-
-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deleted users keep the roles they had #3937
Comments
I strongly recommend to always use uuids as user ids, so they are unique. It is too difficult to find and remove a user's local roles everywhere in a large site. |
Or never delete a user. Plone misses a user "disable" checkbox. It could be an useful feature, for example to deny user to log in without changing the user password or deleting the user. |
This is what I would do in systems where the user was an employee and history of their activity must be retained. In some countries for certain websites, if a user requests permanent deletion of their data, the presiding law requires deletion. The GDPR is one example: https://gdpr-info.eu/art-17-gdpr/ |
@stevepiercy Good point, but in that case I think it would be best to delete all personally identifiable information but still keep the userid so it cannot be reused. Another good reason for uuid-based userids. |
@yurj I agree, that would be a useful feature and I have wanted it from time to time. |
BUG/PROBLEM REPORT (OR OTHER COMMON ISSUE)
When we delete a user and create him again with the same username, he keeps the roles he had before.
What I did:
What I expect to happen:
New user has no roles.
What actually happened:
The new user has the role of Editor.
What version of Plone/ Addons I am using:
Plone 6.0.10 (6021)
CMF 3.3
Zope 5.9
Python 3.11.8 (main, Feb 13 2024, 10:25:57) [GCC 10.2.1 20210110]
PIL 9.5.0 (Pillow)
WSGI: On
Server: waitress 2.1.2
The text was updated successfully, but these errors were encountered: