Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Right to be forgotten for users #2672

Closed
iamleeg opened this issue Apr 19, 2022 · 1 comment
Closed

Right to be forgotten for users #2672

iamleeg opened this issue Apr 19, 2022 · 1 comment
Assignees
@abhidg
Labels
DPIA P0: Critical path blocker Blocking testing or the launch critical path, drop everything to investigate & fix
Milestone
1.12 Oberon

Comments

@iamleeg
Copy link
Contributor

iamleeg commented Apr 19, 2022
edited
Loading

If someone wants their personal information removed, we should be able to do so within 30 days of the request. I suggest we have something like the stackoverflow "Community User" to take over ownership of any sources, uploads etc. associated with deleted users.
@iamleeg iamleeg added this to the Devi milestone Apr 19, 2022
@iamleeg iamleeg added the DPIA label Apr 19, 2022
@joe-brilliant joe-brilliant modified the milestones: Devi, Agnes Apr 29, 2022
@abhidg abhidg self-assigned this May 5, 2022
@abhidg
Copy link
Contributor

abhidg commented May 5, 2022

Will start by adding a delete user button to the admin console page. I don’t think sources have associated users, for cases it will be trickier as it would potentially mean updating millions of cases (in theory, in practice, there are no user uploads to G.h at the moment), so we could keep a one-off script for that.

@jim-sheldon jim-sheldon added the P0: Critical path blocker Blocking testing or the launch critical path, drop everything to investigate & fix label May 17, 2022
iamleeg added a commit that referenced this issue May 24, 2022
@iamleeg
Let the curator API return a null username #2672
51a085f 
At some point, the Google OAuth provider has changed from not
returning a name at all (i.e. undefined) to returning null for
a name. Because this can be stored in the database, it produces
500 errors when viewing the user table (even though the curator
UI could correctly handle any falsey value for the name).

This change documents that the name is nullable, allowing the
null to be passed through and correctly interpreted by the UI.
iamleeg added a commit that referenced this issue May 25, 2022
@iamleeg
Correct type for user name in UI #2672
898ead8
iamleeg added a commit that referenced this issue May 25, 2022
@iamleeg
UI for deleting users cribbed from UI for deleting cases #2672
b80e089
iamleeg added a commit that referenced this issue May 25, 2022
@iamleeg
Define 401 Forbidden response in OpenAPI #2672
e9d8a3d
iamleeg added a commit that referenced this issue May 25, 2022
@iamleeg
Fix test setup for user deletion #2672
300653d 
The register endpoint logs in the created user, so the last created must be an admin for delete to work.
iamleeg added a commit that referenced this issue May 25, 2022
@iamleeg
Define 401 Forbidden response in OpenAPI #2672
2dc771b
iamleeg added a commit that referenced this issue May 25, 2022
@iamleeg
Fix test setup for user deletion #2672
81e6a86 
The register endpoint logs in the created user, so the last created must be an admin for delete to work.
iamleeg added a commit that referenced this issue May 25, 2022
@iamleeg
Let the curator API return a null username #2672
04cc3b7 
At some point, the Google OAuth provider has changed from not
returning a name at all (i.e. undefined) to returning null for
a name. Because this can be stored in the database, it produces
500 errors when viewing the user table (even though the curator
UI could correctly handle any falsey value for the name).

This change documents that the name is nullable, allowing the
null to be passed through and correctly interpreted by the UI.
iamleeg added a commit that referenced this issue May 25, 2022
@iamleeg
Correct type for user name in UI #2672
6913801
iamleeg added a commit that referenced this issue May 25, 2022
@iamleeg
UI for deleting users cribbed from UI for deleting cases #2672
49b3073
iamleeg added a commit that referenced this issue May 25, 2022
@iamleeg
Log out if user deletes their own account #2672
f649d21
iamleeg added a commit that referenced this issue May 26, 2022
@iamleeg
Let the curator API return a null username #2672
48471be 
At some point, the Google OAuth provider has changed from not
returning a name at all (i.e. undefined) to returning null for
a name. Because this can be stored in the database, it produces
500 errors when viewing the user table (even though the curator
UI could correctly handle any falsey value for the name).

This change documents that the name is nullable, allowing the
null to be passed through and correctly interpreted by the UI.
iamleeg added a commit that referenced this issue May 26, 2022
@iamleeg
Correct type for user name in UI #2672
d8122b1
iamleeg added a commit that referenced this issue May 26, 2022
@iamleeg
UI for deleting users cribbed from UI for deleting cases #2672
c5f7d8b
iamleeg added a commit that referenced this issue May 26, 2022
@iamleeg
Log out if user deletes their own account #2672
996db5c
@joe-brilliant joe-brilliant modified the milestones: Agnes, Oberon Jun 7, 2022
@abhidg abhidg closed this as completed Oct 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abhidg abhidg

Labels
DPIA P0: Critical path blocker Blocking testing or the launch critical path, drop everything to investigate & fix
Projects
None yet
Milestone
1.12 Oberon
Development

No branches or pull requests
4 participants
@abhidg @iamleeg @jim-sheldon @joe-brilliant