Introducing permanently delete post functionality

When a post is deleted in Discourse, we perform a soft-delete. This means that post is still present in the database in case an administrator wants to recover it later. A soft-delete is not sufficient when the deleted post contains sensitive information and must be pruned from the database completely. For those situations, we are introducing the ability to permanently delete a post.

This feature was implemented under a hidden site setting because of how dangerous it can be, once a post is destroyed it cannot be recovered. As an additional protection mechanism, posts can be permanently deleted by the same administrator who deleted the post only after 5 minutes have passed OR by a different administrator immediately. If post cannot be deleted because none of the preconditions were met, it will show an error message:

If your site is hosted by us, contact us and we will enable it for you. If you host it yourself, to enable it you must enter the console (rails c) and change the site setting value:

SiteSetting.can_permanently_delete = true
53 Likes

Are there dangers such as reduced database performance, inconsistencies, anything else? Or is not being able to recover the permanently deleted posts the only danger?

7 Likes

It is just that once a post is deleted it is gone forever and it cannot be recovered. There are no performance concerns.

6 Likes

I actually have the opposite question: isn’t there reduced performance from Discourse from only soft deleting posts instead always permanently deleting them? There must be some burden acumulated after some years for some forums. Is it done this way to keep statistics for each account even when posts/topics are removed?

3 Likes

Not really. BTree indexes mean we can search in O(log n) for posts and topics, so there is a sub-linear cost growth.

In the largest Discourse instances out there, post quantity never were the performance bottleneck in production. That said we keep an eye on it and we can always come back and refactor it if needed.

9 Likes

In short, no.

First of all, I believe that most communities have many more visible posts than deleted posts. For example, here on Meta the total amount of posts is 1,015,386 and only 81,480 of these are deleted. That is less than 10%. Probably the total amount of deleted data is less than 100MB of data.

As Falco said, the performance impact of storing and indexing more data is negligible. Database systems are optimized to hold a lot more data than one can imagine and even the most simple configurations can hold thousands of thousands of data points without breaking a sweat.

Maybe this is not the best comparison in the world, but can you notice your PC getting slower as you store more files? Most probably no and the file system is some kind of database system too. :slight_smile:

11 Likes

Thanks so much for this thread! :slight_smile: I think it’s exactly what I am looking for. I had a few questions, if I enable this:

  1. will I need to do a ./launcher rebuild app afterwards?
  2. will the value be stored in the DB somewhere? Since its not in the admin UI I want to ensure if my VM gets wiped and I follow the Cloud install guide (using the same DB) that the setting will still be there.
5 Likes

Nope, only reload the browser.

Yes, all changes to site settings are stored in the DB :confetti_ball:

6 Likes

BEAU-TI-FUL! :ok_hand:

Thank you!

4 Likes

I wanted to document this here. The permanently delete functionality for various user groups:

| User Group  | Has Permanently Delete |
| ----------- | ---------------------- |
|    Admin    |            Y           |
|  Moderator  |            Y           |
|     TL4     |            N           |
|     TL3     |            N           |
|     TL2     |            N           |
|     TL1     |            N           |
|     TL0     |            N           |

Feel free to correct me if this isn’t right, but I was able to do a quick test on my Forums.

5 Likes

I wasn’t sure a moderator could permanently delete, but I’ve had a test run to check and the option does appear in their post wrench. Though when I attempted it with a test moderator it gave me a ‘Sorry, an error has occurred’ message, but worked fine using an admin account.

Is there something extra I need to do to allow a moderator to do it?

2 Likes

Be sure to open a bug on this (either here or on dev) sounds like something we want to fix. I think this feature is an admin only feature.

5 Likes