search

phenopolis / phenopolis_genomics_browser

Python API and React frontend for the Phenopolis Genomics Browser
https://dev-live.phenopolis.org
MIT License
31 stars 2 forks source link

Delete user #352 #353

Closed alanwilter closed 3 years ago

alanwilter commented 3 years ago

DO NOT MERGE!

Let's thing that Admin can soft and hard delete a user.

Soft delete: disable user, data is preserved, but user can't login any longer.

Hard delete (implemented here): user will be completely removed from DB, reversible only by DB backup.

If we're going to use this delete_user endpoint, I'd suggest the frontend to make a double warning about it.

Now, we need to decide whether the own user can delete itself or not. I don't even want to think about GDPR, but I believe it's fair to say that if the user want to leave the service and want to be completely removed from ours DB, then it has this right.

Right now, only Admin can run delete_user api.

netlify[bot] commented 3 years ago

:heavy_check_mark: Deploy Preview for phenopolis-dev ready!

:hammer: Explore the source changes: a3e0f41afc7280e7dc127538335394340df3643f

:mag: Inspect the deploy log: https://app.netlify.com/sites/phenopolis-dev/deploys/60b1266ee4e1090008180cd7

:sunglasses: Browse the preview: https://deploy-preview-353--phenopolis-dev.netlify.app/

pontikos commented 3 years ago

hi @alanwilter i agree user should probably be able to "close" their account which means disable. They can sent request to Admin if they want to hard delete. Hard delete should probably mean deleting all data that belongs to the user as well. E.g all patients that the user uploaded. This may be tricky to implement but we should consider this in the future.

Happy for you to merge if you are happy.