Feat: Data "reset" button (#1913)

* feat: Allow admins to delete family data * feat: Allow self-hosting users to delete cached data * Remove system tests
2025-07-24 15:49:39 +02:00 · 2025-02-28 13:49:12 +01:00 · 2025-02-28 13:49:12 +01:00 · 8208722247
commit 8208722247
parent f7064fd4dd
13 changed files with 206 additions and 16 deletions
--- a/app/controllers/settings/hostings_controller.rb
+++ b/app/controllers/settings/hostings_controller.rb
@ -2,6 +2,7 @@ class Settings::HostingsController < ApplicationController
  layout "settings"

  before_action :raise_if_not_self_hosted
+  before_action :ensure_admin, only: :clear_cache

  def show
    @synth_usage = Current.family.synth_usage
@ -38,6 +39,11 @@ class Settings::HostingsController < ApplicationController
    render :show, status: :unprocessable_entity
  end

+  def clear_cache
+    DataCacheClearJob.perform_later(Current.family)
+    redirect_to settings_hosting_path, notice: t(".cache_cleared")
+  end
+
  private
    def hosting_params
      params.require(:setting).permit(:render_deploy_hook, :upgrades_setting, :require_invite_for_signup, :require_email_confirmation, :synth_api_key)
@ -46,4 +52,8 @@ class Settings::HostingsController < ApplicationController
    def raise_if_not_self_hosted
      raise "Settings not available on non-self-hosted instance" unless self_hosted?
    end
+
+    def ensure_admin
+      redirect_to settings_hosting_path, alert: t(".not_authorized") unless Current.user.admin?
+    end
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1,5 +1,6 @@
 class UsersController < ApplicationController
  before_action :set_user
+  before_action :ensure_admin, only: :reset

  def update
    @user = Current.user
@ -26,6 +27,11 @@ class UsersController < ApplicationController
    end
  end

+  def reset
+    FamilyResetJob.perform_later(Current.family)
+    redirect_to settings_profile_path, notice: t(".success")
+  end
+
  def destroy
    if @user.deactivate
      Current.session.destroy
@ -68,4 +74,8 @@ class UsersController < ApplicationController
    def set_user
      @user = Current.user
    end
+
+    def ensure_admin
+      redirect_to settings_profile_path, alert: I18n.t("users.reset.unauthorized") unless Current.user.admin?
+    end
 end
--- a/app/jobs/data_cache_clear_job.rb
+++ b/app/jobs/data_cache_clear_job.rb
@ -0,0 +1,16 @@
+class DataCacheClearJob < ApplicationJob
+  queue_as :default
+
+  def perform(family)
+    ActiveRecord::Base.transaction do
+      ExchangeRate.delete_all
+      Security::Price.delete_all
+      family.accounts.each do |account|
+        account.balances.delete_all
+        account.holdings.delete_all
+      end
+
+      family.sync_later
+    end
+  end
+end
--- a/app/jobs/family_reset_job.rb
+++ b/app/jobs/family_reset_job.rb
@ -0,0 +1,19 @@
+class FamilyResetJob < ApplicationJob
+  queue_as :default
+
+  def perform(family)
+    # Delete all family data except users
+    ActiveRecord::Base.transaction do
+      # Delete accounts and related data
+      family.accounts.destroy_all
+      family.categories.destroy_all
+      family.tags.destroy_all
+      family.merchants.destroy_all
+      family.plaid_items.destroy_all
+      family.imports.destroy_all
+      family.budgets.destroy_all
+
+      family.sync_later
+    end
+  end
+end
--- a/app/views/settings/hostings/_danger_zone_settings.html.erb
+++ b/app/views/settings/hostings/_danger_zone_settings.html.erb
@ -0,0 +1,20 @@
+<% if Current.user.admin? %>
+  <div class="space-y-4">
+    <div class="flex items-center justify-between">
+      <div class="w-2/3">
+        <h3 class="font-medium text-primary"><%= t("settings.hostings.show.clear_cache") %></h3>
+        <p class="text-secondary text-sm"><%= t("settings.hostings.show.clear_cache_warning") %></p>
+      </div>
+      <%=
+            button_to t("settings.hostings.show.clear_cache"), clear_cache_settings_hosting_path, method: :delete,
+              class: "bg-orange-500 text-white text-sm font-medium rounded-lg px-4 py-2",
+              data: { turbo_confirm: {
+                title: t("settings.hostings.show.confirm_clear_cache.title"),
+                body: t("settings.hostings.show.confirm_clear_cache.body"),
+                accept: t("settings.hostings.show.clear_cache"),
+                acceptClass: "w-full bg-orange-500 text-white rounded-xl text-center p-[10px] border mb-2"
+              }}
+      %>
+    </div>
+  </div>
+<% end %>
--- a/app/views/settings/hostings/show.html.erb
+++ b/app/views/settings/hostings/show.html.erb
@ -11,3 +11,7 @@
 <%= settings_section title: t(".invites") do %>
  <%= render "settings/hostings/invite_code_settings" %>
 <% end %>
+
+<%= settings_section title: t(".danger_zone") do %>
+  <%= render "settings/hostings/danger_zone_settings" %>
+<% end %>
--- a/app/views/settings/profiles/show.html.erb
+++ b/app/views/settings/profiles/show.html.erb
@ -127,20 +127,40 @@
 <% end %>

 <%= settings_section title: t(".danger_zone_title") do %>
-  <div class="flex items-center justify-between">
-    <div>
-      <h3 class="font-medium text-primary"><%= t(".delete_account") %></h3>
-      <p class="text-secondary text-sm"><%= t(".delete_account_warning") %></p>
+  <div class="space-y-4">
+    <% if Current.user.admin? %>
+      <div class="flex items-center justify-between">
+        <div class="w-2/3">
+          <h3 class="font-medium text-primary"><%= t(".reset_account") %></h3>
+          <p class="text-secondary text-sm"><%= t(".reset_account_warning") %></p>
+        </div>
+        <%=
+              button_to t(".reset_account"), reset_user_path(@user), method: :delete,
+                class: "bg-orange-500 text-white text-sm font-medium rounded-lg px-4 py-2",
+                data: { turbo_confirm: {
+                  title: t(".confirm_reset.title"),
+                  body: t(".confirm_reset.body"),
+                  accept: t(".reset_account"),
+                  acceptClass: "w-full bg-orange-500 text-white rounded-xl text-center p-[10px] border mb-2"
+                }}
+        %>
+      </div>
+    <% end %>
+    <div class="flex items-center justify-between">
+      <div>
+        <h3 class="font-medium text-primary"><%= t(".delete_account") %></h3>
+        <p class="text-secondary text-sm"><%= t(".delete_account_warning") %></p>
+      </div>
+      <%=
+            button_to t(".delete_account"), user_path(@user), method: :delete,
+              class: "bg-red-500 text-white text-sm font-medium rounded-lg px-3 py-2",
+              data: { turbo_confirm: {
+                title: t(".confirm_delete.title"),
+                body: t(".confirm_delete.body"),
+                accept: t(".delete_account"),
+                acceptClass: "w-full bg-red-500 text-white rounded-xl text-center p-[10px] border mb-2"
+              }}
+      %>
    </div>
-    <%=
-          button_to t(".delete_account"), user_path(@user), method: :delete,
-            class: "bg-red-500 text-white text-sm font-medium rounded-lg px-3 py-2",
-            data: { turbo_confirm: {
-              title: t(".confirm_delete.title"),
-              body: t(".confirm_delete.body"),
-              accept: t(".delete_account"),
-              acceptClass: "w-full bg-red-500 text-white rounded-xl text-center p-[10px] border mb-2"
-            }}
-    %>
  </div>
 <% end %>