.. _UC23:

Use Case 23 - Owner Expunge Content
-----------------------------------

.. index:: Use Case 23, UC23, expunge, remove content, take down

Revisions
  View document revision history_.


Goal
  User can find out where all copies of my data are in the system and can
  expunge them.

Summary 
  In some cases it may be desirable for a data owner to remove all their 
  content from the system, however this use case conflicts with the general
  premise of DataONE to preserve information. A useful compromise *may* be to
  expunge content that has no known references to it.

  There may be situations where content removal may be necessary for system
  or community integrity - for example if content uploaded to the system is
  determined to contain dangerous content such as viruses, the data owner is
  discovered to have committed fraud, or the content may be protected and must
  be removed for legal reasons.

  In any case, it would seem that a data manager or curator should be involved
  in such decisions.

Actors
  - Data owner
  - Data curator
  - Member Nodes
  - Coordinating Nodes
  - Notification system (referrers should be notified of removal)

Preconditions 
  - Content exists in the system that must be removed
  - A decision has been made to remove all / some content
  
Triggers
  - All triggers for this should be through administrative / curatorial 
    procedures.
 
Post Conditions
  - The targeted content is no longer present in the DataONE system
  - Subscribers are be notified of the change

.. 
  @startuml images/23_seq.png

   actor "User (Data Owner)" as user
   participant "Client" as app_client << Application >>
   user -> app_client
   participant "Authentication API" as c_authenticate << Coordinating Node >>
   app_client -> c_authenticate: login (user, pw)
   app_client <-- c_authenticate: token or failure
   participant "Query API" as c_query << Coordinating Node >>
   app_client -> c_query: getAllCopies (token, ownerID)
   participant "Authorization API" as c_authorize << Coordinating Node >>
   c_query -> c_authorize: isAuth (token, resultset)
   participant "Verify API" as c_ver << Coordinating Node >>
   c_authorize -> c_ver: isValidToken (token)
   c_authorize <-- c_ver: T or F
   c_query <-- c_authorize: T or F
   app_client <-- c_query: records or fail
   participant "CRUD API" as c_crud << Coordinating Node >>
   app_client -> c_crud: deleteRecords (token, listOfPids)
   app_client <-- c_crud: ack or fail
   note right
   Can the Query API find out where all
   copies of my data are in the system
   or should this be handled by another
   API?
   end note
   @enduml 

.. image:: images/23_seq.png

*Figure 1.* Interactions for use case 23, User can find out where all copies
of my data are in the system and\ncan expunge them


**Notes**

- Dealing with inappropriate usage of (ie, copyrighted objects that are
  stored)


.. _history: https://redmine.dataone.org/projects/d1/repository/changes/documents/Projects/cicore/architecture/api-documentation/source/design/UseCases/23_uc.txt