You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by Sina Kashipazha <s....@protonmail.com.INVALID> on 2023/02/14 14:32:03 UTC

[DISCUSSION] Name confirmation before Destructive and unrecoverable actions

Hey guys,


Cloudstack users can delete their account accidentally and lock themselves from accessing the CloudStack panel. A link to an account placed next to ISO, template, VM and other entities in CloudStack's UI. If customers doesn't paying attention, they would click on the account link instead of the link to the entity they want (vm, template, ISO etc.) Then, if they had wanted to delete that entity, they would press delete button without realising they were on the account page, and press Confirm.


I'm suggesting to add an extra step before deletion. In that step users must write the account name, unless otherwise they can't confirm deletion. Github, like many other applications asks you to write down the entity's name before DESTRUCTIVE and UNRECOVERABLE actions.


I've also created the following issue in Github:
https://github.com/apache/cloudstack/issues/7219



Please let me know your thoughts about the proposal.


Kind regards,
Sina

Re: [DISCUSSION] Name confirmation before Destructive and unrecoverable actions

Posted by Harikrishna Patnala <Ha...@shapeblue.com>.

I agree with Sina to some extent as he mentioned in the PR, we should not allow deleting the own user account from UI alteast. I tried deleting the user where I logged in, it immediately kicked me out of the logged in session.

Daan, we are already not allowing a normal user to delete their own account. This case is for the root/resource/domain admin accounts.

Regards,
Harikrishna

On 16/02/23, 8:53 PM, "Sina Kashipazha" <s....@protonmail.com.INVALID> wrote:

Daan, I created the following PR, it don't allow users to delete themselves.

https://github.com/apache/cloudstack/pull/7242



--
 

----- Original Message -------
On Wednesday, February 15th, 2023 at 14:34, Sina Kashipazha <s....@protonmail.com.INVA>LID> wrote:


>

>

>

>

> Yes, they shouldn't be allowed to delete themselves. I'm totally agree with that.
>

> We can add this extra step as well, before users remove something valuable like volume or network, etc.
>

>

> ------- Original Message -------
> On Wednesday, February 15th, 2023 at 14:09, Daan Hoogland daan.hoogland@gmail.com<ma...@gmail.com> wrote:
>

>

>

> > again Sina, I think the users should never be allowed to delete themselves.
> > What is the use of such an action?
>

> > On Wed, Feb 15, 2023 at 12:28 PM Sina Kashipazha
> > s.kashipazha@protonmail.com.inva<ma...@protonmail.com.inva>lid wrote:
>

> > > I agree that it is not as pressing as it looks, but the consequences are
> > > high if users remove their account. In some setup, their VM will be deleted
> > > immediately for ever.
>

> > > Cause the network, VPS, account and many more deletion actions are look
> > > the same user will not read the confirmation pop up :-)
>

> > > The proposed extra step that asks users to input the account name will
> > > prevent accident.
>

> > > ------- Original Message -------
> > > On Wednesday, February 15th, 2023 at 10:17 AM, Wei ZHOU <
> > > ustcweizhou@gmail.com<ma...@gmail.com>> wrote:
>

> > > > Agree with Daan
>

> > > > -Wei
>

> > > > On Wednesday, 15 February 2023, Daan Hoogland daan.hoogland@gmail.com<ma...@gmail.com>
>

> > > > wrote:
>

> > > > > seems ok, but I do not see the use case as pressing. I´d rather say
> > > > > that a
> > > > > user should not be able to destroy their own account.
>

> > > > > On Tue, Feb 14, 2023 at 3:32 PM Sina Kashipazha
> > > > > s.kashipazha@protonmail.com.inva<ma...@protonmail.com.inva>lid wrote:
>

> > > > > > Hey guys,
>

> > > > > > Cloudstack users can delete their account accidentally and lock
> > > > > > themselves
> > > > > > from accessing the CloudStack panel. A link to an account placed
> > > > > > next to
> > > > > > ISO, template, VM and other entities in CloudStack's UI. If customers
> > > > > > doesn't paying attention, they would click on the account link
> > > > > > instead of
> > > > > > the link to the entity they want (vm, template, ISO etc.) Then, if
> > > > > > they
> > > > > > had
> > > > > > wanted to delete that entity, they would press delete button without
> > > > > > realising they were on the account page, and press Confirm.
>

> > > > > > I'm suggesting to add an extra step before deletion. In that step
> > > > > > users
> > > > > > must write the account name, unless otherwise they can't confirm
> > > > > > deletion.
> > > > > > Github, like many other applications asks you to write down the
> > > > > > entity's
> > > > > > name before DESTRUCTIVE and UNRECOVERABLE actions.
>

> > > > > > I've also created the following issue in Github:
> > > > > > https://github.com/apache/cloudstack/issues/7219
>

> > > > > > Please let me know your thoughts about the proposal.
>

> > > > > > Kind regards,
> > > > > > Sina
>

> > > > > --
> > > > > Daan
>

> > --
> > Daan

Re: [DISCUSSION] Name confirmation before Destructive and unrecoverable actions

Posted by Sina Kashipazha <s....@protonmail.com.INVALID>.

