Everybody should be allowed to delete their account themselves

Bug #1734178 reported by Kristina Hoeppner on 2017-11-23
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cecilia Vela Gurovic

Bug Description

We need to make a series of changes in Mahara to comply with the GDPR. More info is available on the wiki at https://wiki.mahara.org/wiki/Developer_Area/Specifications_in_Development/GDPR_compliance

Currently, only when self-registration is turned on can users delete their account. This should be possible for anyone though also for those from external authentication methods or those that had accounts created manually in institutions where self-registration is not allowed.

Sometimes, institutions may like to keep certain student content (upon agreement) and thus account deletion could not be good if the student hadn't already transferred their content to an area where it can be retained.

Therefore, it might be good to implement a "Review account before self-deletion" option in an institution. This could work the following way:

1. User clicks the "Delete" button and is informed that the admin receives a notification and will need to approve the deletion. They'd also get the general warning that all their content in their personal portfolio area will be deleted but that group content stays, but is not associated with their name anymore.
2. In their account settings page they'll see when they triggered the deletion and if they don't receive a message, can re-trigger it and append a message to the institution admins.
3. The request for deletion triggers a notification to the institution admins (or site admin if there is no institution admin) letting them know about this action. They can then approve the deletion or deny it and provide a mandatory reason so that the student can get in touch with them and discuss the deletion.

Changed in mahara:
assignee: nobody → Cecilia Vela Gurovic (ceciliavg)
Changed in mahara:
status: Confirmed → In Progress

Checking the code I noted that in fact, we have a configuration setting for deleting users.
If we add in config.php
$cfg->alwaysallowselfdelete = true;

we are able to delete any user, even if there is no self-registration enabled in any institution. We can always delete a user but the last admin of the site. But I consider this correct as the admin does not represent a real person but a role in the system.

Now the question is, should we leave the 'alwaysallowselfdelete' and set it to true as default for every new site and upgraded one, or should we remove this configuration?

tags: added: nominatedfeature

Reviewed: https://reviews.mahara.org/8371
Committed: https://git.mahara.org/mahara/mahara/commit/9837f1820c7ba0baad3e8ea2ee68b6fdd9259a95
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit 9837f1820c7ba0baad3e8ea2ee68b6fdd9259a95
Author: Cecilia Vela Gurovic <email address hidden>
Date: Fri Dec 8 14:59:50 2017 +1300

Bug 1734178: allow user to delete own account

added settings

- institution level: reviewselfdeletion
0 if the institution does not require approval
from an admin to delete an account
1 if the institution requires an admin to approve
account deletion requests from users
if not set, it takes the value from the site's

- site level: defaultreviewselfdeletion
(Site options->User Settings -> Review account before self-deletion)
1 if the site's default is requiring approval
null otherwise

Account deletion by a user

when a user accesses to the account settings, a
'Delete account' button is displayed.

This will:
- If the user belongs to an institution that requires
approval (or does not have the settings but the site
requires approval by default)
then a notification will be sent to the admins
of the institutions that require approval that
the user belongs to
- if the user belongs to institutions and none of them
require approval (or does not have the setting
but the site does not require approval by default)
then the account is deleted
- if the user does not belong to any institution
then the action will depend on the setting of
the 'mahara' institution or sites default if
'mahara' doesn't have the setting

Approval by institution admins

An institution admin can see the pending deletion
requests in Admin menu-> Institution -> Pending deletions
After approving/denying a request, the user
that requested the account deletion will receive
a notification

Change-Id: I4ccd9c798cab065ec557eaddf7dfc3a51920b6d0

Robert Lyon (robertl-9) on 2018-02-19
Changed in mahara:
status: In Progress → Fix Committed
Robert Lyon (robertl-9) on 2018-04-05
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers