-
-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Split deleting own account off to its own path #3108
Conversation
Queried locally, with sample data and a logged-in user,
Edit: Fixed in 930addd. |
efc6a13
to
930addd
Compare
930addd
to
151bbde
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested, mostly works perfectly fine, but it introduces an ISE if the editor is completely empty :)
root/account/DeleteOwnAccount.js
Outdated
|
||
return ( | ||
<UserAccountLayout | ||
/* $FlowIgnore[incompatible-call] as user cannot be undefined */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not just pass user
like the other page does?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It shouldn’t be needed. In comparison root/account/ChangePassword.js
just tests user
before using it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That form tests user
because it can also be used without one (for mandatory reset while logged out IIRC) so it has a valid return if user
does not exist. This seems a bit different, but I'm not too worried about using the $c
one - maybe it should then also be tested though rather than adding a $FlowIgnore
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair enough. Actually I didn’t know what to return in the opposite case. I just found the solution of throwing an error instead; See https://github.com/metabrainz/musicbrainz-server/compare/392edbe98c29d5f507c227e7fe40000ccced0fb1..66024ca025cc4b308a8b8543ee2ab9b06609acd7.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We also have a couple helpers you could use in the future (both throw errors): invariant(user)
or const user = expect($c.user)
. invariant
will be auto-imported if you use it, but expect
currently has to be imported manually from invariant.js.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the reminder. I changed my code for using invariant
as it allows to return a custom message; See https://github.com/metabrainz/musicbrainz-server/compare/66024ca025cc4b308a8b8543ee2ab9b06609acd7..0ecba92e46bd5a86d0ff62ba94940b7ee8da83fa
I retested it all.
/* $FlowIgnore[incompatible-call] as user cannot be undefined */ | ||
entity={sanitizedAccountLayoutUser(user)} | ||
page="delete" | ||
title={l('Delete Account')} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we lowercase new strings in preparation for #3083 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let’s not mix changes :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I guess whenever we're ready to merge that other PR we can look through all strings again and fix any new ones in a separate commit at the end.
151bbde
to
392edbe
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems good now - I'd still slightly prefer a better solution than a $FlowIgnore
but I'm ok with merging it that way if you like that most.
392edbe
to
66024ca
Compare
Thanks for your review! Account deletion is a danger zone, so I will also wait for @mwiencek's double-review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested locally & reviewed the controller bits, looks good to me.
So far deleting your own account had to be accessed from `/admin/user/delete/<editorname>` which is the same as for admin deleting someone else’s account. This patch splits account removal into admin-only/non-admin files and makes deleting own account accessible through `/account/delete` instead.
66024ca
to
0ecba92
Compare
Problem
So far deleting your own account had to be accessed from
/admin/user/delete/<editorname>
which is the same as for admin deleting someone else account.Solution
This patch splits account removal into admin-only/non-admin files (thus simplifies implementing MBS-13117) and makes deleting own account accessible through
/account/delete
instead.Additionally fix an error page in 930addd.
Checklist for author
/account/delete
/admin/user/delete/<username>
/account/delete
/admin/user/delete/<username>
returns a 403 for non-admin/admin/user/delete/<username>
still works for admin/account/delete
worksAction