Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users are removed from organisation with no warning if subscription is cancelled #4993

Open
1 of 4 tasks
rolodato opened this issue Jan 13, 2025 · 0 comments
Open
1 of 4 tasks

Users are removed from organisation with no warning if subscription is cancelled #4993

rolodato opened this issue Jan 13, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@rolodato
Copy link
Member

rolodato commented Jan 13, 2025
edited
Loading

How are you running Flagsmith

  • Self Hosted with Docker
  • Self Hosted with Kubernetes
  • SaaS at flagsmith.com
  • Some other way (add details in description below)

Describe the bug

In #2197, we added behaviour for removing all but the first admin user from an organisation if its subscription is cancelled for any reason. This includes accidentally not paying/renewing the subscription and having it be automatically canceled.

This is not a good user experience for several reasons:

  • The first admin is not necessarily the one actually using Flagsmith, and they might be unavailable to do anything.
  • Even if the first admin is available, they might not have access to the billing portal.
  • There is no warning or notification anywhere that this will happen or has happened.
  • If a customer wants to re-instate their paid subscription, they have to renew the subscription AND also invite the additional admins. From the customer's perspective, this is data loss and does not inspire confidence.
  • If an admin was removed and they log in to Flagsmith, they will not see any indication they were removed. They might see a forever-loading screen or a blank organisation switcher with no other context.

Slack discussion here: https://flagsmith.slack.com/archives/CTF0THS2D/p1736773771007339

Steps To Reproduce

On a paid organisation with more than 1 admin user, cancel the subscription. All admins that joined after the first one are removed with no explanation or context.

Expected behavior

Never automatically remove users from organisations without user interaction or consent.

One alternative might be introduce the following behaviour. If the following are true:

  • Organisation is on a free plan
  • Organisation has more than 1 admin which does not have is_staff (this allows support staff to add themselves to free organisations)

Then, block access for all users in this organisation to the whole dashboard except the following:

  • Organisation page (to allow switching to another non-blocked org)
  • Account page
  • Organisation Users & Permissions page
  • Usage
  • Organisation Settings (specifically Billing page at a minimum)

All admins including staff users should be blocked from accessing this org, so that they can see exactly what the customer is seeing in this situation.

A message explaining the situation with suggested action items should be displayed to the user, so they can resolve the situation themselves.

The current blocking mechanism we have is at the organisation level and is more restrictive, since it does not allow access to the Users & Permissions page. The mechanism proposed here should be more lenient to allow users to unblock themselves after they run into this situation.

Screenshots

No response
@rolodato rolodato added the bug Something isn't working label Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rolodato