I am developing a social network app, we chose MongoDB as the storage for our app and mongoose as an ORM.
Everything was going smoothly until one dark day the client said he needs to let the users to deactivate their account. Now this seems a simple task but what is making me sick is that the client wants to be like Facebook, so when a user deactivates his account all his data must be hidden somehow and any interaction must be forbidden.
I started by changing all find queries to aggregations with lookup but it is getting really complicated.
Do you suggest I continue in this way or shall I make a bulk update to modify user's posts and comments as inactive so I won't select them when querying when the user deactivates his account?
-
Can you be more explicit in what you mean by "like Facebook." Although we may have an idea what you mean, FB could change their policy in the future, so this question will become confusing.JeffO– JeffO2018年05月14日 17:43:21 +00:00Commented May 14, 2018 at 17:43
-
Not completely irrelevant to the question would be the EU GDPR, article 17. If you want your application to be used, now or in the future, within European Union, you have to be able not only to disable an account, but also delete the user data. In this context, Ewan's answer appears even more valuable.Arseni Mourzenko– Arseni Mourzenko2018年08月11日 19:35:06 +00:00Commented Aug 11, 2018 at 19:35
1 Answer 1
I think the simplest way would be to delete the user data from the database entirely.
This would mean that all your current queries were guaranteed not to return the deleted users data and gives a clear separation between what is and isn't 'deleted'.
It could be saved to a archive db or something if the data is required for later use or reactivation.
-
I can't delete them because after the user deactivates his account he can login again any time and he expects his data to be thereSami– Sami2018年05月13日 19:28:10 +00:00Commented May 13, 2018 at 19:28
-