Daan, I created the following PR, it don't allow users to delete themselves.

https://github.com/apache/cloudstack/pull/7242



------- Original Message -------
On Wednesday, February 15th, 2023 at 14:34, Sina Kashipazha <s....@protonmail.com.INVALID> wrote:


> 

> 

> 

> 

> Yes, they shouldn't be allowed to delete themselves. I'm totally agree with that.
> 

> We can add this extra step as well, before users remove something valuable like volume or network, etc.
> 

> 

> ------- Original Message -------
> On Wednesday, February 15th, 2023 at 14:09, Daan Hoogland daan.hoogland@gmail.com wrote:
> 

> 

> 

> > again Sina, I think the users should never be allowed to delete themselves.
> > What is the use of such an action?
> 

> > On Wed, Feb 15, 2023 at 12:28 PM Sina Kashipazha
> > s.kashipazha@protonmail.com.invalid wrote:
> 

> > > I agree that it is not as pressing as it looks, but the consequences are
> > > high if users remove their account. In some setup, their VM will be deleted
> > > immediately for ever.
> 

> > > Cause the network, VPS, account and many more deletion actions are look
> > > the same user will not read the confirmation pop up :-)
> 

> > > The proposed extra step that asks users to input the account name will
> > > prevent accident.
> 

> > > ------- Original Message -------
> > > On Wednesday, February 15th, 2023 at 10:17 AM, Wei ZHOU <
> > > ustcweizhou@gmail.com> wrote:
> 

> > > > Agree with Daan
> 

> > > > -Wei
> 

> > > > On Wednesday, 15 February 2023, Daan Hoogland daan.hoogland@gmail.com
> 

> > > > wrote:
> 

> > > > > seems ok, but I do not see the use case as pressing. I´d rather say
> > > > > that a
> > > > > user should not be able to destroy their own account.
> 

> > > > > On Tue, Feb 14, 2023 at 3:32 PM Sina Kashipazha
> > > > > s.kashipazha@protonmail.com.invalid wrote:
> 

> > > > > > Hey guys,
> 

> > > > > > Cloudstack users can delete their account accidentally and lock
> > > > > > themselves
> > > > > > from accessing the CloudStack panel. A link to an account placed
> > > > > > next to
> > > > > > ISO, template, VM and other entities in CloudStack's UI. If customers
> > > > > > doesn't paying attention, they would click on the account link
> > > > > > instead of
> > > > > > the link to the entity they want (vm, template, ISO etc.) Then, if
> > > > > > they
> > > > > > had
> > > > > > wanted to delete that entity, they would press delete button without
> > > > > > realising they were on the account page, and press Confirm.
> 

> > > > > > I'm suggesting to add an extra step before deletion. In that step
> > > > > > users
> > > > > > must write the account name, unless otherwise they can't confirm
> > > > > > deletion.
> > > > > > Github, like many other applications asks you to write down the
> > > > > > entity's
> > > > > > name before DESTRUCTIVE and UNRECOVERABLE actions.
> 

> > > > > > I've also created the following issue in Github:
> > > > > > https://github.com/apache/cloudstack/issues/7219
> 

> > > > > > Please let me know your thoughts about the proposal.
> 

> > > > > > Kind regards,
> > > > > > Sina
> 

> > > > > --
> > > > > Daan
> 

> > --
> > Daan

Re: [DISCUSSION] Name confirmation before Destructive and unrecoverable actions

Posted by Sina Kashipazha <s....@protonmail.com.INVALID>.


Yes, they shouldn't be allowed to delete themselves. I'm totally agree with that.

We can add this extra step as well, before users remove something valuable like volume or network, etc.


------- Original Message -------
On Wednesday, February 15th, 2023 at 14:09, Daan Hoogland <da...@gmail.com> wrote:


> 

> 

> again Sina, I think the users should never be allowed to delete themselves.
> What is the use of such an action?
> 

> On Wed, Feb 15, 2023 at 12:28 PM Sina Kashipazha
> s.kashipazha@protonmail.com.invalid wrote:
> 

> > I agree that it is not as pressing as it looks, but the consequences are
> > high if users remove their account. In some setup, their VM will be deleted
> > immediately for ever.
> > 

> > Cause the network, VPS, account and many more deletion actions are look
> > the same user will not read the confirmation pop up :-)
> > 

> > The proposed extra step that asks users to input the account name will
> > prevent accident.
> > 

