Properly delete all user-owned items on user deletion

2025-01-01 14:46:23 +01:00 · 2025-01-01 14:46:23 +01:00 · 5f46c7ee7d
parent 9997054cbe
commit 5f46c7ee7d
1 changed files with 23 additions and 1 deletions
--- a/src/api/users.py
+++ b/src/api/users.py
@ -8,9 +8,13 @@ from starlette.status import HTTP_204_NO_CONTENT

 from src.api.auth.dependencies import LoggedInDep
 from src.api.auth.passwords import check_hashed_password, create_password_hash
+from src.db.models.category import Category
+from src.db.models.event import Event
+from src.db.models.invitation import Invitation
+from src.db.models.notification import Notification
 from src.db.models.token import Token
 from src.db.models.user import User
-from src.utils.db import MissingIdError, update_document
+from src.utils.db import MissingIdError, expr, update_document
 from src.utils.logging import get_logger

 from .auth import CurrentUserDep
@ -141,6 +145,24 @@ async def delete_user(user_id: PydanticObjectId, user: CurrentUserDep) -> Respon
        token.revoked = True
    await Token.replace_many(tokens)

+    # Then delete all of the user's data
+    notifications = await Notification.find(expr(Notification.user).id == user.id).to_list()
+    for notification in notifications:
+        _ = await notification.delete()
+
+    invitations = await Invitation.find(expr(Invitation.invitee).id == user.id).to_list()
+    for initation in invitations:
+        _ = await initation.delete()
+
+    events = await Event.find(expr(Event.user).id == user.id).to_list()
+    for event in events:
+        _ = await event.delete()
+
+    categories = await Category.find(expr(Category.user).id == user.id).to_list()
+    for category in categories:
+        _ = await category.delete()
+
+    # Finally, delete the user itself
    _ = await user.delete()

    return Response(status_code=HTTP_204_NO_CONTENT)