Does this need a configuration setting? I think it'd be pretty hard for someone to accidentally delete a user using this. If we want a setting, I'd at least make it enabled by default.

On another note, since we're adding an option to delete a user, do we also want to a separate option for anonymizing? (I know that this will anonymize the user if it fails to delete, but sometimes you only want to anonymize and not hard-delete)

that was my suggestion since i know cases where not every indico admin should have access

Then I'd keep the setting but make it enabled by default

(I know that this will anonymize the user if it fails to delete, but sometimes you only want to anonymize and not hard-delete)

On our side, we currently don't need to only anonymise but if you're requesting it then I can include it in this PR.

Also I think many of the accounts will end up being anonymised and not deleted :( unless more is done to unlink stuff. Like if a user had uploaded an attachment, then it cannot get deleted. Or if it is linked to a log message. So the 2 buttons will end up doing almost the same thing.

On our side, we currently don't need to only anonymise

What if a user who is linked to things that cannot be cleared asks for deletion? In that case you'd need to go for the anonymize option. FWIW it does not destroy their content, but rather unlinks what can be unlinked, and removes their name, email, etc. from the User object.

Yes, this already falls back to anonymise the user if it cannot be deleted

Nice PR, but I think the dialog UI could be improved a bit:

• You have two screens - one for showing a warning message, and one for confirming the deletion action - why not just put this into one screen (similar to how GitHub does it)? You could move the first message from your first screen into a nice message component with an icon followed by the confirmation form on your second screen (albeit with a few tweaks to the text).
• From a UX standpoint, you are missing a 'Cancel' button to close out of the dialog - this might be a small feature to add, but without it, it doesn't really conform to what we have elsewhere in Indico for dialogs like this one, and for something potentially destructive like this, it does make it more obvious for someone that they can abort it.

Any thoughts?

Hi @GovernmentPlates, thanks for your feedback.

• Interesting you mentioned Github since I was doing something similar to when you want to delete a repository. They have 3 screens, the first 2 for warning and the last for confirmation. This is just to make the user think twice before deleting an account. (If I saw this message I would definitely not end up deleting it unless I was very sure ;) ) Could you point me to which example you saw that has just one screen? I've included a movie of the one I'm referring to
• Sure, any recommendations for the tweaks to add to the text?
• Sure, I can include a cancel button (The dialog also closes if you click outside it)

Interesting you mentioned Github since I was doing something similar to when you want to delete a repository. They have 3 screens, the first 2 for warning and the last for confirmation. This is just to make the user think twice before deleting an account. (If I saw this message I would definitely not end up deleting it unless I was very sure ;) ) Could you point me to which example you saw that has just one screen? I've included a movie of the one I'm referring to

Unfortunately, it seems that GitHub has changed their deletion UI in recent years (the deletion UI used to be similar to the repo archiving action UI in GH). However, I still believe that having an additional screen is a bit unnecessary for something like this. Not to mention, the second confirmation prompt - whilst it is a good idea to have this safeguard in place, it does introduce a problem in terms of UX, whereby an admin trying to delete a user who may have a special character in their name (e.g. ě, ð, ø etc.) may not be able to easily type in their name to confirm the deletion action.

Instead, this is what I had in mind (this also addresses the text):

This gives you:

• a nice big alert (making it hard to miss)
• an easy to understand message which explains what will happen if the admin goes through with deleting the user
• a 10 sec. countdown which will only enable the deletion button once the time has passed (this also gives the admin some 'thinking time' 😉)

I also noticed that you placed the deletion button in a separate box layout - it would make a bit more sense to move it next to the 'Block Button' (in the top right-hand corner of the 'Details' box) imo.

I agree with @GovernmentPlates , I think a single dialog with all the information in one place is better UX.

On another note, could we move the button where the Block user button currently is (or move the that button down)? I think it makes sense to keep those two together.

The initial information that was passed from @ThiefMaster to @OmeGak and then to me was to make it with a 2 screen dialog. Since your team agree with this and it looks like you've already added the change why not add it as a second commit?

I would rather move the block button down. This is because having the two buttons too close to each other would lead to issues where people would say that they meant to block, not delete or vice versa and the action is irreversible.

The initial information that was passed from @ThiefMaster to @OmeGak and then to me was to make it with a 2 screen dialog. Since your team agree with this and it looks like you've already added the change why not add it as a second commit?

Can do (sent you a message on Matrix confirming this).

I would rather move the block button down. This is because having the two buttons too close to each other would lead to issues where people would say that they meant to block, not delete or vice versa and the action is irreversible.

I can see where you are coming from, but the message and countdown should be enough (with the latter ensuring that they do read the message before doing something potentially bad).

On the other hand, if they do still end up deleting someone without reading the message first, then maybe its time to think about wether that admin should be an admin in the first place ;)

Just something that we found: administrators can delete other administrators - it would be best to add a check to prevent this (and no, we don't have any "super admin" roles).

cc: @ThiefMaster

Ok, nice catch, will add a check for that. Admins can remove other admins though so I guess they will still be able to delete them if they really wanted to.

Yes, it's mainly to avoid accidents

Done, I also added disabling blocking of admin accounts.