implement account deletion

4 files changed, 89 insertions, 9 deletions

diff --git a/index.pl b/index.pl
index caa25d2..4ddb44e 100755
--- a/index.pl
+++ b/index.pl
@@ -140,6 +140,17 @@ app->attr(
 	}
 );
 app->attr(
+	mark_for_deletion_query => sub {
+		my ($self) = @_;
+
+		return $self->app->dbh->prepare(
+			qq{
+				update users set deletion_requested = ? where id = ?;
+			}
+		);
+	}
+);
+app->attr(
 	checkin_query => sub {
 		my ($self) = @_;
 
@@ -614,6 +625,11 @@ helper 'get_user_data' => sub {
 				time_zone => 'Europe/Berlin'
 			),
 			deletion_requested => $row[7]
+			? DateTime->from_epoch(
+				epoch     => $row[7],
+				time_zone => 'Europe/Berlin'
+			  )
+			: undef,
 		};
 	}
 	return undef;
@@ -1243,6 +1259,24 @@ get '/export.json' => sub {
 	);
 };
 
+post '/delete' => sub {
+	my ($self) = @_;
+	if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
+		$self->render( 'account', invalid => 'csrf' );
+		return;
+	}
+	my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch;
+	if ( $self->param('action') eq 'delete' ) {
+		$self->app->mark_for_deletion_query->execute( $now,
+			$self->current_user->{id} );
+	}
+	else {
+		$self->app->mark_for_deletion_query->execute( undef,
+			$self->current_user->{id} );
+	}
+	$self->redirect_to('account');
+};
+
 post '/logout' => sub {
 	my ($self) = @_;
 	if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
diff --git a/templates/_deletion_note.html.ep b/templates/_deletion_note.html.ep
new file mode 100644
index 0000000..89cf271
--- /dev/null
+++ b/templates/_deletion_note.html.ep
@@ -0,0 +1,24 @@
+<div class="row">
+	<div class="col s12">
+		<div class="card red darken-4">
+			<div class="card-content white-text">
+				<span class="card-title">Account wird gelöscht</span>
+				<p>
+					Dein Account wird am <%= $timestamp->clone->add(days => 3)->strftime('%d.%m.%Y ab %H:%M') %> Uhr
+					gelöscht, da er am <%= $timestamp->strftime('%d.%m.%Y um %H:%M') %> Uhr
+					zum Löschen vorgemerkt wurde.
+				</p>
+				<p>
+					Falls du dich umentschieden hast, kannst du den Löschauftrag
+					hier zurücknehmen.
+					%= form_for 'delete' => begin
+						%= csrf_field
+						<button class="btn-flat waves-effect waves-light white black-text" type="submit" name="action" value="undelete">
+							Account Nicht löschen
+						</button>
+					%= end
+				</p>
+			</div>
+		</div>
+	</div>
+</div>
diff --git a/templates/account.html.ep b/templates/account.html.ep
index 8a8f14a..74af719 100644
--- a/templates/account.html.ep
+++ b/templates/account.html.ep
@@ -32,15 +32,6 @@
 	<div class="col s1 m1 l3">
 	</div>
 </div>
-<div class="row">
-	<div class="col s1 m1 l3">
-	</div>
-	<div class="col s10 m10 l6 center-align">
-		„Account löschen“ wird bald™ implementiert.
-	</div>
-	<div class="col s1 m1 l3">
-	</div>
-</div>
 
 <h1>Export</h1>
 
@@ -51,3 +42,30 @@
 		</ul>
 	</div>
 </div>
+
+% if (not $acc->{deletion_requested}) {
+	<h1>Account löschen</h1>
+	<div class="row">
+		<div class="col s12">
+			<p>
+				Der Account wird zunächst nur zur Löschung vorgemerkt.  Wenn der
+				Auftrag nach drei Tagen nicht zurückgenommen wird, wird der Account
+				mit allen zugehörigen Reisedaten ohne weitere Rückfragen entfernt.
+			</p>
+		</div>
+	</div>
+	<div class="row">
+		<div class="col s1 m1 l3">
+		</div>
+		<div class="col s10 m10 l6 center-align">
+			%= form_for 'delete' => begin
+				%= csrf_field
+				<button class="btn waves-effect waves-light red" type="submit" name="action" value="delete">
+					Account löschen
+				</button>
+			%= end
+		</div>
+		<div class="col s1 m1 l3">
+		</div>
+	</div>
+% }
diff --git a/templates/layouts/default.html.ep b/templates/layouts/default.html.ep
index efd7ee4..028f293 100644
--- a/templates/layouts/default.html.ep
+++ b/templates/layouts/default.html.ep
@@ -32,6 +32,10 @@
 </nav>
 
 <div class="container">
+	% my $acc = get_user_data();
+	% if ($acc and $acc->{deletion_requested}) {
+		%= include '_deletion_note', timestamp => $acc->{deletion_requested}
+	% }
 	%= content
 </div>