Closed alanwilter closed 3 years ago
:heavy_check_mark: Deploy Preview for phenopolis-dev ready!
:hammer: Explore the source changes: a3e0f41afc7280e7dc127538335394340df3643f
:mag: Inspect the deploy log: https://app.netlify.com/sites/phenopolis-dev/deploys/60b1266ee4e1090008180cd7
:sunglasses: Browse the preview: https://deploy-preview-353--phenopolis-dev.netlify.app/
hi @alanwilter i agree user should probably be able to "close" their account which means disable. They can sent request to Admin if they want to hard delete. Hard delete should probably mean deleting all data that belongs to the user as well. E.g all patients that the user uploaded. This may be tricky to implement but we should consider this in the future.
Happy for you to merge if you are happy.
DO NOT MERGE!
Let's thing that Admin can soft and hard delete a user.
Soft delete: disable user, data is preserved, but user can't login any longer.
Hard delete (implemented here): user will be completely removed from DB, reversible only by DB backup.
If we're going to use this
delete_user
endpoint, I'd suggest the frontend to make a double warning about it.Now, we need to decide whether the own user can delete itself or not. I don't even want to think about GDPR, but I believe it's fair to say that if the user want to leave the service and want to be completely removed from ours DB, then it has this right.
Right now, only Admin can run
delete_user
api.