> > ------- Original Message -------
> > On Wednesday, February 15th, 2023 at 10:17 AM, Wei ZHOU <
> > ustcweizhou@gmail.com> wrote:
> > 

> > > Agree with Daan
> > 

> > > -Wei
> > 

> > > On Wednesday, 15 February 2023, Daan Hoogland daan.hoogland@gmail.com
> > 

> > > wrote:
> > 

> > > > seems ok, but I do not see the use case as pressing. I´d rather say
> > > > that a
> > > > user should not be able to destroy their own account.
> > 

> > > > On Tue, Feb 14, 2023 at 3:32 PM Sina Kashipazha
> > > > s.kashipazha@protonmail.com.invalid wrote:
> > 

> > > > > Hey guys,
> > 

> > > > > Cloudstack users can delete their account accidentally and lock
> > > > > themselves
> > > > > from accessing the CloudStack panel. A link to an account placed
> > > > > next to
> > > > > ISO, template, VM and other entities in CloudStack's UI. If customers
> > > > > doesn't paying attention, they would click on the account link
> > > > > instead of
> > > > > the link to the entity they want (vm, template, ISO etc.) Then, if
> > > > > they
> > > > > had
> > > > > wanted to delete that entity, they would press delete button without
> > > > > realising they were on the account page, and press Confirm.
> > 

> > > > > I'm suggesting to add an extra step before deletion. In that step
> > > > > users
> > > > > must write the account name, unless otherwise they can't confirm
> > > > > deletion.
> > > > > Github, like many other applications asks you to write down the
> > > > > entity's
> > > > > name before DESTRUCTIVE and UNRECOVERABLE actions.
> > 

> > > > > I've also created the following issue in Github:
> > > > > https://github.com/apache/cloudstack/issues/7219
> > 

> > > > > Please let me know your thoughts about the proposal.
> > 

> > > > > Kind regards,
> > > > > Sina
> > 

> > > > --
> > > > Daan
> 

> 

> 

> 

> --
> Daan

Re: [DISCUSSION] Name confirmation before Destructive and unrecoverable actions

Posted by Daan Hoogland <da...@gmail.com>.

again Sina, I think the users should never be allowed to delete themselves.
What is the use of such an action?

On Wed, Feb 15, 2023 at 12:28 PM Sina Kashipazha
<s....@protonmail.com.invalid> wrote:

>
> I agree that it is not as pressing as it looks, but the consequences are
> high if users remove their account. In some setup, their VM will be deleted
> immediately for ever.
>
> Cause the network, VPS, account and many more deletion actions are look
> the same user will not read the confirmation pop up :-)
>
> The proposed extra step that asks users to input the account name will
> prevent accident.
>
>
> ------- Original Message -------
> On Wednesday, February 15th, 2023 at 10:17 AM, Wei ZHOU <
> ustcweizhou@gmail.com> wrote:
>
>
> >
>
> >
>
> > Agree with Daan
> >
>
> > -Wei
> >
>
> > On Wednesday, 15 February 2023, Daan Hoogland daan.hoogland@gmail.com
> >
>
> > wrote:
> >
>
> > > seems ok, but I do not see the use case as pressing. I´d rather say
> that a
> > > user should not be able to destroy their own account.
> > >
>
> > > On Tue, Feb 14, 2023 at 3:32 PM Sina Kashipazha
> > > s.kashipazha@protonmail.com.invalid wrote:
> > >
>
> > > > Hey guys,
> > > >
>
> > > > Cloudstack users can delete their account accidentally and lock
> > > > themselves
> > > > from accessing the CloudStack panel. A link to an account placed
> next to
> > > > ISO, template, VM and other entities in CloudStack's UI. If customers
> > > > doesn't paying attention, they would click on the account link
> instead of
> > > > the link to the entity they want (vm, template, ISO etc.) Then, if
> they
> > > > had
> > > > wanted to delete that entity, they would press delete button without
> > > > realising they were on the account page, and press Confirm.
> > > >
>
> > > > I'm suggesting to add an extra step before deletion. In that step
> users
> > > > must write the account name, unless otherwise they can't confirm
> > > > deletion.
> > > > Github, like many other applications asks you to write down the
> entity's
> > > > name before DESTRUCTIVE and UNRECOVERABLE actions.
> > > >
>
> > > > I've also created the following issue in Github:
> > > > https://github.com/apache/cloudstack/issues/7219
> > > >
>
> > > > Please let me know your thoughts about the proposal.
> > > >
>
> > > > Kind regards,
> > > > Sina
> > >
>
> > > --
> > > Daan



-- 
Daan

Re: [DISCUSSION] Name confirmation before Destructive and unrecoverable actions

Posted by Sina Kashipazha <s....@protonmail.com.INVALID>.

