search

phenopolis / phenopolis_genomics_browser

Python API and React frontend for the Phenopolis Genomics Browser
https://dev-live.phenopolis.org
MIT License
31 stars 2 forks source link

Seems there is no way to delete created users. #352

Closed YuanTian1991 closed 3 years ago

YuanTian1991 commented 3 years ago

Though in theory, only Admin can add user, however, we still need a button to delete from user table. And delete the user-individual relationship table.

pontikos commented 3 years ago

CRUD for "User Management" page needs to implemented

alanwilter commented 3 years ago

Indeed, we don't have an endpoint to delete users. I will create it.

alanwilter commented 3 years ago

I've almost finished it but now I'm starting to think why @priesgo may not have implemented that. He had implemented enable/disable user, perhaps, because we shouldn't delete users. However, I can see the scenario where the user DOES want to quit the service and WANT all his/her related data deleted. For the moment I considered only Admin to DELETE the user but I'd like to hear your opinions on this matter.

pontikos commented 3 years ago

So I know that @IsmailM 's opinion on this is that users shoudl be disabled rather than deleted?

I think @dvarrazzo we can add an extra column to users table, for disabled true/false

Disabled users would not be able to login

alanwilter commented 3 years ago

@pontikos We already have this set:

phenopolis_db=> \d public.users
                            Table "public.users"
     Column     |           Type           | Collation | Nullable | Default
----------------+--------------------------+-----------+----------+---------
 user           | text                     |           | not null |
 argon_password | text                     |           |          |
 enabled        | boolean                  |           |          | false
 registered_on  | timestamp with time zone |           |          |
 confirmed      | boolean                  |           |          | false
 confirmed_on   | timestamp with time zone |           |          |
 email          | text                     |           |          |
 full_name      | text                     |           |          |
Indexes:
    "users_pkey" PRIMARY KEY, btree ("user")
    "users_email_key" UNIQUE CONSTRAINT, btree (email)
    "users_user_key" UNIQUE CONSTRAINT, btree ("user")
Referenced by:
    TABLE "user_pagetable_colname" CONSTRAINT "user_pagetable_colname_user_fkey" FOREIGN KEY ("user") REFERENCES users("user")
Triggers:
    "public.users_audit_trg" AFTER INSERT OR DELETE OR UPDATE ON users FOR EACH ROW EXECUTE FUNCTION audit."public.users_fn"()
pontikos commented 3 years ago

ok then that's easy right? delete user just sets enabled to false? @YuanTian1991 this makese sense right?

pontikos commented 3 years ago

@alanwilter make sure only enabled users can log in

alanwilter commented 3 years ago

Yes, it is designed this way.