Design concept for deleting users (or organisations)

[tillmo]

Should deletion be possible at all? If yes, should all repos deleted as well, or should the user remain in the database and just be deactivated? If the former, then how to handle dangling references into deleted repos?

[eugenk]

I think deletion should be possible. I suggest:

• If a user wants to delete their own account, there must not be any repositories left in their namespace. Not even the ones that are scheduled for deletion.
• Any admin of a repository can schedule a deletion of the repository.
• When an admin of a repository schedules a deletion, the repository is marked scheduled_for_deletion for a day and is not listed any more in the API (except for its admins). All admins of the repository are notified via email about the deletion. Only admins of the repository can see it and unschedule the deletion. The actual deletion happens asynchronously after a day.

[phyrog]

Github also has the restriction that a user cannot be deleted if the user is an admin of an organization. We could also restrict this restriction to the last admin.

[tillmo]

Also, the last admin should not be able to degrade him/herself to a non-admin.