When doing our tests on the organizations functionality on the Account Portal, we've found that when trying to delete an organization, the user can end up deleting its own user account instead. To delete an organization, the user has to edit the organization profile. At the bottom of this page there is the option to destroy the organization. But this option depends on the currently active session, that is: - If the current session is the organization session, the option is "Destroy organization" and this allows the user to delete that organization, as expected. - If the current session is the user session, the option is "Cancel account" and this leads to cancelling the user account whose session is currently active. This is a very serious issue, because there are actions when using the Account portal that change the currently active session without user intervention, and the user may not realize the session has changed. Also, the option to cancel a user account should only be available when editing the user profile, not when editing an organization profile. Regards, -- David Muriel -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-lab-help/attachments/20141104/121ca32c/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy