You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We had the following happen on our Engelsystem instance:
Team member who also had admin access was integral to our shift planning created lots of shifts from their account
Team member left the team and deleted their account using the admin account
all the shifts they've created are gone, leading to mayhem in our shift planning
It took us a while to figure out where all the shifts had gone until we made the connection.
I'm assuming no malicious intent on the leaving team members' side. When I reproduced the error on my local instance, I noticed that the error message was somewhat ambiguous – I would've interpreted "including all his shifts and every other piece of his data" as the shifts they've applied to not as the shifts they've created too.
Imo, a quickfix would be to reword the "Do you really want to delete the user" message to make this side effect more clear, for example:
Deleting this user will not only delete their personal data, but also the changes they've made to the system, e.g. shifts or locations they have created.
Are you sure you want to do this?
However, ideally, I think it'd be better to offer the user two choices:
migrate the content they've created and just delete their personal account (e.g. if they're just leaving)
delete the user and their content (e.g. if they've acted maliciously)
I'd be happy to open a PR for the quickfix. The more intricate version is probably outside of my skillset.
The text was updated successfully, but these errors were encountered:
Thats a valid point and the option to "move shifts to current user" (and a checkbox to not do so thus deleting them too) would be my preferred solution here as its imho the cleanest.
We had the following happen on our Engelsystem instance:
It took us a while to figure out where all the shifts had gone until we made the connection.
I'm assuming no malicious intent on the leaving team members' side. When I reproduced the error on my local instance, I noticed that the error message was somewhat ambiguous – I would've interpreted "including all his shifts and every other piece of his data" as the shifts they've applied to not as the shifts they've created too.
Imo, a quickfix would be to reword the "Do you really want to delete the user" message to make this side effect more clear, for example:
However, ideally, I think it'd be better to offer the user two choices:
I'd be happy to open a PR for the quickfix. The more intricate version is probably outside of my skillset.
The text was updated successfully, but these errors were encountered: