Handle orphaned nodes and comments from deleted users better and prevent accidental exposure

Problem/Motivation

Drupal sites can allow users to be deleted or even for users to delete themselves. This can sometimes lead to unexpected situations where anonymous users (i.e. the whole internet) are able to view or edit pages on the site which they otherwise shouldn't be able to see.

See also the doc page Deleting users who have written nodes/comments can lead to access bypass.

Workaround

Be cautious when using the "Cancel Account" functionality on /admin/config/people/accounts. The option for "Delete the account and make its content belong to the Anonymous user." may pose a security risk based on the configuration of your Anonymous user permissions.

Steps to reproduce

Proposed resolution

• Handle orphaned nodes/comments more elegantly, and prevent them from getting accidentally exposed for everybody to see
• Write tests to check if it works
• Update the doc page once it's fixed. Deleting users who have written nodes/comments can lead to access bypass

Remaining tasks

User interface changes

Introduced terminology

API changes

Data model changes

Release notes snippet