Not a bug Possible to accidentally delete staff accounts

[Naz]

Affected version

1.5.17

If you move a staff account to the "Awaiting approval" user state and then reject them from the approval queue, their account will be irreversibly deleted.

This could definitely be chalked up to being the expected behaviour but I don't believe it should be possible to add a user to this user state if they're staff.

 

[Chris D]

I don’t particularly see a need to make any changes here. There may be valid reasons for adding a staff member to this state, such as to temporarily disable their account for some reason, especially if there’s a suspicion it has been accessed by a third party or similar.

We can say it’s sort of fixed by proxy in XF2 as rejecting a user no longer irreversibly deletes the user, instead it just marks them as rejected. So all things considered, I think that’s sufficient.

 

[Naz]

I don’t particularly see a need to make any changes here. There may be valid reasons for adding a staff member to this state, such as to temporarily disable their account for some reason, especially if there’s a suspicion it has been accessed by a third party or similar.

This was the case until another admin came along and emptied a mile long approval queue. Definitely user error (for not paying enough attention to what was being rejected) but I think it should be made a little more difficult to do that.

 

[Chris D]

We’ve done that for XF2, there isn’t really a viable way in XF1 that we’d add at this stage.

 

[Chris D]

As a workaround you can use any other state apart from Valid for a similar effect. Anything that isn’t valid will give the user the same permission set as guests.

 

[Naz]

As a workaround you can use any other state apart from Valid for a similar effect. Anything that isn’t valid will give the user the same permission set as guests.

Sadly, the admins that did this weren't aware but, luckily, I have backups.