chris48s
commented
7 years ago Does this also mean that if a user who doesn't have an account on morph commits to a scraper repository (e.g: readme edit), morph will silently create an account for them?
Open henare opened 7 years ago
chris48s
commented
7 years ago Does this also mean that if a user who doesn't have an account on morph commits to a scraper repository (e.g: readme edit), morph will silently create an account for them?
henare
commented
7 years ago I think so @chris48s - it mirrors what's happened on GitHub.
chris48s
commented
7 years ago I suspected that would be the case. I can see exactly how/why it works like that.
Perhaps what it really means when someone requests their account on morph to be 'deleted' isn't so much about whether their GH username is in the users table or not, but whether morph has the ability to create repos + commit to them on their behalf: Perhaps the instructions for account 'deletion' are that the user should revoke morph's authorization in their GH authorized OAuth apps?
Maybe it is also possible to look at the GH Apps developer guidance, or how other similar GH-connected apps handle this..
We've had a couple of requests from people to delete their account. So far we've just done that manually from the console. It would be best if people could delete their own accounts, or at least that admins had the ability to do it easily and without needing to use the Rails console.
I think we don't currently have the ability because if someone has been an active user of morph then their user account is potentially linked to other things (orgs, scrapers, watches) and we don't understand the implications of deleting them or we haven't make the choices about what should happen.
For example I think currently if we delete a user that has contributed to a scraper then the next time a scraper refreshes its contributors then it will recreate the user!
https://github.com/openaustralia/morph/blob/b87cc5bbc15ab1df64cd6e954fbe71c227b2e298/app/models/scraper.rb#L140-L144