summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Friesel <derf@finalrewind.org>2019-03-12 21:49:26 +0100
committerDaniel Friesel <derf@finalrewind.org>2019-03-12 21:49:26 +0100
commit6ac88f40187864d4dd247c76de576dcbb4f15653 (patch)
tree78bea5ebb08b838ac9c8c45bc66bbe6f091920da
parent2604abad4e685cb485922fc82feef54f805e3e36 (diff)
implement account deletion
-rwxr-xr-xindex.pl34
-rw-r--r--templates/_deletion_note.html.ep24
-rw-r--r--templates/account.html.ep36
-rw-r--r--templates/layouts/default.html.ep4
4 files changed, 89 insertions, 9 deletions
diff --git a/index.pl b/index.pl
index caa25d2..4ddb44e 100755
--- a/index.pl
+++ b/index.pl
@@ -140,6 +140,17 @@ app->attr(
}
);
app->attr(
+ mark_for_deletion_query => sub {
+ my ($self) = @_;
+
+ return $self->app->dbh->prepare(
+ qq{
+ update users set deletion_requested = ? where id = ?;
+ }
+ );
+ }
+);
+app->attr(
checkin_query => sub {
my ($self) = @_;
@@ -614,6 +625,11 @@ helper 'get_user_data' => sub {
time_zone => 'Europe/Berlin'
),
deletion_requested => $row[7]
+ ? DateTime->from_epoch(
+ epoch => $row[7],
+ time_zone => 'Europe/Berlin'
+ )
+ : undef,
};
}
return undef;
@@ -1243,6 +1259,24 @@ get '/export.json' => sub {
);
};
+post '/delete' => sub {
+ my ($self) = @_;
+ if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
+ $self->render( 'account', invalid => 'csrf' );
+ return;
+ }
+ my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch;
+ if ( $self->param('action') eq 'delete' ) {
+ $self->app->mark_for_deletion_query->execute( $now,
+ $self->current_user->{id} );
+ }
+ else {
+ $self->app->mark_for_deletion_query->execute( undef,
+ $self->current_user->{id} );
+ }
+ $self->redirect_to('account');
+};
+
post '/logout' => sub {
my ($self) = @_;
if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
diff --git a/templates/_deletion_note.html.ep b/templates/_deletion_note.html.ep
new file mode 100644
index 0000000..89cf271
--- /dev/null
+++ b/templates/_deletion_note.html.ep
@@ -0,0 +1,24 @@
+<div class="row">
+ <div class="col s12">
+ <div class="card red darken-4">
+ <div class="card-content white-text">
+ <span class="card-title">Account wird gelöscht</span>
+ <p>
+ Dein Account wird am <%= $timestamp->clone->add(days => 3)->strftime('%d.%m.%Y ab %H:%M') %> Uhr
+ gelöscht, da er am <%= $timestamp->strftime('%d.%m.%Y um %H:%M') %> Uhr
+ zum Löschen vorgemerkt wurde.
+ </p>
+ <p>
+ Falls du dich umentschieden hast, kannst du den Löschauftrag
+ hier zurücknehmen.
+ %= form_for 'delete' => begin
+ %= csrf_field
+ <button class="btn-flat waves-effect waves-light white black-text" type="submit" name="action" value="undelete">
+ Account Nicht löschen
+ </button>
+ %= end
+ </p>
+ </div>
+ </div>
+ </div>
+</div>
diff --git a/templates/account.html.ep b/templates/account.html.ep
index 8a8f14a..74af719 100644
--- a/templates/account.html.ep
+++ b/templates/account.html.ep
@@ -32,15 +32,6 @@
<div class="col s1 m1 l3">
</div>
</div>
-<div class="row">
- <div class="col s1 m1 l3">
- </div>
- <div class="col s10 m10 l6 center-align">
- „Account löschen“ wird bald™ implementiert.
- </div>
- <div class="col s1 m1 l3">
- </div>
-</div>
<h1>Export</h1>
@@ -51,3 +42,30 @@
</ul>
</div>
</div>
+
+% if (not $acc->{deletion_requested}) {
+ <h1>Account löschen</h1>
+ <div class="row">
+ <div class="col s12">
+ <p>
+ Der Account wird zunächst nur zur Löschung vorgemerkt. Wenn der
+ Auftrag nach drei Tagen nicht zurückgenommen wird, wird der Account
+ mit allen zugehörigen Reisedaten ohne weitere Rückfragen entfernt.
+ </p>
+ </div>
+ </div>
+ <div class="row">
+ <div class="col s1 m1 l3">
+ </div>
+ <div class="col s10 m10 l6 center-align">
+ %= form_for 'delete' => begin
+ %= csrf_field
+ <button class="btn waves-effect waves-light red" type="submit" name="action" value="delete">
+ Account löschen
+ </button>
+ %= end
+ </div>
+ <div class="col s1 m1 l3">
+ </div>
+ </div>
+% }
diff --git a/templates/layouts/default.html.ep b/templates/layouts/default.html.ep
index efd7ee4..028f293 100644
--- a/templates/layouts/default.html.ep
+++ b/templates/layouts/default.html.ep
@@ -32,6 +32,10 @@
</nav>
<div class="container">
+ % my $acc = get_user_data();
+ % if ($acc and $acc->{deletion_requested}) {
+ %= include '_deletion_note', timestamp => $acc->{deletion_requested}
+ % }
%= content
</div>