Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-28951

Profiles of deleted users shows bad email address and deletion should be clearer

    Details

    • Affected Branches:
      MOODLE_20_STABLE

      Description

      Prerequisite: Moodle Account A has the capability moodle/user:viewdetails on system level. I can think of moodle installations where this capability is set for all authenticated users for some reason. Moodle Account B was a moodle user, but his account was deleted by an admin several weeks ago.

      Now, with Moodle Account A logged in, I visit
      http://MYMOODLEDOMAIN/user/profile.php?id=USERID-OF-ACCOUNT-B
      (I don't need to know necessarily the user ID of Account B, I can simply iterate the id parameter from 1 to n)

      The profile of the deleted user shows with no details, but with full name - although the user account no longer exists!
      When viewing the same page as admin, I get the message "This user account has been deleted".

      I know that moodle saves some data from deleted user accounts. But I don't think that it is intended that this data is visible to non-admins, especially without any remark that this account no longer exists.

      Furthermore, is that data from deleted users fully deleted by cron job some time or is it saved forever?

        Gliffy Diagrams

          Activity

          abias Alexander Bias created issue -
          abias Alexander Bias made changes -
          Field Original Value New Value
          Description Prerequisite: Moodle Account A has the capability moodle/user:viewdetails on system level. I can think of moodle installations where this capability is set for all authenticated users for some reason. Moodle Account B was a moodle user, but his account was deleted by an admin several weeks ago.

          Now, with Moodle Account A logged in, I visit
          https://moodle.uni-ulm.de/user/profile.php?id=USERID-OF-ACCOUNT-B
          (I don't need to know necessarily the user ID of Account B, I can simply iterate the id parameter from 1 to n)

          The profile of the deleted user shows with no details, but with full name - although the user account no longer exists!
          When viewing the same page as admin, I get the message "This user account has been deleted".


          I know that moodle saves some data from deleted user accounts. But I don't think that it is intended that this data is visible to non-admins, especially without any remark that this account no longer exists.

          Furthermore, is that data from deleted users fully deleted by cron job some time or is it saved forever?
          Prerequisite: Moodle Account A has the capability moodle/user:viewdetails on system level. I can think of moodle installations where this capability is set for all authenticated users for some reason. Moodle Account B was a moodle user, but his account was deleted by an admin several weeks ago.

          Now, with Moodle Account A logged in, I visit
          http://MYMOODLEDOMAIN/user/profile.php?id=USERID-OF-ACCOUNT-B
          (I don't need to know necessarily the user ID of Account B, I can simply iterate the id parameter from 1 to n)

          The profile of the deleted user shows with no details, but with full name - although the user account no longer exists!
          When viewing the same page as admin, I get the message "This user account has been deleted".


          I know that moodle saves some data from deleted user accounts. But I don't think that it is intended that this data is visible to non-admins, especially without any remark that this account no longer exists.

          Furthermore, is that data from deleted users fully deleted by cron job some time or is it saved forever?
          Hide
          salvetore Michael de Raadt added a comment -

          I think you have raised two issues here; one that we could deal with and one that we probably will not.

          If someone is willing to give the permission for a non-admin to view hidden user details to all users, that's up to them. General users are not able to see the profiles of deleted users if the permissions are set normally.

          Deleted users are not removed from the database. They are flagged as deleted. This is the appropriate way to deal with old data in a database. It's essential that this data is maintained as other parts of Moodle, such as forum posts, assignment submissions, etc., are dependent on this information.

          I don't think it's a bad thing for an admin to be able to see the details of a deleted user. There are problems with how the information is displayed:

          • The email address of a deleted user is replaced with a complex string. A deleted user's email address should not be displayed.
          • The fact that the user has been deleted is show in the navigation and breadcrumbs, but this should also be clearly displayed withe user's name.
          Show
          salvetore Michael de Raadt added a comment - I think you have raised two issues here; one that we could deal with and one that we probably will not. If someone is willing to give the permission for a non-admin to view hidden user details to all users, that's up to them. General users are not able to see the profiles of deleted users if the permissions are set normally. Deleted users are not removed from the database. They are flagged as deleted. This is the appropriate way to deal with old data in a database. It's essential that this data is maintained as other parts of Moodle, such as forum posts, assignment submissions, etc., are dependent on this information. I don't think it's a bad thing for an admin to be able to see the details of a deleted user. There are problems with how the information is displayed: The email address of a deleted user is replaced with a complex string. A deleted user's email address should not be displayed. The fact that the user has been deleted is show in the navigation and breadcrumbs, but this should also be clearly displayed withe user's name.
          salvetore Michael de Raadt made changes -
          Summary Full name of deleted user is visible to Non-Admins Profiles of deleted users shows bad email address and deletion should be clearer
          Security Could be a security issue [ 10030 ]
          Fix Version/s STABLE backlog [ 10463 ]
          Labels triaged
          salvetore Michael de Raadt made changes -
          Attachment profileOfDeletedUser.jpg [ 24929 ]
          Hide
          abias Alexander Bias added a comment -

          I just had a look at this again. As far as I can see the problem has been fixed in 2.2.x.
          Moodle Account A, which has the capability moodle/user:viewdetails on system level in 2.2.x, gets the message "This Account has been deleted" when calling http://MYMOODLEDOMAIN/user/profile.php?id=USERID-OF-ACCOUNT-B (B is a deleted account).

          From my point of view, this ticket can be closed now.

          Show
          abias Alexander Bias added a comment - I just had a look at this again. As far as I can see the problem has been fixed in 2.2.x. Moodle Account A, which has the capability moodle/user:viewdetails on system level in 2.2.x, gets the message "This Account has been deleted" when calling http://MYMOODLEDOMAIN/user/profile.php?id=USERID-OF-ACCOUNT-B (B is a deleted account). From my point of view, this ticket can be closed now.
          Hide
          rajeshtaneja Rajesh Taneja added a comment -

          Thanks for the feedback Alexander.
          Closing this issue

          Show
          rajeshtaneja Rajesh Taneja added a comment - Thanks for the feedback Alexander. Closing this issue
          rajeshtaneja Rajesh Taneja made changes -
          Status Open [ 1 ] Closed [ 6 ]
          Resolution Not a bug [ 7 ]
          Subversion JIRA

          Links Hierarchy

           Documentation

          Invalid license: EXPIRED

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: