While looking at some user related bugs, I've found like half a dozen open issues related to the way blocked or deleted user accounts are handled.

I think we must address this issue in a consistent way at once.

Some of the related issues are:
- http://drupal.org/node/51415, forum topic does not show up in forum index...
- http://drupal.org/node/8, let a user delete its own account
- http://drupal.org/node/45308, Content attempts to display if user deleted
- http://drupal.org/node/23929, n/a after deleting a user
- http://drupal.org/node/974, Deleted users show in who is online block
- http://drupal.org/node/41144, Viewing/Editing/Deleting non-existent users

And there are some others, like watchdog entries related to deleted users not showing and similar things.

Everything in Drupal has some related user, and half of it seems not to work properly anymore when you delete the related user.

So, first of all, we should decide what happens when a user is deleted. Do we delete all related content -like the user module advertises but it doesn't happen-? What happens with the logs, other user's posts that depend on this user's content -replies, etc...-. Should a user be able to delete his/her own account, and then delete all related posts? Do we need some more permissions for that?

CommentFileSizeAuthor
#8 user_delete_3_0.patch5.1 KBZen
#6 53348_deleted_users2anonymous.patch3.68 KBJose Reyero
#4 deleted_users.patch15.88 KBJose Reyero
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

moshe weitzman’s picture

moshe weitzman CreditAttribution: moshe weitzman commented

we can fix up all these problems by not actually deleting the uid. IMO, when a user account is deleted we should delete everyhting but the uid and the name and set status to blocked.

drumm’s picture

drumm
he/him
Location NY, US
CreditAttribution: drumm commented

I don't think this should be changed for 4.7. It was how it is for 4.6 and earlier, we can survive another release.

I think this needs to be flexible and simple. There definately are different types of user deletions. Such as spammer and cleaning out old accounts. On the deletion screen there should be a small number of good choices for what to do with the various stuff. Anything deleted should probably have some way of saying user deleted, such as threaded comments.

Dries’s picture

Dries CreditAttribution: Dries commented

As an interim fix, and along the lines of what Moshe suggested, you can just block users, rather than deleting them.

I _really_ want to properly delete users though; I don't like Moshe's suggestion because I don't like to clutter my database with redundant data/records.

I don't think there is an easy fix because there will be various use cases, and a such, it will take a setting or two to define the behavior. (Example: some people will want to delete a deleted user's posts, others will want to reassign it to the anonymous user.)

I'd have to re-investigate the various bug reports to see how feasible such approach is.

Jose Reyero’s picture

Jose Reyero CreditAttribution: Jose Reyero commented
Status: Active » Needs review
FileSize
deleted_users.patch15.88 KB

This patch partially addresses this problem. It doesn't make any assumption on what happens with deleted user's content, but it handles nicely the case where there's content in the database belonging to a deleted user.

What it does:
-----------------
- Deleted users will show as 'Anonymous' to everyone but for users with the 'administer users' permission. These latest ones will see 'deleted user uid'.
- Removes the message 'Deleting a user will remove all their submissions as well' from the delete user confirmation page, which happens to be not true.
- As a side effect this patch fixes also the case in node revisions where 'author' has changed from one version to another. It will show the user in revisions table not in node table.
-----------------

For this, I've just replaced all the queries selecting content inner joins with user table with outer joins and patched 'theme_username' in theme.inc.

Patched queries -- I searched for 'JOIN {users}' through all Drupal
------------------------------------------------------------------------------------
watchdog: 2, all patched
node: 5, all patched
comment 8, all patched
forum 1 with two joins, patched both
node 5, all patched
tracker 2, patched 1 -- no tracker for deleted users
statistics 5, patched 1 -- the remaining were outer joins
blog.module 2, pathced 1 -- no blog for deleted users, but exising blogs show up in recent

killes@www.drop.org’s picture

killes@www.drop.org CreditAttribution: killes@www.drop.org commented

Changing INNER to LEFT will slow down queries and this needs some benchmarking. Can't we just transfer all content to anonymous and be done?

Jose Reyero’s picture

Jose Reyero CreditAttribution: Jose Reyero commented
FileSize
53348_deleted_users2anonymous.patch3.68 KB

Ok, here's the patch following Gerhard's suggestion.

I like more the previous one, but I agree it may have performance impact, and anyway it's too big this late in the development cycle.

