tags:

views:

147

answers:

5
+2  Q: 

Allow users to remove their account

I am developing a gallery which allows users to post photos, comments, vote and do many other tasks.

Now I think that it is correct to allow users to unsubscribe and remove all their data if they want to. However it is difficult to allow such a thing because you run the risk to break your application (e.g. what should I do when a comment has many replies? what should I do with pages that have many revisions by different users?).

Photos can be easily removed, but for other data (i.e. comments, revisions...) I thought that there are three possibilities:

  • assign it to the admin
  • assign it to a user called "removed-user"
  • mantain the current associations (i.e. the user ID) and only rename user's data (e.g. assign a new username such as "removed-user-24" and a non-existent e-mail such as "[email protected]"

What are the best practices to follow when we allow users to remove their accounts? How do you implement them (particularly in Rails)?

+2  A: 

The usual thing to do is instead of deleting them from a database, add a boolean flag field and have it be true for valid users and false for invalid users. You will have to add code to filter on the flag. You should also remove all relevant data from the user that you can. The primary purpose of this flag is to keep the links intact. It is a variant of the renaming the user's data, but the flag will be easier to check.

Kathy Van Stone  2009-06-29 13:40:56
Good idea! Do you think that username must be deleted?
collimarco  2009-06-29 14:06:48
That depends on how they are used. If they are displayed you may want to turn it into something so that the user doesn't feel that their data is still visible (although this can be done when displaying as well). If usernames are unique you will have to take care about changing them to avoid conflicts.
Kathy Van Stone  2009-06-29 14:24:27
+1  A: 

I generally don't like to delete anything and instead opt to mark records as deleted/unpublished using states (with AASM i.e. acts as state machine).

I prefer states and events to just using flags as you can use events to update attributes and send emails etc. in one foul swoop. Then check states to decide what to do later on.

HTH.

James Conroy-Finn  2009-06-29 13:42:54
+5  A: 

I've typically solved this type of problem by having an active flag on user, and simply setting active to false when the user is deleted. That way I maintain referential integrity throughout the system even if a user is "deleted". In the business layer I always validate a user is active before allowing them to perform operations. I also filter inactive users when retrieving data.

Adamski  2009-06-29 13:42:55
Yes, this is a simple approach. But.. what about privacy? The user may complain that you haven't deleted his name, his e-mail, etc. (even if anyone will never see that informations).
collimarco  2009-06-29 14:05:19
You can certainly remove the email and all contact information. The references are what is important. Also, if you do it right, the data will be completely hidden from any outside view.
Kathy Van Stone  2009-06-29 14:25:44
also if you remove all specific data from the user and still want to keep some of the content the user has posted you could use a simple getter method to render "deleted user" and still show the content (if that is ok with your TOS)
ole_berlin  2009-06-29 14:56:23
btw. restful_authentication comes with some handy methods to archieve this behavior. Just use a statefull authentication model and set the state to deleted.
ole_berlin  2009-06-29 14:58:30
+1  A: 

Ideally in a system you would not want to "hard delete" data. The best way I know of and that we have implemented in past is "soft delete". Maintain a status column in all your data tables which ideally refers to the fact whether the row is active or not. Any row when created is "Active" by default; however as entries are deleted; they are made inactive.

All select queries which display data on screen filter results for only "active records". This way you get following advantages: 1. Data Recovery is possible. 2. You can have a scheduled task on database level, which can take care of hard deletes of once in a way; if really needed. (Like a SQL procedure or something) 3. You can have an admin screen to be able to decide which accounts, entries etc you'd really want to mark for deletion 4. A temperory disabling of account can also be implemented with same solution.

In prod environments where I have worked on, a hard delete is a strict No-No. Infact audits are maintained for deletes also. But if application is really small; it'd be upto user.

I would still suggest a "virtual delete" or a "soft delete" with periodic cleanup on db level; which will be faster efficient and optimized way of cleaning up.

Priyank  2009-06-29 13:43:49
What about privacy? The user may complain that you haven't deleted his name, his e-mail, etc. (even if anyone will never see that informations). Do you think I shouldn't care about this? (I know I am too precise ;) )
collimarco  2009-06-29 14:15:21
I know that scenario will occur; however here are few things.1. User would primarily care that data is never shown again to any user and is not used in any way; which anyway won't be because it would be dormant, inactive and unsusable as it won't be displayed anywhere on screen. Do you think Gmail hard deletes your email? No they don't do; there is always an inactive copy which has been used in court rulings several times.2. In case you do want to delete the data actually, I already suggested a hard delete PL/SQL procedure which can take care of it in more efficient and capable manner.
Priyank  2009-06-30 02:43:25
You can run that procedure on a periodic basis without putting any immediate load on system. Such procedures or scripts are good for less traffic hours.
Priyank  2009-06-30 02:44:09
+1  A: 

I would recommend putting in a delete date field that contains the date/time the user unsubscribed - not only to the user record, but to all information related to that user. The app should check the field prior to displaying anything. You can then run a hard delete for all records 30 days (your choice of time) after the delete date. This will allow the information not to be shown (you will probably need to update the app in a few places), time to allow the user to re-subscribe (accidental or rethinking) and a scheduled process to delete old data. I would remove ALL information about the member and any related comments about the member or their prior published data (photos, etc.)

meade  2009-06-29 17:51:20

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.