Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-2678

Allow for full deletion of client data

    Details

    • Type: Story
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.2.0
    • Fix Version/s: 4.3.0-b1
    • Component/s: Staff Interface
    • Labels:
      None

      Description

      Under a client profile page there is a delete client option for staff, that requires ACL permissions to access. This option only works if the client has no invoices, services, or transactions, including cancelled or paid invoices.

      This option should be updated to delete all of the client's data, so long as the following conditions are met:

      • No open invoices
      • No recurring invoices
      • No active services

      The action should delete:

      • All invoices belonging to this client
      • All services, including service meta data for this client
      • All transactions for this client
      • All contacts (The primary client contact, and all other types) belonging to this client
      • The client's email logs
      • The client's "Set Packages" for restricted packages.
      • The client's contact update logs
      • The client's authentication logs
      • The client's client settings
      • The client's custom contact fields
      • The client's notes (staff notes for the client)
      • The client's payment accounts (CC & ACH)
      • The client's tickets (If the Support Manager is installed)
      • The client's orders (If the Order Manager is installed)

      Regarding the last item, it may be necessary to add an optional method or event for plugins to delete client specific data.

      Essentially, there should be no record of the client.

      There may be evidence in the module log for services provisioned, if they have not yet been rotated out, but we do not need to touch this. It's up to each company to have a proper rotation policy in place to delete logs that would normally be rotated by Blesta.

      Message should say something about this being permanent, and the staff member must enter their password.
      This should all happen in a transaction via events

        Activity

        admin Paul Phillips created issue -
        admin Paul Phillips made changes -
        Field Original Value New Value
        Parent Issue CORE-2463 [ CORE-2463 ] CORE-2679 [ CORE-2679 ]
        admin Paul Phillips made changes -
        Description Under a client profile page there is a delete client option for staff, that requires ACL permissions to access. This option only works if the client has no invoices, services, or transactions, including cancelled or paid invoices.

        This option should be updated to delete all of the client's data, so long as the following conditions are met:

        * No open invoices
        * No recurring invoices
        * No active services

        The action should delete:

        * All invoices belonging to this client
        * All services, including service meta data for this client
        * All transactions for this client
        * All contacts (The primary client contact, and all other types) belonging to this client
        * The client's email logs
        * The client's contact update logs
        * The client's authentication logs
        * The client's client settings
        * The client's custom contact fields
        * The client's notes (staff notes for the client)
        * The client's payment accounts (CC & ACH)
        * The client's tickets (If the Support Manager is installed)

        Regarding the last item, it may be necessary to add an optional method or event for plugins to delete client specific data.

        Essentially, there should be no record of the client.

        There may be evidence in the module log for services provisioned, if they have not yet been rotated out, but we do not need to touch this. It's up to each company to have a proper rotation policy in place to delete logs that would normally be rotated by Blesta.
        Under a client profile page there is a delete client option for staff, that requires ACL permissions to access. This option only works if the client has no invoices, services, or transactions, including cancelled or paid invoices.

        This option should be updated to delete all of the client's data, so long as the following conditions are met:

        * No open invoices
        * No recurring invoices
        * No active services

        The action should delete:

        * All invoices belonging to this client
        * All services, including service meta data for this client
        * All transactions for this client
        * All contacts (The primary client contact, and all other types) belonging to this client
        * The client's email logs
        * The client's contact update logs
        * The client's authentication logs
        * The client's client settings
        * The client's custom contact fields
        * The client's notes (staff notes for the client)
        * The client's payment accounts (CC & ACH)
        * The client's tickets (If the Support Manager is installed)

        Regarding the last item, it may be necessary to add an optional method or event for plugins to delete client specific data.

        Essentially, there should be no record of the client.

        There may be evidence in the module log for services provisioned, if they have not yet been rotated out, but we do not need to touch this. It's up to each company to have a proper rotation policy in place to delete logs that would normally be rotated by Blesta.

        *Message should say something about this being permanent, and the staff member must enter their password.*
        admin Paul Phillips made changes -
        Description Under a client profile page there is a delete client option for staff, that requires ACL permissions to access. This option only works if the client has no invoices, services, or transactions, including cancelled or paid invoices.

