delete user should delete poral_memberdata

[Anonymous User]

Deleting a user (from prefs_user_manage and similar) should delete the associated member_data immediately. If a new user with an 'old' ID is registered before member_data gets pruned (there is no way to do this automagically I assume), the new user will inherit the deleted user's data, which is both a security issue and a practical issue (login_date is not as expected for a new user, and the automatic traversal to the change password form will not happen).

[mellvik]

This is a duplicate - please disregard.

[tiran]

verified by a new unit test

[alecm]

This has always been true in plone, and I'm not sure how critical it truly is, as we've lived with it a while and 2.1 is perhaps too close at hand to do the fix for this.

There are a couple of suggested fixes/patches for this issue here http://plone.org/development/teams/developer/groups/issues/48 These are intended for CMFMember (where the problem was a bit more dire), but should be essentially the same as what is needed in Plone.

The monkey-patch was the solution chosen by CMFMember because of it's greater generality. However, if it is decided that we need this in 2.1, I suggest simply adding the delete call to the form controller script to handle this. Otherwise, we should wait for PAS integration in 2.1 and add our own PAS plugin for doing this.

[alecm]

Since portal_membership now provides a nice method for member deletion, we use that in 2.1 svn instead of deleting from acl_users directly..