Prevent users from deleting Topics themselves?

Hello,

I’m new here and hope I’ve chosen the right category.
Since the update to v2. 4. 0 it is possible for every user to delete his own threads. I don’t think that’s good. Is it possible to set somewhere that nobody but the moderators and administrators can delete complete threads? Anyone should be able to delete their own posts. Just no complete threads.

I’m already thanking you for the answers.

Yours sincerely
paeddy

1 Like

From personal experience, I’ve seen that they’re only able to delete their own topics it doesn’t have any replies to it; which I feel is fine. It’s a user’s discretion to initially post the topic and show the content to others on the forum. The same goes for posts.

If a topic has people actively replying or has previously replied, they shouldn’t be able to delete the topic, however, I think this is already the case.

6 Likes

Thank you very much for your answer.

That the user can only delete the topic if there is no answer to it was not known to me. I just tried it. As soon as there is a reply, the topic can only be deleted by a moderator or administrator. I think that’s good. Thank you so much for the clarification.

Best regards
Paeddy

3 Likes

This is [partially] not true as of 2.8.0.beta6: the user deleted his account and the topic with 70+ replies became deleted as well, for everyone.

1 Like

I don’t think a user is able to delete his own account… only admins can - and even there is the recommendation to anonymize a user to prevent the situation you just described.

1 Like
  1. User registered and posted several messages.
  2. I moved some messages from one topic to a new one (offtopic/discussion).
  3. Message from the user from #1 was the first one, so he’s a “topic starter”. People discuss things in this new topic, 80+ messages.
  4. After several days, the user deletes his account. He can do that if the account is registered recently.
  5. The topic is deleted.

This is a real situation. I’ve found this topic because initially I thought the user has just deleted his own topic, but no — he just deleted the account, and that resulted in topic deletion. Discourse wipes all the account data (incl. all posts) upon deletion automatically — I see “topic deleted”, then “account deleted” in the logs.

1 Like

Hmm, a user should not be able to delete the account after he/she has posted.

But this is a different issue than the OP from this topic, maybe have this moved to a new topic.

1 Like

Nope. When I was trying to reproduce the issue, I successfully created a topic using fresh registered account, replied to the topic from different accounts, and then deleted the account. The topic was deleted.

1 Like

All right, I think I got it.
Here’s the steps to reproduce the bug.

  1. Have a relatively old account (several days), with several posts and one topic
  2. Delete all your messages manually
  3. Wait until “delete removed posts after” timeout (24 hours by default)
  4. Now you have one post - the topic top post. You can delete your account in the profile, and the topic disappears. This is due to delete user self max post count = 1 by default.

Here’s a video demo with delete removed posts after = 0, so the posts are deleted instantly.
After deleting the account, the topic was also deleted.

3 Likes

Check your settings in /admin/site_settings/category/users
These are the default settings shown below. As noted at the bottom, you can set the last value to -1 to disable self-deletion of user accounts. If that’s too strong of a solution, you can lower the maximum number of days delete user max post age… and/or lower the delete all posts maximum.

image

1 Like

delete user self max post count = 0 should disallow deleting the user if this account has created a topic with replies, since top post can’t be deleted.

Why is it = 1 by default I wonder?

1 Like

If a user only has a few posts under their belt, they can delete their account.

1 Like

I believe that’s for when someone signs up, makes one post and then changes their mind. Instead of having to delete their post before deleting their account, they can simply delete their account.

If you don’t want a user to be able to delete their own account, but have to ask to have their account deleted, then set that to -1.

But the delete all posts max should be lowered if you have problem with users deleting many posts at once. The delete user max post age give the length of time a user can be deleted after their first post. Lower that to lower the number of days a user can be deleted after their first post.

1 Like

Changing delete all posts max and delete user max post age to lower values won’t be much helpful in my case. In my case, the account was about a week old with 7 posts, but a topic starter.

The deleted topic appeared only in staff logs (the deletion has been performed from “system” account). That confused me, I could not find a topic which I totally remembered.

This action was performed by a person who understood default Discourse settings. The posts were marked for deletion, then after 24 hours had been deleted, then the person changed his email address to a burner one and deleted the account.

1 Like

The first setting above would probably be the best to counter that type of behavior - decreasing the number of days for the oldest post.

By default, the creator of a topic can delete their topic. Imposing limits on that by using the above settings should help prevent deletion depending upon the number of posts/replies. The last setting should prevent any topic deletion (other than by staff).

:thinking: I fail to see the logic in changing one’s email address and then deleting their account immediately after… unless the burner account will be used to receive a notification that the account was deleted? But I don’t believe they would get such notification. Why would you notify a spammer that you’ve deleted their account. Spamming the spammer? :laughing:

Keeping my :crossed_fingers: you don’t go through a repeat of this.

Good sleuthing work @ValdikSS – so what you’ve essentially outlined is this:

A user may delete their account if it has only one or zero posts by default in Discourse. However, if that one single post is a topic, the entire topic is deleted.

That is more or less as designed… I don’t think we anticipated this particular special case where a user created a topic as their single post.

1 Like