I agree that it is not as pressing as it looks, but the consequences are high if users remove their account. In some setup, their VM will be deleted immediately for ever.

Cause the network, VPS, account and many more deletion actions are look the same user will not read the confirmation pop up :-)

The proposed extra step that asks users to input the account name will prevent accident.


------- Original Message -------
On Wednesday, February 15th, 2023 at 10:17 AM, Wei ZHOU <us...@gmail.com> wrote:


> 

> 

> Agree with Daan
> 

> -Wei
> 

> On Wednesday, 15 February 2023, Daan Hoogland daan.hoogland@gmail.com
> 

> wrote:
> 

> > seems ok, but I do not see the use case as pressing. I´d rather say that a
> > user should not be able to destroy their own account.
> > 

> > On Tue, Feb 14, 2023 at 3:32 PM Sina Kashipazha
> > s.kashipazha@protonmail.com.invalid wrote:
> > 

> > > Hey guys,
> > > 

> > > Cloudstack users can delete their account accidentally and lock
> > > themselves
> > > from accessing the CloudStack panel. A link to an account placed next to
> > > ISO, template, VM and other entities in CloudStack's UI. If customers
> > > doesn't paying attention, they would click on the account link instead of
> > > the link to the entity they want (vm, template, ISO etc.) Then, if they
> > > had
> > > wanted to delete that entity, they would press delete button without
> > > realising they were on the account page, and press Confirm.
> > > 

> > > I'm suggesting to add an extra step before deletion. In that step users
> > > must write the account name, unless otherwise they can't confirm
> > > deletion.
> > > Github, like many other applications asks you to write down the entity's
> > > name before DESTRUCTIVE and UNRECOVERABLE actions.
> > > 

> > > I've also created the following issue in Github:
> > > https://github.com/apache/cloudstack/issues/7219
> > > 

> > > Please let me know your thoughts about the proposal.
> > > 

> > > Kind regards,
> > > Sina
> > 

> > --
> > Daan

Re: [DISCUSSION] Name confirmation before Destructive and unrecoverable actions

Posted by Wei ZHOU <us...@gmail.com>.

Agree with Daan

-Wei

On Wednesday, 15 February 2023, Daan Hoogland <da...@gmail.com>
wrote:

> seems ok, but I do not see the use case as pressing. I´d rather say that a
> user should not be able to destroy their own account.
>
> On Tue, Feb 14, 2023 at 3:32 PM Sina Kashipazha
> <s....@protonmail.com.invalid> wrote:
>
> > Hey guys,
> >
> > Cloudstack users can delete their account accidentally and lock
> themselves
> > from accessing the CloudStack panel. A link to an account placed next to
> > ISO, template, VM and other entities in CloudStack's UI. If customers
> > doesn't paying attention, they would click on the account link instead of
> > the link to the entity they want (vm, template, ISO etc.) Then, if they
> had
> > wanted to delete that entity, they would press delete button without
> > realising they were on the account page, and press Confirm.
> >
> > I'm suggesting to add an extra step before deletion. In that step users
> > must write the account name, unless otherwise they can't confirm
> deletion.
> > Github, like many other applications asks you to write down the entity's
> > name before DESTRUCTIVE and UNRECOVERABLE actions.
> >
> > I've also created the following issue in Github:
> > https://github.com/apache/cloudstack/issues/7219
> >
> > Please let me know your thoughts about the proposal.
> >
> > Kind regards,
> > Sina
> >
> >
> >
> >
> >
> >
>
> --
> Daan
>

Re: [DISCUSSION] Name confirmation before Destructive and unrecoverable actions

Posted by Daan Hoogland <da...@gmail.com>.

seems ok, but I do not see the use case as pressing. I´d rather say that a
user should not be able to destroy their own account.

On Tue, Feb 14, 2023 at 3:32 PM Sina Kashipazha
<s....@protonmail.com.invalid> wrote:

> Hey guys,
>
> Cloudstack users can delete their account accidentally and lock themselves
> from accessing the CloudStack panel. A link to an account placed next to
> ISO, template, VM and other entities in CloudStack's UI. If customers
> doesn't paying attention, they would click on the account link instead of
> the link to the entity they want (vm, template, ISO etc.) Then, if they had
> wanted to delete that entity, they would press delete button without
> realising they were on the account page, and press Confirm.
>
> I'm suggesting to add an extra step before deletion. In that step users
> must write the account name, unless otherwise they can't confirm deletion.
> Github, like many other applications asks you to write down the entity's
> name before DESTRUCTIVE and UNRECOVERABLE actions.
>
> I've also created the following issue in Github:
> https://github.com/apache/cloudstack/issues/7219
>
> Please let me know your thoughts about the proposal.
>
> Kind regards,
> Sina
>
>
>
>
>
>

-- 
Daan