diff options
| -rwxr-xr-x | index.pl | 34 | ||||
| -rw-r--r-- | templates/_deletion_note.html.ep | 24 | ||||
| -rw-r--r-- | templates/account.html.ep | 36 | ||||
| -rw-r--r-- | templates/layouts/default.html.ep | 4 |
4 files changed, 89 insertions, 9 deletions
@@ -140,6 +140,17 @@ app->attr( } ); app->attr( + mark_for_deletion_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + update users set deletion_requested = ? where id = ?; + } + ); + } +); +app->attr( checkin_query => sub { my ($self) = @_; @@ -614,6 +625,11 @@ helper 'get_user_data' => sub { time_zone => 'Europe/Berlin' ), deletion_requested => $row[7] + ? DateTime->from_epoch( + epoch => $row[7], + time_zone => 'Europe/Berlin' + ) + : undef, }; } return undef; @@ -1243,6 +1259,24 @@ get '/export.json' => sub { ); }; +post '/delete' => sub { + my ($self) = @_; + if ( $self->validation->csrf_protect->has_error('csrf_token') ) { + $self->render( 'account', invalid => 'csrf' ); + return; + } + my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch; + if ( $self->param('action') eq 'delete' ) { + $self->app->mark_for_deletion_query->execute( $now, + $self->current_user->{id} ); + } + else { + $self->app->mark_for_deletion_query->execute( undef, + $self->current_user->{id} ); + } + $self->redirect_to('account'); +}; + post '/logout' => sub { my ($self) = @_; if ( $self->validation->csrf_protect->has_error('csrf_token') ) { diff --git a/templates/_deletion_note.html.ep b/templates/_deletion_note.html.ep new file mode 100644 index 0000000..89cf271 --- /dev/null +++ b/templates/_deletion_note.html.ep @@ -0,0 +1,24 @@ +<div class="row"> + <div class="col s12"> + <div class="card red darken-4"> + <div class="card-content white-text"> + <span class="card-title">Account wird gelöscht</span> + <p> + Dein Account wird am <%= $timestamp->clone->add(days => 3)->strftime('%d.%m.%Y ab %H:%M') %> Uhr + gelöscht, da er am <%= $timestamp->strftime('%d.%m.%Y um %H:%M') %> Uhr + zum Löschen vorgemerkt wurde. + </p> + <p> + Falls du dich umentschieden hast, kannst du den Löschauftrag + hier zurücknehmen. + %= form_for 'delete' => begin + %= csrf_field + <button class="btn-flat waves-effect waves-light white black-text" type="submit" name="action" value="undelete"> + Account Nicht löschen + </button> + %= end + </p> + </div> + </div> + </div> +</div> diff --git a/templates/account.html.ep b/templates/account.html.ep index 8a8f14a..74af719 100644 --- a/templates/account.html.ep +++ b/templates/account.html.ep @@ -32,15 +32,6 @@ <div class="col s1 m1 l3"> </div> </div> -<div class="row"> - <div class="col s1 m1 l3"> - </div> - <div class="col s10 m10 l6 center-align"> - „Account löschen“ wird bald™ implementiert. - </div> - <div class="col s1 m1 l3"> - </div> -</div> <h1>Export</h1> @@ -51,3 +42,30 @@ </ul> </div> </div> + +% if (not $acc->{deletion_requested}) { + <h1>Account löschen</h1> + <div class="row"> + <div class="col s12"> + <p> + Der Account wird zunächst nur zur Löschung vorgemerkt. Wenn der + Auftrag nach drei Tagen nicht zurückgenommen wird, wird der Account + mit allen zugehörigen Reisedaten ohne weitere Rückfragen entfernt. + </p> + </div> + </div> + <div class="row"> + <div class="col s1 m1 l3"> + </div> + <div class="col s10 m10 l6 center-align"> + %= form_for 'delete' => begin + %= csrf_field + <button class="btn waves-effect waves-light red" type="submit" name="action" value="delete"> + Account löschen + </button> + %= end + </div> + <div class="col s1 m1 l3"> + </div> + </div> +% } diff --git a/templates/layouts/default.html.ep b/templates/layouts/default.html.ep index efd7ee4..028f293 100644 --- a/templates/layouts/default.html.ep +++ b/templates/layouts/default.html.ep @@ -32,6 +32,10 @@ </nav> <div class="container"> + % my $acc = get_user_data(); + % if ($acc and $acc->{deletion_requested}) { + %= include '_deletion_note', timestamp => $acc->{deletion_requested} + % } %= content </div> |