Remove users

[Didayolo]

Apparently, removing an user from the Django Admin web interface is problematic because all objects (submissions, datasets...) remain. This leads to some problem.

We should try removing using the shell plus, inside the Django container inside the server, to see if this delete everything in cascade.

https://github.com/codalab/codabench/wiki/Administrator-procedures

[Didayolo]

@dtuantran Can you comment on that?

[dtuantran]

Finally, it does not work, the user isn't deleted

[dtuantran]

Last time, I did remove a user from console command line as on Codalab. But we got a error later from a competition without owner. It means it didn't remove the user's competitions.

[ihsaan-ullah]

Users can have option in their profile to delete their account. I can think of the following flow

• User clicks a button in their profile to delete their profile
• User is taken to another page Delete Profile
• User is given a big warning that this action is permanent and it will delete not only the profile but the competition, datasets, submissions etc
• User can see a list of his competitions, submissions etc in that page which will be deleted
• At the end user accepts that he agrees to delete all this material
• Then user is asked for his password, once he enters password and confirm the deletion, all details of this user are deleted

[acletournel]

Is this behavior what we really want ?
The 'remove user' feature specifications should still be discussed. Former discussions show that this is a critical feature.
The privacy and terms of use conditions tells that:

• The contents provided in Codalab competitions is the property of the competition organizers, unless otherwise stated in the competition's terms of use.
• Any material, information, or other communication User transmits or posts ("Communications") to the Codalab competition web sites will be considered non-confidential and non-proprietary and Codalab competitions will be under no obligation of any kind with respect to such information. Université Paris-Saclay will be free to reproduce, make derivative works from, use, disclose, and distribute the Communications to others without limitation. Université Paris-Saclay may provide authorship attribution by mentioning the name of the User, provided that it is communicated to us.

Then, we should distinguish between: user account deletion (means all privacy information), submissions deletion (can have consequences on existing competition material (public submissions...), competitions leaderboard: imagine he is the winner of a competition), competition deletion (why should it be automatically linked to the author deletion: this is not private data).

User deletion (only personal information) ? -> mandatory provision because of RGPD. Very few requests are received on codalab admin mailing account about account deletion. We may not want to have a GUI or API feature for that. If the account is hacked, we might have unwanted user-accounts deleted.

Submissions deletion ? for which typical use-case, given that a submission belong to one's competition, not to one's author. Caution: how to replace user's displayed information if the user is deleted ? Dummy profile ?

Competition deletion ? could be a separated feature still to be specified. Only requestable by the competition organizer itself. Could target all attached competition files, included submissions. The default behavior could be not to delete the attached competitions during a user account deletion.
Caution: how to replace organizer's displayed information if the organizer is deleted ? Dummy profile ?

[Didayolo]

@ihsaan-ullah @acletournel @bbearce

Note: we should add an option to automate account self-deletion.

[Didayolo]

• We'll allow users to delete their account by themselves

When we delete a user:
Keep old email for a certain period of time, to prevent re-creation of accounts
Keep a hash of the email of people to check whether they already used this email
Erase old information:
Remove all profile information
Replace name with Deleted User + hash identifier
Replace email with specific dummy email (emails to that user get sent to trash)

• user delete: they cannot change anything anymore. after deletion
• if they want to do some cleanup they can do before that
• anything but their user profile stays there
• replace user details with unique delete details
• flag the user is deleted
• store hash of email to not allow them create again permanently or for some time

Your account is going to be deleted together with your profile information. Once your account is deleted, all your non personal data (competitions you organized, submissions your made, code, data, or assets) will remain on the platform, but linked to a dummy account. Hence you will not be able to change anything about them. Therefore, we urge you to do any manual cleaning you want BEFORE you delete your account.
Re-creating an account with the same email will not be authorized, unless you write to the administrators with a legitimate reason.

[Didayolo]

@OhMaley

Interface:

• Soit on améliore l'interface Django admin
• Soit on ajoute des boutons "delete" et un field "quota" directement sur la page profil utilisateur. Seuls les administrateurs auraient accès à ces boutons.

Un utilisateur aura donc toujours besoin de nous contacter pour supprimer son compte.
À ce moment là, on peut envoyer un disclaimer:

• Qui précise bien les implications de la suppression
• Qui précise que les participations (compétitions, soumissions, etc.) restent sur la plateforme de façon anonyme
• Il faut donc supprimer préalablement ce qu'on veut supprimer (compétitions, etc.) avant de supprimer le compte et de perdre la main dessus
• Une phrase de confirmation