After talking with @elia and @jacobherrington about how we should tackle #3126, I think it's better for everybody to have a say on this particular issue. (I think #2221 is also related to this?)
Initially, I plan to submit a PR to hide the delete button for those users that have at least one order associated and then work from there on whatever the community consensus is.
The proposed ideas to completely completely fix the aforementioned issue are the following:
Deleted user <some_id>Take into consideration that this is something that stores administrators must be aware of, it should be GDPR compliant and last but not least, orders can't be deleted whatsoever.
Let me know what you think! :raised_hands:
@epicery, we keep the user object and scramble it's data.
Doing so enable us to keep stats about our average lifetime value, average order interval, average order count, etc. Migrating all orders to a "ghost" user will certainly break that.
I agree with deleting as much PII as possible and renaming the user to "Deleted user
I agree that we should explore the approach proposed by @stem if that's compliant with GDPR. Are there some rules to respect for not being able to reverse scrambled data with real users data?
We could use SecureRandom to generate a new email - eg."#{SecureRandom.hex}@deleted.com" - to remove unscrambling as a possibility.
Most helpful comment
@epicery, we keep the user object and scramble it's data.
Doing so enable us to keep stats about our average lifetime value, average order interval, average order count, etc. Migrating all orders to a "ghost" user will certainly break that.