Add confirmation prompt when trying to delete user

[leonklingele]

When deleting a user via the user settings there is no confirmation prompt. Instead, the user is deleted and a "revert" button is shown for a few seconds.

Why the current behaviour is flawed: Imagine losing Internet connectivity right after accidentally clicking the delete button: The user gets nuked 👎

[MorrisJobke]

cc @nextcloud/designers

[MorrisJobke]

Why the current behaviour is flawed: Imagine losing Internet connectivity right after accidentally clicking the delete button: The user gets nuked 👎

Not really. We only send the "Deleted request" after some seconds. So if you loose internet connection the user will not be deleted.

[leonklingele]

I can think of thousand other scenarios where this implementation will cause accidental user deletion. This 'revert' bubble is simply too small. Dangerous actions like user deletion should only be done after an explicit confirmation, e.g. by typing in the user name.

Let's see what others have to say.

[MariusBluem]

I agree with @leonklingele

[ickennio]

@leonklingele @MariusBluem Would be great to have a confirmation. Best would be with password. Also a checkbox would be great if you want delete more users in one task.

[MorrisJobke]

cc @jancborchardt

[stefan-niedermann]

i like the approach to type in the username. e.g github does the same on massive-destructable actions like deleting a repository.

[MariusBluem]

@stefan-niedermann Nice idea. But this may break the user experience ... think about deleting multiple users - with UIDs as username ... copy n' paste?

[ickennio]

Checkbox for multiple users Captcha Code showing if you want delete the users Emergency restore for users (30days) trash cache @MariusBluem @stefan-niedermann

[MorrisJobke]

Emergency restore for users (30days) trash cache @MariusBluem @stefan-niedermann

If we could restore users for 30 days there would be no need for a modal dialog. ;)

[stefan-niedermann]

deleting multiple useres does not happen this much imho. we could display a string literal message e.g. (confirm by typing delete all) - depending on the language of course. this is better than a captcha since you are interrupted from the workflow to think about it twice and the topic stays the same (deletion, not a non-related math work or random characters).

[maxhq]

With Nextcloud 14 the problem is even more severe: there is no "Undo" popup anymore. Deleting the user also deletes all the data, shared files etc. It is a huge amount of work to restore it all...

[MorrisJobke]

With Nextcloud 14 the problem is even more severe: there is no "Undo" popup anymore. Deleting the user also deletes all the data, shared files etc. It is a huge amount of work to restore it all...

cc @skjnldsv

[skjnldsv]

Yes, because everything is behind a three dote menu, that means you cannot click accidentally to delete a user. BUT I agree that such hard action should probably have another feedback. The previous undo button was just a delay and was breaking/broken since it was slowing down the page and preventing the removal and undo of multiple users. Two options here:

1. undo (delay)
2. prompt

Since we already have a two-step-action for deletion, I'll suggest we go for a countdown before sending the request and disable the whole line. What do you think @jancborchardt ?

[jancborchardt]

Since we already have a two-step-action for deletion, I'll suggest we go for a countdown before sending the request and disable the whole line.

I don’t really know what that means. Is it showing people an "Undo" action for ~7 seconds? If so then yes let’s do it. :+1:

you cannot click accidentally to delete a user

Everything happens. ;)

[skjnldsv]

@jancborchardt we did this before, it was a terrible behaviour (the way it is implemented, the concept itself is very nice!) We used the notifications before and it was not really great!

@jancborchardt what kind of UX do you expect for that? Change the delete entry on the popover to a cancel one? Add a countdown somewhere? :)

[jancborchardt]

Another way we could do it is similar to how Github handles destructive actions like repository deletion: Show a blocking modal, where you are prompted to put in the name of the repository to confirm. We could do the same, but with putting in the username.

The questions is if this is ok for people when they need to delete a lot of users. But for that we should probably have multiselect anyway, and then we can have the same kind of modal dialog, except putting in the individual names you have to type "Delete the selected users" to confirm.

[skjnldsv]

Yeah, probably a bit too hard? We already have a hidden button in a popover, so clicking on the delete one is already pretty bad luck :)

[jancborchardt]

We already have a hidden button in a popover, so clicking on the delete one is already pretty bad luck :)

This stuff happens all the time. There should always be error prevention. And especially for the future we never know which kind of other actions are in this menu.

[tehZevo]

I tend to test "delete user" buttons on new software I try out. I was very concerned when NC (17) didn't offer a confirmation dialog or "undelete" option. I'm going to avoid that 3-dot menu like the plague until this is resolved :(.

[juliusknorr]

Fixed by https://github.com/nextcloud/server/pull/17785 for Nextcloud 18