Add ability to delete Maybe account (#698)

* Build out user deactivation and purging workflows * Add i18n translations for user deletion * Add tests for user deletion * Fix lint issue
2025-07-19 05:09:38 +02:00 · 2024-04-30 16:40:31 +01:00 · 2024-04-30 16:40:31 +01:00 · 19ee773d9b
commit 19ee773d9b
parent 55cb1ae5bd
15 changed files with 128 additions and 8 deletions
--- a/app/controllers/settings/profiles_controller.rb
+++ b/app/controllers/settings/profiles_controller.rb
@ -17,6 +17,15 @@ class Settings::ProfilesController < ApplicationController
    end
  end
  def destroy
    if Current.user.deactivate
      logout
      redirect_to root_path, notice: t(".success")
    else
      redirect_to settings_profile_path, alert: Current.user.errors.full_messages.to_sentence
    end
  end
  private
  def user_params
--- a/app/javascript/controllers/application.js
+++ b/app/javascript/controllers/application.js
@ -10,7 +10,7 @@ Turbo.setConfirmMethod((message) => {
  const dialog = document.getElementById("turbo-confirm");
  try {
-    const { title, body, accept } = JSON.parse(message);
+    const { title, body, accept, acceptClass } = JSON.parse(message);
    if (title) {
      document.getElementById("turbo-confirm-title").innerHTML = title;
@ -23,6 +23,10 @@ Turbo.setConfirmMethod((message) => {
    if (accept) {
      document.getElementById("turbo-confirm-accept").innerHTML = accept;
    }
    if (acceptClass) {
      document.getElementById("turbo-confirm-accept").className = acceptClass;
    }
  } catch (e) {
    document.getElementById("turbo-confirm-title").innerText = message;
  }
--- a/app/jobs/user_purge_job.rb
+++ b/app/jobs/user_purge_job.rb
@ -0,0 +1,7 @@
 class UserPurgeJob < ApplicationJob
  queue_as :default
  def perform(user)
    user.purge
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -38,4 +38,40 @@ class User < ApplicationRecord
  def has_seen_upgrade_alert?(upgrade)
    last_alerted_upgrade_commit_sha == upgrade.commit_sha
  end
  # Deactivation
  validate :can_deactivate, if: -> { active_changed? && !active }
  after_update_commit :purge_later, if: -> { saved_change_to_active?(from: true, to: false) }
  def deactivate
    update active: false, email: deactivated_email
  end
  def can_deactivate
    if admin? && family.users.count > 1
      errors.add(:base, I18n.t("activerecord.errors.user.cannot_deactivate_admin_with_other_users"))
    end
  end
  def purge_later
    UserPurgeJob.perform_later(self)
  end
  def purge
    if last_user_in_family?
      family.destroy
    else
      destroy
    end
  end
  private
  def last_user_in_family?
    family.users.count == 1
  end
  def deactivated_email
    email.gsub(/@/, "-deactivated-#{SecureRandom.uuid}@")
  end
 end
--- a/app/views/settings/profiles/show.html.erb
+++ b/app/views/settings/profiles/show.html.erb
@ -61,9 +61,16 @@
          <h3 class="font-medium text-gray-900"><%= t(".delete_account") %></h3>
          <p class="text-gray-500 text-sm"><%= t(".delete_account_warning") %></p>
        </div>
-        <button disabled class="bg-red-500 text-white text-sm font-medium rounded-lg px-3 py-2 cursor-not-allowed">
+        <%=
-          <%= t(".delete_account") %>
+          button_to t(".delete_account"), settings_profile_path, method: :delete,
-        </button>
+            class: "bg-red-500 text-white text-sm font-medium rounded-lg px-3 py-2",
            data: { turbo_confirm: {
              title: t(".confirm_delete.title"),
              body: t(".confirm_delete.body"),
              accept: t(".delete_account"),
              acceptClass: "w-full bg-red-500 text-white rounded-xl text-center p-[10px] border mb-2"
            }}
        %>
      </div>
    <% end %>
  </div>
--- a/app/views/shared/_confirm_modal.html.erb
+++ b/app/views/shared/_confirm_modal.html.erb
@ -11,6 +11,7 @@
        <%= t(".body_html") %>
      </div>
    </div>
-    <button id="turbo-confirm-accept" class="w-full text-red-600 rounded-xl text-center p-[10px] border" value="confirm"><%= t(".accept") %></button>
+    <button id="turbo-confirm-accept" class="w-full text-red-600 rounded-xl text-center p-[10px] border mb-2" value="confirm"><%= t(".accept") %></button>
    <button class="w-full rounded-xl text-center p-[10px] border" value="cancel"><%= t(".cancel") %></button>
  </form>
 </dialog>
--- a/config/locales/models/user/en.yml
+++ b/config/locales/models/user/en.yml
@ -10,3 +10,7 @@ en:
        last_name: Last Name
        password: Password
        password_confirmation: Password Confirmation
    errors:
      user:
        cannot_deactivate_admin_with_other_users: Admin cannot delete account while
          other users are present. Please delete all members first.
