Skip to content

feat(user): implement hard delete with ownership transfer (#453) #456

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tompscanlan wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(user): implement hard delete with ownership transfer (#453) #456

tompscanlan wants to merge 1 commit into from
+588 −26

Conversation

@tompscanlan
Copy link
Contributor

@tompscanlan tompscanlan commented Jan 15, 2026

Summary

  • Replace soft delete with hard delete for GDPR compliance (right to erasure)
  • Groups with admin/organizer members: transfer ownership automatically
  • Groups with no eligible successor: delete group entirely
  • Standalone events (no group): delete with user
  • Events in groups: keep event, userId becomes NULL
  • Memberships/permissions: cascade delete via FK constraints

Migration Changes

  • ON DELETE SET NULL for events.userId, eventSeries.userId, groups.createdById
  • ON DELETE CASCADE for groupMembers, userPermissions, groupUserPermissions
  • Makes userId nullable on events/eventSeries/groups

Still TODO (separate PRs)

  • Frontend: Handle null event.user / group.createdBy (show "Former member" or hide attribution)
  • E2E tests: Add integration tests for user deletion scenarios
  • Admin UI: Consider admin tooling for reviewing orphaned content (groups/events with null owner)

Test Plan

  • Unit tests: 9 new tests covering all deletion scenarios (56 total passing)
  • Manual: Create user with groups, events, memberships → delete → verify behavior
  • Run migration on dev environment

Closes #453

@tompscanlan
feat(user): implement hard delete with ownership transfer (#453)
95147f2 
Replace soft delete with hard delete for GDPR compliance (right to erasure).

- Groups with admin/organizer members: transfer ownership automatically
- Groups with no eligible successor: delete group entirely
- Standalone events (no group): delete with user
- Events in groups: keep event, userId becomes NULL
- Memberships/permissions: cascade delete via FK constraints

Migration adds:
- ON DELETE SET NULL for events.userId, eventSeries.userId, groups.createdById
- ON DELETE CASCADE for groupMembers, userPermissions, groupUserPermissions
- Makes userId nullable on events/eventSeries/groups

Closes #453
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Evaluate user deletion strategy: soft delete vs hard delete + anonymization

2 participants

@tompscanlan