Allow soft deleting users?

[swcraig]

solidus_auth_devise is broken against Solidus master. This solidus_auth_devise spec tests that users with orders can be soft deleted. EDIT: The spec I referenced has been removed.

In core, 86d0e62 introduced raising an exception when deleting a user with orders.

Should we allow soft deleting users? May this be configurable?

spree_auth_devise had introduced soft deleting users with orders as a result of this discussion.

[jhawthorn]

Prior to 86d0e62, core tested that LegacyUser had that restriction. At least now we're consistent.

The soft-deletion of user in solidus_auth_devise is really half-baked. Nowhere in either codebase do we do a User.with_deleted or similar, so all associations tied to the user will look like they have no associated user (not good!). We also have no ability in the admin to see the user. Deleting the user also scrambles the email, which is probably not a good idea for auditing.

For these reasons, I think we should remove acts_as_paranoid from solidus_auth_devise's user model and replace it with what is described in the devise wiki.

[swcraig]

It seems that #3138 follows the general spirit of this issue. That ticket is fresh and the discussion can move there.