Zen’s picture

Zen CreditAttribution: Zen commented

I haven't checked all the modules to see if this is already being addressed, but the set_to_anonymous patch should ensure that all tables with uids are addressed. For e.g. the current patch doesn't update node_comment_statistics (which leads to the last comment by a deleted user issue in the critical queue right now). Similarly, poll, profile and other modules might need to be taken care of appropriately. The delete block in user.module should also probably clear the history table along with the others already in there atm.

Thanks,
-K

Zen’s picture

Zen CreditAttribution: Zen commented
FileSize
user_delete_3_0.patch5.1 KB
  • accesslog - updates to uid 0 - Jose.
  • authmap - deletes rows belonging to uid - Drupal
  • comments - updates to uid 0 - Jose
  • history - will be cleared by cron - Drupal
  • node - updates to uid 0 - Jose
  • node_revisions - updates to uid 0 - Jose
  • node_comment_statistics - updates last_comment_uid to 0 - me
  • poll_votes - updates to uid 0 - me
  • profile_values - deletes rows from profile_values belonging to uid - me
  • sessions - deletes rows belonging to uid - Drupal
  • users - deletes rows belonging to uid - Drupal
  • users_roles - deletes rows belonging to uid - Drupal
  • watchdog - will eventually be cleared by cron - Drupal

A test delete resulted in the following queries.

0.55		user_edit	DELETE FROM users WHERE uid = 4	
0.4		user_edit	DELETE FROM sessions WHERE uid = 4	
0.52		user_edit	DELETE FROM users_roles WHERE uid = 4	
0.32		user_edit	DELETE FROM authmap WHERE uid = 4	
0.55		list_themes	SELECT * FROM system WHERE type = 'theme'	
9.88		watchdog	INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (1, 'user', 'Deleted user: <em>test1</em> <em><test1@blahblah.com></em>.', 0, '', '/~karthik/projects/cvs/drupal/?q=user/4/delete', 'http://castor/~karthik/projects/cvs/drupal/?q=user/4/delete', '10.0.0.4', 1143366419)	
6.93		node_user	UPDATE node SET uid = 0 WHERE uid = 4	
12.38		node_user	UPDATE node_revisions SET uid = 0 WHERE uid = 4	
1.64		watchdog_user	UPDATE watchdog SET uid=0 WHERE uid=4	
0.39		comment_user	UPDATE comments SET uid = 0 WHERE uid = 4	
4.4		comment_user	UPDATE node_comment_statistics SET last_comment_uid = 0 WHERE last_comment_uid = 4	
0.32		poll_user	UPDATE poll_votes SET uid = 0 WHERE uid = 4	
0.19		profile_user	DELETE FROM profile_values WHERE uid = 4	
0.2		statistics_user	UPDATE accesslog SET uid = 0 WHERE uid = 4

I dunno what list_themes is doing there :S

I also fixed some code style issues and reworked the confirmation message.

-K

chx’s picture

chx CreditAttribution: chx commented
Status: Needs review » Reviewed & tested by the community

enabled all modules, created and deleted a user. Works as advertised. i also read the code and found it OK.

killes@www.drop.org’s picture

killes@www.drop.org CreditAttribution: killes@www.drop.org commented
Status: Reviewed & tested by the community » Fixed

applied. Yay for simplicity.

Anonymous’s picture

(not verified) CreditAttribution: commented
Status: Fixed » Closed (fixed)
brisbanett’s picture

brisbanett CreditAttribution: brisbanett commented
Version: x.y.z » 6.0-rc1

ok for all us newbies

2006 - now is 2009 drupal 6 installation I'm still getting pink n/a and I think its the same problem..

Ive never used a patch - do I just copy paste it into the file mentioned?

s.Daniel’s picture

s.Daniel CreditAttribution: s.Daniel commented
Version: 6.0-rc1 » 6.14
Priority: Critical » Normal
Status: Closed (fixed) » Active

Setting uid to 0 makes Node not accessible via Drupal user interface in some cases.
This doesn't happen with normal Drupal install but since the error is related to the drupal standard behavior I am posting here until I know a better place.

I have one i18n site with several modules installed where everything was running smoothly until I deleted old editor accounts. A few days later I realized that the content of the editors was not accessible any more (404). not via alias not via node/x not via node/x/edit, not for user 1. Menu items still appeared.
I found out that the content was still in the database and could get it back via SQL but that’s obviously not an option for everyone.
Unfortunately I can't recreate the error on a fresh Drupal install (tried installing i18n and cck as well). So maybe someone can advise me to track the bug a bit better.

Status: Active » Closed (outdated)

Automatically closed because Drupal 6 is no longer supported. If the issue verifiably applies to later versions, please reopen with details and update the version.