--- a/config/locales/views/settings/en.yml
+++ b/config/locales/views/settings/en.yml
@ -82,8 +82,14 @@ en:
      update:
        success: Preferences updated successfully.
    profiles:
      destroy:
        success: Account deleted successfully.
      show:
        add_member: Add Member
        confirm_delete:
          body: Are you sure you want to permanently delete your account? This action
            is irreversible.
          title: Delete account?
        danger_zone_title: Danger Zone
        delete_account: Delete Account
        delete_account_warning: Deleting your account will permanently remove all
--- a/config/locales/views/shared/en.yml
+++ b/config/locales/views/shared/en.yml
@ -4,6 +4,7 @@ en:
    confirm_modal:
      accept: Confirm
      body_html: "<p>You will not be able to undo this decision</p>"
      cancel: Cancel
      title: Are you sure?
    notification:
      dismiss: Dismiss
--- a/config/routes.rb
+++ b/config/routes.rb
@ -11,7 +11,7 @@ Rails.application.routes.draw do
  resource :password
  namespace :settings do
-    resource :profile, only: %i[show update]
+    resource :profile, only: %i[show update destroy]
    resource :preferences, only: %i[show update]
    resource :notifications, only: %i[show update]
    resource :billing, only: %i[show update]
--- a/db/migrate/20240430111641_add_active_to_users.rb
+++ b/db/migrate/20240430111641_add_active_to_users.rb
@ -0,0 +1,5 @@
 class AddActiveToUsers < ActiveRecord::Migration[7.2]
  def change
    add_column :users, :active, :boolean, default: true, null: false
  end
 end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema[7.2].define(version: 2024_04_26_191312) do
+ActiveRecord::Schema[7.2].define(version: 2024_04_30_111641) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "pgcrypto"
  enable_extension "plpgsql"
@ -86,7 +86,7 @@ ActiveRecord::Schema[7.2].define(version: 2024_04_26_191312) do
    t.uuid "accountable_id"
    t.decimal "balance", precision: 19, scale: 4, default: "0.0"
    t.string "currency", default: "USD"
-    t.virtual "classification", type: :string, as: "\nCASE\n    WHEN ((accountable_type)::text = ANY (ARRAY[('Account::Loan'::character varying)::text, ('Account::Credit'::character varying)::text, ('Account::OtherLiability'::character varying)::text])) THEN 'liability'::text\n    ELSE 'asset'::text\nEND", stored: true
+    t.virtual "classification", type: :string, as: "\nCASE\n    WHEN ((accountable_type)::text = ANY ((ARRAY['Account::Loan'::character varying, 'Account::Credit'::character varying, 'Account::OtherLiability'::character varying])::text[])) THEN 'liability'::text\n    ELSE 'asset'::text\nEND", stored: true
    t.boolean "is_active", default: true, null: false
    t.enum "status", default: "ok", null: false, enum_type: "account_status"
    t.jsonb "sync_warnings", default: "[]", null: false
@ -257,6 +257,7 @@ ActiveRecord::Schema[7.2].define(version: 2024_04_26_191312) do
    t.string "last_prompted_upgrade_commit_sha"
    t.string "last_alerted_upgrade_commit_sha"
    t.enum "role", default: "member", null: false, enum_type: "user_role"
    t.boolean "active", default: true, null: false
    t.index ["email"], name: "index_users_on_email", unique: true
    t.index ["family_id"], name: "index_users_on_family_id"
  end
--- a/test/controllers/settings/profiles_controller_test.rb
+++ b/test/controllers/settings/profiles_controller_test.rb
@ -4,8 +4,39 @@ class Settings::ProfilesControllerTest < ActionDispatch::IntegrationTest
  setup do
    sign_in @user = users(:family_admin)
  end
  test "get" do
    get settings_profile_url
    assert_response :success
  end
  test "member can deactivate their account" do
    sign_in @member = users(:family_member)
    delete settings_profile_url
    assert_redirected_to root_url
    assert_not User.find(@member.id).active?
    assert_enqueued_with(job: UserPurgeJob, args: [ @member ])
  end
  test "admin prevented from deactivating when other users are present" do
    sign_in @admin = users(:family_admin)
    delete settings_profile_url
    assert_redirected_to settings_profile_url
    assert_no_enqueued_jobs only: UserPurgeJob
    assert User.find(@admin.id).active?
  end
  test "admin can deactivate their account when they are the last user in the family" do
    sign_in @admin = users(:family_admin)
    users(:family_member).destroy
    delete settings_profile_url
    assert_redirected_to root_url
    assert_not User.find(@admin.id).active?
    assert_enqueued_with(job: UserPurgeJob, args: [ @admin ])
  end
 end
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@ -4,6 +4,7 @@ family_admin:
  last_name: Dylan
  email: bob@bobdylan.com
  password_digest: <%= BCrypt::Password.create('password') %>
  role: admin
 family_member:
  family: dylan_family
--- a/test/jobs/user_purge_job_test.rb
+++ b/test/jobs/user_purge_job_test.rb
@ -0,0 +1,7 @@
 require "test_helper"
 class UserPurgeJobTest < ActiveJob::TestCase
  # test "the truth" do
  #   assert true
  # end
 end