• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item4905: TWiki Needs Remove User / Delete User functionality

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Enhancement Waiting for Feedback   major  

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

Anyone done anything on Delete User functionality? I see the script on http://twiki.org/cgi-bin/view/Codev/HowToDeleteUserAccount

http://develop.twiki.org/~twiki4/cgi-bin/view/TWiki/ManagingUsers#Removing_User_Accounts says:

To remove a user account (FredQuimby, who logs in as "fred"):

  1. If you are using a .htpasswd file, edit the .htpasswd file to delete the line starting fred:
    • Warning: Do not use the Apache htpasswd program with .htpasswd files generated by TWiki! htpasswd wipes out email addresses that TWiki plants in the info fields of this file.
  2. Remove the FredQuimby - fred line from the TWikiUsers topic
  3. Remove FredQuimby from all groups and from all the ALLOWWEB/ALLOWTOPIC... declarations, if any.
    Note: If you fail to do this you risk creating a security hole, as the next user to register with the wikiname FredQuimby will inherit the old FredQuimby's permissions.
  4. [optional] Delete their user topic FredQuimby (including attachments, if any.)

Requiring admins to manually delete is:

  1. Inconvenient
  2. Error prone
  3. Time consuming
  4. Requires additionally communication from the site owner to the site systems administrator

lib/TWiki/User.pm:removePassword exists (at line 222 in 4.1.2). It does not seem to be used.

So says Bruce McKenzie:

* purge all traces of account (do "something" with links, or replace home page with a "no tresspassing" sign smile

  • disable account (disallow logins, remove from groups)
  • remove home page and login information in anticipation of imminent re-registration. All of these can involve adding comments to the home page if not deleting it outright. Personally, I want to be able to do all/any of these from a web interface. And they are separate enough functions that I would like them all

-- TWiki:Main/MartinCleaver - 29 Oct 2007

I think noone will be against such a feature in TWiki 5.0.

Martin this one is not a bug but a feature enhancement so it should follow the process on http://twiki.org/cgi-bin/view/Codev/TWikiFeature04x02

Please raise a request there - where it will be followed up on. Here on bugs it will rot like most enhancement requests.

If you add yourself as committed developer you even start the 14-day clock of auto acceptance. Provided that you do want to implement it. You have all the right skills for it right? I am setting this as Enhancement and you can use the bug item later for checkins on SVN when your proposal gets accepted which I am sure it will be.

-- TWiki:Main.KennethLavrsen - 29 Oct 2007

How about making it an extension. So people don't have to wait for TWiki-5.o or even get this feature on a 4.x engine.

-- TWiki:Main.MichaelDaum - 01 Nov 2007

Makes a lot of sense.

-- TWiki:Main.KennethLavrsen - 01 Nov 2007

Depends. Right now it looks like the code can get folded right alongside bulk password reset in registration. If so it would be less effort and a cleaner outcome to push it TWiki::UI::Register.

Can extensions override core code yet?

-- TWiki:Main.MartinCleaver - 02 Nov 2007

It's already an extension, in the sense that deleting users should be done in the TWikiuserMapping. Some of the pieces are already there. We would like at some point to abstract the registration code out into a pluggable module in the same way. Until then, the delete user functionality should be folded into UI/Register.pm as Martin implicitly suggests.

-- TWiki:Main.CrawfordCurrie - 02 Nov 2007

Thanks for the pointer to TWikiUserMapping.

I note this in TWiki::UI::Manage::_removeUser (4.1.2)

# Renames the user's topic (with renaming all links) and # removes user entry from passwords. CGI parameters: sub _removeUser {     my $session = shift;      my $webName = $session->{webName};     my $topic = $session->{topicName};     my $query = $session->{cgiQuery};     my $user = $session->{user};      my $password = $query->param( 'password' );      # check if user entry exists     if( $user && !$user->passwordExists()) {         throw TWiki::OopsException( 'attention',                                     web => $webName,                                     topic => $topic,                                     def => 'notwikiuser',                                     params => $user->stringify() );     }      #check to see it the user we are trying to remove is a member of a group.     #initially we refuse to delete the user     #in a later implementation we will remove the from the group (if Access.pm implements it..)     my @groups = $user->getGroups();     if ( scalar( @groups ) > 0 ) {          throw TWiki::OopsException( 'attention',                                     web => $webName,                                     topic => $topic,                                     def => 'in_a_group',                                     params =>                                     [ $user->stringify(),                                       join(', ',                                            map { $_->stringify() }                                            @groups ) ] );     }      unless( $user->checkPassword( $password ) ) {         throw TWiki::OopsException( 'attention',                                     web => $webName,                                     topic => $topic,                                     def => 'wrong_password');     }      $user->remove();      throw TWiki::OopsException( 'attention',                                 def => 'remove_user_done',                                 web => $webName,                                 topic => $topic,                                 params => $user->webDotWikiName() ); }  sub _isValidHTMLColor {     my $c = shift;     return $c =~ m/^(#[0-9a-f]{6}|black|silver|gray|white|maroon|red|purple|fuchsia|green|lime|olive|yellow|navy|blue|teal|aqua)/i;  }  

I didn't see it used anywhere.

-- TWiki:Main.MartinCleaver - 02 Nov 2007

It's called at line 66, in response to the "deleteUserAccount" manage request. I think all it needs is a UI. TWiki Application time.

Why is there no feature request for this? Marked waiting for Martin to raise one.

-- TWiki:Main.CrawfordCurrie - 06 Aug 2008

Looks like http://twiki.org/cgi-bin/view/Codev/HowToDeleteUserAccount is a feature request for this.

-- TWiki:Main.MartinCleaver - 06 Aug 2008

ItemTemplate
Summary TWiki Needs Remove User / Delete User functionality
ReportedBy TWiki:Main.MartinCleaver
Codebase 4.0.0, 4.0.1, 4.0.4, 4.1.2, 4.2.0, ~twiki4
SVN Range

AppliesTo Engine
Component

Priority Enhancement
CurrentState Waiting for Feedback
WaitingFor

Checkins

TargetRelease major
ReleasedIn

Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r9 - 2008-08-06 - MartinCleaver
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback