From 5f46c7ee7dd11364cad945811aa7ddadbefe6431 Mon Sep 17 00:00:00 2001 From: Peter Vacho Date: Wed, 1 Jan 2025 14:46:23 +0100 Subject: [PATCH] Properly delete all user-owned items on user deletion --- src/api/users.py | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/src/api/users.py b/src/api/users.py index 802c5e0..d26caa0 100644 --- a/src/api/users.py +++ b/src/api/users.py @@ -8,9 +8,13 @@ from starlette.status import HTTP_204_NO_CONTENT from src.api.auth.dependencies import LoggedInDep from src.api.auth.passwords import check_hashed_password, create_password_hash +from src.db.models.category import Category +from src.db.models.event import Event +from src.db.models.invitation import Invitation +from src.db.models.notification import Notification from src.db.models.token import Token from src.db.models.user import User -from src.utils.db import MissingIdError, update_document +from src.utils.db import MissingIdError, expr, update_document from src.utils.logging import get_logger from .auth import CurrentUserDep @@ -141,6 +145,24 @@ async def delete_user(user_id: PydanticObjectId, user: CurrentUserDep) -> Respon token.revoked = True await Token.replace_many(tokens) + # Then delete all of the user's data + notifications = await Notification.find(expr(Notification.user).id == user.id).to_list() + for notification in notifications: + _ = await notification.delete() + + invitations = await Invitation.find(expr(Invitation.invitee).id == user.id).to_list() + for initation in invitations: + _ = await initation.delete() + + events = await Event.find(expr(Event.user).id == user.id).to_list() + for event in events: + _ = await event.delete() + + categories = await Category.find(expr(Category.user).id == user.id).to_list() + for category in categories: + _ = await category.delete() + + # Finally, delete the user itself _ = await user.delete() return Response(status_code=HTTP_204_NO_CONTENT)