Moodle
  1. Moodle
  2. MDL-28951

Profiles of deleted users shows bad email address and deletion should be clearer

    Details

    • Affected Branches:
      MOODLE_20_STABLE
    • Rank:
      18499

      Description

      Prerequisite: Moodle Account A has the capability moodle/user:viewdetails on system level. I can think of moodle installations where this capability is set for all authenticated users for some reason. Moodle Account B was a moodle user, but his account was deleted by an admin several weeks ago.

      Now, with Moodle Account A logged in, I visit
      http://MYMOODLEDOMAIN/user/profile.php?id=USERID-OF-ACCOUNT-B
      (I don't need to know necessarily the user ID of Account B, I can simply iterate the id parameter from 1 to n)

      The profile of the deleted user shows with no details, but with full name - although the user account no longer exists!
      When viewing the same page as admin, I get the message "This user account has been deleted".

      I know that moodle saves some data from deleted user accounts. But I don't think that it is intended that this data is visible to non-admins, especially without any remark that this account no longer exists.

      Furthermore, is that data from deleted users fully deleted by cron job some time or is it saved forever?

        Activity

        Hide
        Michael de Raadt added a comment -

        I think you have raised two issues here; one that we could deal with and one that we probably will not.

        If someone is willing to give the permission for a non-admin to view hidden user details to all users, that's up to them. General users are not able to see the profiles of deleted users if the permissions are set normally.

        Deleted users are not removed from the database. They are flagged as deleted. This is the appropriate way to deal with old data in a database. It's essential that this data is maintained as other parts of Moodle, such as forum posts, assignment submissions, etc., are dependent on this information.

        I don't think it's a bad thing for an admin to be able to see the details of a deleted user. There are problems with how the information is displayed:

        • The email address of a deleted user is replaced with a complex string. A deleted user's email address should not be displayed.
        • The fact that the user has been deleted is show in the navigation and breadcrumbs, but this should also be clearly displayed withe user's name.
        Show
        Michael de Raadt added a comment - I think you have raised two issues here; one that we could deal with and one that we probably will not. If someone is willing to give the permission for a non-admin to view hidden user details to all users, that's up to them. General users are not able to see the profiles of deleted users if the permissions are set normally. Deleted users are not removed from the database. They are flagged as deleted. This is the appropriate way to deal with old data in a database. It's essential that this data is maintained as other parts of Moodle, such as forum posts, assignment submissions, etc., are dependent on this information. I don't think it's a bad thing for an admin to be able to see the details of a deleted user. There are problems with how the information is displayed: The email address of a deleted user is replaced with a complex string. A deleted user's email address should not be displayed. The fact that the user has been deleted is show in the navigation and breadcrumbs, but this should also be clearly displayed withe user's name.
        Hide
        Alexander Bias added a comment -

        I just had a look at this again. As far as I can see the problem has been fixed in 2.2.x.
        Moodle Account A, which has the capability moodle/user:viewdetails on system level in 2.2.x, gets the message "This Account has been deleted" when calling http://MYMOODLEDOMAIN/user/profile.php?id=USERID-OF-ACCOUNT-B (B is a deleted account).

        From my point of view, this ticket can be closed now.

        Show
        Alexander Bias added a comment - I just had a look at this again. As far as I can see the problem has been fixed in 2.2.x. Moodle Account A, which has the capability moodle/user:viewdetails on system level in 2.2.x, gets the message "This Account has been deleted" when calling http://MYMOODLEDOMAIN/user/profile.php?id=USERID-OF-ACCOUNT-B (B is a deleted account). From my point of view, this ticket can be closed now.
        Hide
        Rajesh Taneja added a comment -

        Thanks for the feedback Alexander.
        Closing this issue

        Show
        Rajesh Taneja added a comment - Thanks for the feedback Alexander. Closing this issue

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: