Feature #1572
openDelete Users and automatically ticket change
0%
Description
1) In order to free the username for other users administrators should be allowed to find inactive users and delete them.
2) Normal users should be allowed to deactivate their own account.
2.1) New issues can't be accidently assigned to unactive members. This will prevent email spam for users, who have quit to work on a project, but are still registred on the site.
3) To boost flexibility registred users should also be allowed to delete their own account. 3.1) All unclosed issues of deleted users will change to the default pause status e.g. "On-Hold".
Related issues
Updated by Thomas Lecavelier over 16 years ago
- Assignee deleted (
Jean-Philippe Lang) - Target version deleted (
0.8)
The target version field has to be set when it will actually part of the target release.
Updated by Chris Miller over 16 years ago
- Target version set to 0.9.0
Thomas Lecavelier wrote:
The target version field has to be set when it will actually part of the target release.
I see no reason this can't be done in 0.9. It's really needed - right now the only way to truly obliterate the trace of bots that have registered themselves is to go through the SQL database yourself - not fun.
Updated by Chris Miller over 16 years ago
Just for your information so you can work around it, I figured out a few SQL queries to help you manually delete people from your database (MySQL). This is best done from a shell.
Get a list of all users and their ID. I suggest you delete by ID, since that's far less likely to mess things up.
SELECT id, login FROM users;
Test the ID just to be sure, otherwise you could accidentally delete the wrong user!
SELECT id, login FROM users WHERE id = #;
Finally, be careful when you do this!
DELETE FROM users WHERE id = #;
Updated by colin moock over 15 years ago
sorry, that previous comment should have been:
+1 (killing spam users is an important issue for us)
is there a way to edit your own comment?
Updated by Antoine Beaupré almost 15 years ago
Just clearing up the user table may not be a good idea, if the user has been in use for a while. There are entries keyed on the userid in a bunch of other tables.
If the user has not logged in or did anything, the following tables need to be cleared:
- tokens (user_id)
- user_preferences (user_id)
On top of that, a user id may also be found in the following tables:
- attachements (author_id)
- changesets (user_id)
- groups_users (user_id)
- issues (assigned_to_id, author_id)
- issue_category (assigned_to_id)
- journals (user_id)
- members (user_id)
- member_roles (member_id)
- messages (author_id)
- news (author_id)
- queries (user_id)
- time_entries (user_id)
- watchers
- wiki_contents (author_id)
- wiki_content_versions (author_id)
Looks like it would be quite messy to cleanup all this stuff. For example: what do we do with an issue owned by a deleted user? Do we revert back to anonymous?
I'm not sure that deleting the users is a good idea.
Updated by colin moock almost 15 years ago
"I'm not sure that deleting the users is a good idea."
--
please don't let implementation considerations obscure the actual issue here: spam bots are registering users in redmine projects all over the world, and redmine owners have no way to delete them. we have over 100 spam users in our db now. we need a way to delete them.
Updated by Eric Cope almost 15 years ago
If assigned tasks, etc. are the only issue, a step for deleting users should be to reassign all related data to another user, an administrator for example.
Updated by Ben Blanco over 14 years ago
+1 We have the same problem, and have been manually cleaning the SQL DB since 0.7x
Maybe this could be split into two mini-features:
- Add
Delete
choice to the Registered page view (today the only option remains: Activate) - Add
Delete + Reassign Issues/Wiki edits/etc...
on the Locked page view
In this case, the higher priority, and likely easier to do, would be on the Registered page.
Updated by Ivan Zotov over 14 years ago
Deleting users ( simply from DB ) works normal. Issues change field "assigned to" to "---".
Updated by Ivan Zotov over 14 years ago
In shotgun software it is works same. ( shotgunsoftware.com )
Updated by Mark Anderson almost 14 years ago
Ben Blanco wrote:
+1 We have the same problem, and have been manually cleaning the SQL DB since 0.7x
Maybe this could be split into two mini-features:
- Add
Delete
choice to the Registered page view (today the only option remains: Activate)- Add
Delete + Reassign Issues/Wiki edits/etc...
on the Locked page viewIn this case, the higher priority, and likely easier to do, would be on the Registered page.
+! at least for a bogus registered user - they have left no traces in the DB yet.
Mark
Updated by Anonymous almost 10 years ago
FYI - you can put this in cron and it'll lock any accounts older than two months.
psql redmine -c "UPDATE users SET status = 3 WHERE last_login_on BETWEEN '2000-01-01' and '$(date +%Y-%m-%d --date="2 months ago")' and status != 3;"