Do not cascade user deletion to sites they do now own

2024-11-23 11:12:15 +03:00 · 2021-09-08 11:09:58 +03:00 · 2021-09-08 11:09:58 +03:00 · c8a1b5c73c
commit c8a1b5c73c
parent ebc59313a5
3 changed files with 18 additions and 4 deletions
--- a/lib/plausible_web/controllers/auth_controller.ex
+++ b/lib/plausible_web/controllers/auth_controller.ex
@ -482,11 +482,15 @@ defmodule PlausibleWeb.AuthController do
  def delete_me(conn, params) do
    user =
      conn.assigns[:current_user]
-      |> Repo.preload(:sites)
+      |> Repo.preload(site_memberships: :site)
      |> Repo.preload(:subscription)

-    for site <- user.sites do
-      Repo.delete!(site)
+    for membership <- user.site_memberships do
+      Repo.delete!(membership)
+
+      if membership.role == :owner do
+        Repo.delete!(membership.site)
+      end
    end

    if user.subscription, do: Repo.delete!(user.subscription)
--- a/lib/plausible_web/templates/auth/user_settings.html.eex
+++ b/lib/plausible_web/templates/auth/user_settings.html.eex
@ -226,6 +226,6 @@
    <span class="mt-6 bg-gray-300 button dark:bg-gray-800 hover:shadow-none">Delete my account</span>
    <p class="mt-2 text-sm text-gray-600 dark:text-gray-400">Your account cannot be deleted because you have an active subscription. If you want to delete your account, please cancel your subscription first.</p>
  <% else %>
-    <%= link("Delete my account", to: "/me", class: "inline-block mt-4 px-4 py-2 border border-gray-300 dark:border-gray-500 text-sm leading-5 font-medium rounded-md text-red-700 bg-white dark:bg-gray-800 hover:text-red-500 dark:hover:text-red-400 focus:outline-none focus:border-blue-300 focus:ring active:text-red-800 active:bg-gray-50 transition ease-in-out duration-150", method: "delete", data: [confirm: "Deleting your account cannot be reversed. Are you sure?"]) %>
+    <%= link("Delete my account", to: "/me", class: "inline-block mt-4 px-4 py-2 border border-gray-300 dark:border-gray-500 text-sm leading-5 font-medium rounded-md text-red-700 bg-white dark:bg-gray-800 hover:text-red-500 dark:hover:text-red-400 focus:outline-none focus:border-blue-300 focus:ring active:text-red-800 active:bg-gray-50 transition ease-in-out duration-150", method: "delete", data: [confirm: "Deleting your account will also delete all the sites that you own. This action cannot be reversed. Are you sure?"]) %>
  <% end %>
 </div>
--- a/test/plausible_web/controllers/auth_controller_test.exs
+++ b/test/plausible_web/controllers/auth_controller_test.exs
@ -368,5 +368,15 @@ defmodule PlausibleWeb.AuthControllerTest do
      conn = delete(conn, "/me")
      assert redirected_to(conn) == "/"
    end
+
+    test "deletes sites that the user owns", %{conn: conn, user: user, site: owner_site} do
+      viewer_site = insert(:site)
+      insert(:site_membership, site: viewer_site, user: user, role: "viewer")
+
+      delete(conn, "/me")
+
+      assert Repo.get(Plausible.Site, viewer_site.id)
+      refute Repo.get(Plausible.Site, owner_site.id)
+    end
  end
 end