anonymous).


------------------------------------------------------------------------

March 17, 2005 - 10:34 : chx

At this state I strongly -1 the patch. I'd like to see a message about
what happened (maybe a number of nodes changed would be nice, too) but
this is a minor thing -- mayor is that I feel unpublishing such nodes
is a must. Let the admin decide whether it fits her purposes to let
other uses see them as Anonymous posts or do something else.


------------------------------------------------------------------------

March 17, 2005 - 10:39 : moshe weitzman

when we first implemented deletion of users, we discussed a lot and
decided to not delete the whole uid row; we removed the email address
and set the users.status = 0. I must have missed the patch which
implemented the full deletion from the database. I think full deletion
is too dangerous because all nodes and comments will disappear, as
you've noted. So my suggestion is to soften the deletion which is found
in user_edit() as it used to be.


------------------------------------------------------------------------

April 9, 2005 - 08:20 : Carl McDade

How hard would it be to change delete the user but change any content
using that users id to first user ownership? This would prevent the
house of cards effect.


------------------------------------------------------------------------

April 9, 2005 - 13:04 : Steven

We'd need to make every module which stores anything user-related to
respond on the user delete event, and then change ownership. It sounds
like a large hassle, and I agree with moshe that resetting the e-mail
adress and blocking the account is much easier and safer.


------------------------------------------------------------------------

April 9, 2005 - 13:20 : nedjo

There are several different actions that might be wanted in different
situations.  How about a followup page after user deletion providing
options, e.g., 
User [name] had [number] of posts and [number] of comments.  What do
you wish to do with this content?
Action:
[] Leave it in its current status.
[] Unpublish it.
[] Delete it.
Unless you delete the content, it should be assigned to a different
user.  What do you wish to do?
[] Assign it to the admin user.
[] Assign it to anonymous user.
[] Assign it to a different user ________.


------------------------------------------------------------------------

April 9, 2005 - 13:26 : chx

I will be a PITA, but there are legal issues, too. If I post something,
I will have copyright on it, and the most important is the attribution
right which -- if I remember correctly -- is not even transferable.
In short, it's a legal minefield if you change a post's author.

More information about the drupal-devel mailing list