        This option should be updated to delete all of the client's data, so long as the following conditions are met:

        * No open invoices
        * No recurring invoices
        * No active services

        The action should delete:

        * All invoices belonging to this client
        * All services, including service meta data for this client
        * All transactions for this client
        * All contacts (The primary client contact, and all other types) belonging to this client
        * The client's email logs
        * The client's contact update logs
        * The client's authentication logs
        * The client's client settings
        * The client's custom contact fields
        * The client's notes (staff notes for the client)
        * The client's payment accounts (CC & ACH)
        * The client's tickets (If the Support Manager is installed)

        Regarding the last item, it may be necessary to add an optional method or event for plugins to delete client specific data.

        Essentially, there should be no record of the client.

        There may be evidence in the module log for services provisioned, if they have not yet been rotated out, but we do not need to touch this. It's up to each company to have a proper rotation policy in place to delete logs that would normally be rotated by Blesta.

        *Message should say something about this being permanent, and the staff member must enter their password.*
        Under a client profile page there is a delete client option for staff, that requires ACL permissions to access. This option only works if the client has no invoices, services, or transactions, including cancelled or paid invoices.

        This option should be updated to delete all of the client's data, so long as the following conditions are met:

        * No open invoices
        * No recurring invoices
        * No active services

        The action should delete:

        * All invoices belonging to this client
        * All services, including service meta data for this client
        * All transactions for this client
        * All contacts (The primary client contact, and all other types) belonging to this client
        * The client's email logs
        * The client's contact update logs
        * The client's authentication logs
        * The client's client settings
        * The client's custom contact fields
        * The client's notes (staff notes for the client)
        * The client's payment accounts (CC & ACH)
        * The client's tickets (If the Support Manager is installed)

        Regarding the last item, it may be necessary to add an optional method or event for plugins to delete client specific data.

        Essentially, there should be no record of the client.

        There may be evidence in the module log for services provisioned, if they have not yet been rotated out, but we do not need to touch this. It's up to each company to have a proper rotation policy in place to delete logs that would normally be rotated by Blesta.

        *Message should say something about this being permanent, and the staff member must enter their password.*
        *This should all happen in a transaction*
        admin Paul Phillips made changes -
        Description Under a client profile page there is a delete client option for staff, that requires ACL permissions to access. This option only works if the client has no invoices, services, or transactions, including cancelled or paid invoices.

        This option should be updated to delete all of the client's data, so long as the following conditions are met:

        * No open invoices
        * No recurring invoices
        * No active services

        The action should delete:

        * All invoices belonging to this client
        * All services, including service meta data for this client
        * All transactions for this client
        * All contacts (The primary client contact, and all other types) belonging to this client
        * The client's email logs
        * The client's contact update logs
        * The client's authentication logs
        * The client's client settings
        * The client's custom contact fields
        * The client's notes (staff notes for the client)
        * The client's payment accounts (CC & ACH)
        * The client's tickets (If the Support Manager is installed)

        Regarding the last item, it may be necessary to add an optional method or event for plugins to delete client specific data.

        Essentially, there should be no record of the client.

        There may be evidence in the module log for services provisioned, if they have not yet been rotated out, but we do not need to touch this. It's up to each company to have a proper rotation policy in place to delete logs that would normally be rotated by Blesta.

        *Message should say something about this being permanent, and the staff member must enter their password.*
        *This should all happen in a transaction*
        Under a client profile page there is a delete client option for staff, that requires ACL permissions to access. This option only works if the client has no invoices, services, or transactions, including cancelled or paid invoices.

        This option should be updated to delete all of the client's data, so long as the following conditions are met:

        * No open invoices
        * No recurring invoices
        * No active services

        The action should delete:

        * All invoices belonging to this client
        * All services, including service meta data for this client
        * All transactions for this client
        * All contacts (The primary client contact, and all other types) belonging to this client
        * The client's email logs
        * The client's "Set Packages" for restricted packages.
        * The client's contact update logs
        * The client's authentication logs
        * The client's client settings
        * The client's custom contact fields
        * The client's notes (staff notes for the client)
        * The client's payment accounts (CC & ACH)
        * The client's tickets (If the Support Manager is installed)
        * The client's orders (If the Order Manager is installed)

        Regarding the last item, it may be necessary to add an optional method or event for plugins to delete client specific data.

        Essentially, there should be no record of the client.

        There may be evidence in the module log for services provisioned, if they have not yet been rotated out, but we do not need to touch this. It's up to each company to have a proper rotation policy in place to delete logs that would normally be rotated by Blesta.

