The user should be able to delete his account #28
Description
A button on his profile page should allow him to delete his account.
A configuration parameter should be able to authorize to delete our own accounts. In some application inside companies, it may not be relevant to authorize these kind of feature, as accounts are only manage by administrators in this case.
An event should be sent before displaying the button or before launching the process. listeners could response by indicating
- that the account cannot be deleted/deactivated
- that the account data should not be deleted (but can be deactivated). Some data may be still needed, to not break the application.
Support of a "deleted" status into the accounts table.
To improve security, a confirmation should be asked to the user
- by giving his password
- or by indicated a code that is sent to the user by email?
An event is sent during the deletion process, so some modules can anonymize or delete some personal data. For example, the loginpass module can delete the records about the user.
Check the relationship between these events and the AuthenticationUserDeletion event.