[#22718] - [com_privacy] Remove request data can be deleted more than once
- Closed
- 20 Oct 2018
- Medium
- Build: staging
- # 22718
Steps to reproduce the issue
Joomla 3.9 with all new features enabled
User "me@phil-taylor.com" requests a REMOVE request
He Confirms it with a token from the email
The admin sees the, and clicks the X to delete all his data
The admin doesnt bother setting the status to COMPLETED (this should happen automatically when the delete data X is clicked!)
(No notification is sent to me@phil-taylor.com that his data is deleted!)
The user "me@phil-taylor.com" comes back to the website a week later and signs up again with email address me@phil-taylor.com
Admin#2 clicks X on the already confirmed and actioned request, and deletes all the new data
Admin nth can delete all information on any me@phil-taylor.com for years to come by clicking X on this request until someone bothers to move it to Completed status.
Expected result
Deletion of data is a one time per request automatically moving the status to completed
Actual result
X can be clicked multiple times, and data created after the request is deleted which is nothing to do with this request.
joomla-cms-bot
- | Labels |
Added:
?
|
||
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-10-20 13:20:27 |
| Closed_By | ⇒ | PhilETaylor |
Neither export nor remove automatically mark the request as completed when an action is clicked. We know not every extension integrates with the system and before marking complete the admin should still do a supplementary check of the site to make sure everything is covered, and at that point the admin should complete the request.