consider preserving conversation history when users are deleted #1040
Comments
|
When deleting something, I believe it's important that it is done consistently across experiences. If we preserve associations under some circumstances, that could make behavior more difficult to reason about and explain ("I re-installed the Client as you told me to and now all these replies are showing up with deleted authors"). IMO the better way to avoid off-boarding issues is to support a "lock account" feature on the server-side. We support quasi-locking an account by rotating creds, but that still allows a user to log in. If we supported locking, we could recommend this in most circumstances over deletion. User deletion would then be only recommended if admins truly want a user's information to be removed. |
|
Issue needs to be updated to reflect recent changes - the locked account approach seems workable but would need server-side changes. |
Related to freedomofpress/securedrop#5178
During the metadata sync, if we get updated information about the journalist associated with a given reply, we overwrite that on the client-side. This means that when a journalist user is deleted, we reassociate any of their replies to the
deletedplaceholder user row. It would be nice if we already have information stored locally about who sent a given reply in the client database to preserve that when the journalist user is deleted on the server. In that scenario we might want to display in the UI some indicator that the user was deleted.For example, for a client database with the following users:
We might have the following replies:
where reply 5 "teehee" was sent by
dellsberg. Ifdellsbergis deleted, then after sync we have:The reply is still in the local database, but it's now associated with the
deletedsource. This is fine, but it would be nice to preserve thatdellsbergsent that reply.The text was updated successfully, but these errors were encountered: