What should happen when a (person) user should no longer have access?

Open hmpf opened this issue 5 years ago • 2 comments

If we hard-delete the user, the events and acks made by that user will also disappear.

If a user has lost their Feide-account, they can no longer log in with Feide. But there are also local accounts.

Another possibility is to use the "is_active"-flag: logging in is allowed as long as is_active is True. We might have to check that this is currently honored in that case.

Oct 19 '20 10:10 hmpf

the is_active flag on the user model was created for this exact purpose: I second using this solution.

Oct 19 '20 12:10 lunkwill42

#1449 makes it easy to toggle is_active from CLI.

May 20 '25 12:05 hmpf

We do not delete users, only set them as is_active = False.

If GDPR-delete needed, erase info from the user row instead of hard delete.

Aug 04 '25 08:08 hmpf