From 6ac88f40187864d4dd247c76de576dcbb4f15653 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Tue, 12 Mar 2019 21:49:26 +0100 Subject: implement account deletion --- index.pl | 34 ++++++++++++++++++++++++++++++++++ templates/_deletion_note.html.ep | 24 ++++++++++++++++++++++++ templates/account.html.ep | 36 +++++++++++++++++++++++++++--------- templates/layouts/default.html.ep | 4 ++++ 4 files changed, 89 insertions(+), 9 deletions(-) create mode 100644 templates/_deletion_note.html.ep diff --git a/index.pl b/index.pl index caa25d2..4ddb44e 100755 --- a/index.pl +++ b/index.pl @@ -139,6 +139,17 @@ app->attr( ); } ); +app->attr( + mark_for_deletion_query => sub { + my ($self) = @_; + + return $self->app->dbh->prepare( + qq{ + update users set deletion_requested = ? where id = ?; + } + ); + } +); app->attr( checkin_query => sub { my ($self) = @_; @@ -614,6 +625,11 @@ helper 'get_user_data' => sub { time_zone => 'Europe/Berlin' ), deletion_requested => $row[7] + ? DateTime->from_epoch( + epoch => $row[7], + time_zone => 'Europe/Berlin' + ) + : undef, }; } return undef; @@ -1243,6 +1259,24 @@ get '/export.json' => sub { ); }; +post '/delete' => sub { + my ($self) = @_; + if ( $self->validation->csrf_protect->has_error('csrf_token') ) { + $self->render( 'account', invalid => 'csrf' ); + return; + } + my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch; + if ( $self->param('action') eq 'delete' ) { + $self->app->mark_for_deletion_query->execute( $now, + $self->current_user->{id} ); + } + else { + $self->app->mark_for_deletion_query->execute( undef, + $self->current_user->{id} ); + } + $self->redirect_to('account'); +}; + post '/logout' => sub { my ($self) = @_; if ( $self->validation->csrf_protect->has_error('csrf_token') ) { diff --git a/templates/_deletion_note.html.ep b/templates/_deletion_note.html.ep new file mode 100644 index 0000000..89cf271 --- /dev/null +++ b/templates/_deletion_note.html.ep @@ -0,0 +1,24 @@ +
+
+
+
+ Account wird gelöscht +

+ Dein Account wird am <%= $timestamp->clone->add(days => 3)->strftime('%d.%m.%Y ab %H:%M') %> Uhr + gelöscht, da er am <%= $timestamp->strftime('%d.%m.%Y um %H:%M') %> Uhr + zum Löschen vorgemerkt wurde. +

+

+ Falls du dich umentschieden hast, kannst du den Löschauftrag + hier zurücknehmen. + %= form_for 'delete' => begin + %= csrf_field + + %= end +

+
+
+
+
diff --git a/templates/account.html.ep b/templates/account.html.ep index 8a8f14a..74af719 100644 --- a/templates/account.html.ep +++ b/templates/account.html.ep @@ -32,15 +32,6 @@
-
-
-
-
- „Account löschen“ wird bald™ implementiert. -
-
-
-

Export

@@ -51,3 +42,30 @@ + +% if (not $acc->{deletion_requested}) { +

Account löschen

+
+
+

+ Der Account wird zunächst nur zur Löschung vorgemerkt. Wenn der + Auftrag nach drei Tagen nicht zurückgenommen wird, wird der Account + mit allen zugehörigen Reisedaten ohne weitere Rückfragen entfernt. +

+
+
+
+
+
+
+ %= form_for 'delete' => begin + %= csrf_field + + %= end +
+
+
+
+% } diff --git a/templates/layouts/default.html.ep b/templates/layouts/default.html.ep index efd7ee4..028f293 100644 --- a/templates/layouts/default.html.ep +++ b/templates/layouts/default.html.ep @@ -32,6 +32,10 @@
+ % my $acc = get_user_data(); + % if ($acc and $acc->{deletion_requested}) { + %= include '_deletion_note', timestamp => $acc->{deletion_requested} + % } %= content
-- cgit v1.2.3