        *Message should say something about this being permanent, and the staff member must enter their password.*
        *This should all happen in a transaction*
        tyson Tyson Phillips (Inactive) made changes -
        Parent CORE-2679 [ 13836 ]
        Issue Type Sub-task [ 5 ] Story [ 7 ]
        Story Points 13
        tyson Tyson Phillips (Inactive) made changes -
        Epic Link CORE-2463 [ 13555 ]
        tyson Tyson Phillips (Inactive) made changes -
        Sprint 4.3.0 Sprint 9 [ 60 ]
        tyson Tyson Phillips (Inactive) made changes -
        Rank Ranked lower
        tyson Tyson Phillips (Inactive) made changes -
        Assignee Tyson Phillips [ tyson ]
        Automated transition triggered when Tyson Phillips (Inactive) created a branch in Stash -
        Status Open [ 1 ] In Progress [ 3 ]
        tyson Tyson Phillips (Inactive) made changes -
        Assignee Tyson Phillips [ tyson ] Jonathan Reissmueller [ jonathan ]
        tyson Tyson Phillips (Inactive) made changes -
        Description Under a client profile page there is a delete client option for staff, that requires ACL permissions to access. This option only works if the client has no invoices, services, or transactions, including cancelled or paid invoices.

        This option should be updated to delete all of the client's data, so long as the following conditions are met:

        * No open invoices
        * No recurring invoices
        * No active services

        The action should delete:

        * All invoices belonging to this client
        * All services, including service meta data for this client
        * All transactions for this client
        * All contacts (The primary client contact, and all other types) belonging to this client
        * The client's email logs
        * The client's "Set Packages" for restricted packages.
        * The client's contact update logs
        * The client's authentication logs
        * The client's client settings
        * The client's custom contact fields
        * The client's notes (staff notes for the client)
        * The client's payment accounts (CC & ACH)
        * The client's tickets (If the Support Manager is installed)
        * The client's orders (If the Order Manager is installed)

        Regarding the last item, it may be necessary to add an optional method or event for plugins to delete client specific data.

        Essentially, there should be no record of the client.

        There may be evidence in the module log for services provisioned, if they have not yet been rotated out, but we do not need to touch this. It's up to each company to have a proper rotation policy in place to delete logs that would normally be rotated by Blesta.

        *Message should say something about this being permanent, and the staff member must enter their password.*
        *This should all happen in a transaction*
        Under a client profile page there is a delete client option for staff, that requires ACL permissions to access. This option only works if the client has no invoices, services, or transactions, including cancelled or paid invoices.

        This option should be updated to delete all of the client's data, so long as the following conditions are met:

        * No open invoices
        * No recurring invoices
        * No active services

        The action should delete:

        * All invoices belonging to this client
        * All services, including service meta data for this client
        * All transactions for this client
        * All contacts (The primary client contact, and all other types) belonging to this client
        * The client's email logs
        * The client's "Set Packages" for restricted packages.
        * The client's contact update logs
        * The client's authentication logs
        * The client's client settings
        * The client's custom contact fields
        * The client's notes (staff notes for the client)
        * The client's payment accounts (CC & ACH)
        * The client's tickets (If the Support Manager is installed)
        * The client's orders (If the Order Manager is installed)

        Regarding the last item, it may be necessary to add an optional method or event for plugins to delete client specific data.

        Essentially, there should be no record of the client.

        There may be evidence in the module log for services provisioned, if they have not yet been rotated out, but we do not need to touch this. It's up to each company to have a proper rotation policy in place to delete logs that would normally be rotated by Blesta.

        *Message should say something about this being permanent, and the staff member must enter their password.*
        *This should all happen -in a transaction- via events*
        Automated transition triggered when Tyson Phillips (Inactive) created pull request #448 in Stash -
        Status In Progress [ 3 ] In Review [ 5 ]
        Resolution Fixed [ 1 ]
        tyson Tyson Phillips (Inactive) made changes -
        Remaining Estimate 0 minutes [ 0 ]
        Time Spent 2 hours, 10 minutes [ 7800 ]
        Worklog Id 11186 [ 11186 ]
        Automated transition triggered when Tyson Phillips (Inactive) merged pull request #448 in Stash -
        Status In Review [ 5 ] Closed [ 6 ]
        tyson Tyson Phillips (Inactive) made changes -
        Link This issue Testing discovered CORE-2707 [ CORE-2707 ]

          People

          • Assignee:
            jonathan Jonathan Reissmueller
            Reporter:
            admin Paul Phillips
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Fix Release Date:
              15/Jun/18

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0 minutes
              0m
              Logged:
              Time Spent - 1 week, 25 minutes
              1w 25m

                Agile