Accounts soft-deletion

[renchap]

We are looking into implementing soft-deletion for accounts, as some users are deleting their accounts but do not realize that this also delete all the related content they have on our website (🤷) and ask us to reinstate it.

When a user wants to delete their account, we fill a deleted_at column, and then have a process to really delete those after some time.

How would you implement this with rodauth-rails? It is easy to check for the account status in a before_filter, but I am not sure it will properly handle requests handled by Rodauth (signing in, requesting a new password…).

I am a bit afraid of needing to patch a lot of things to get it done properly. Is it an easy way I missed?

[janko]

Hi @renchap, Rodauth's close_account feature has soft-deletion already built in, and it's the default behaviour when the user closes their account (hard-deletion can be enabled by setting delete_account_on_close? to true). It works by updating account.status column to "closed", and that's handled by all other authentication features. Closing the account will delete all associated account_* table data, but other application data would remain intact.

[renchap]

Why did I miss this? Thanks 😄