-
Notifications
You must be signed in to change notification settings - Fork 44
Bug 1005127 - [privacy] Add ability to delete profile #141
Conversation
@bobsilverberg r ? |
# Changing field 'TaskAttempt.user' | ||
db.alter_column('tasks_taskattempt', 'user_id', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['auth.User'], null=True, on_delete=models.SET_NULL)) | ||
|
||
# Changing field 'Task.creator' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This migration does not look right to me. The only thing it should do is change TaskAttempt.user. All of the other changes are not needed and should not be included. Only administrators can add records to those other tables, and their accounts will never be deleted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just ran "./manage.py schemamigration oneanddone.tasks --auto" and added default value to be None whenever prompted. May be you can just remove this file when you test it and run the migration yourself. Let me know what it gives for you.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I hope you will also get the same file as this one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, I get it. When you set the database up so that when a user is deleted it sets the TaskAttempt record's user field to NULL, I guess it interpreted that as being applicable to all of the other places where user is a foreign key. I don't think we need all of those changes. We may have to edit the migration manually.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we're going to have to live with this. You may have to rename the migration as there is another migration already assigned the 0011
number. Please rename the migration file to start with 0012
.
Why is there so much stuff in this pull request? This is only supposed to be about deleting a user profile. I think you must have other commits in here which got squashed before being pushed to master. Please clean this up and resubmit it. Perhaps the easiest way to do that would be to start with a branch based on the latest |
All the "stuff" is added intentionally. There are no extra commits. |
Please review and let me know what you feel should not be there and I will give you the answers why I added that. |
Why did you have to make changes to the mixins and the mixins that were being used by the views. Everything seemed to be working fine before this, so why are these changes necessary? |
@@ -0,0 +1,37 @@ | |||
{# This Source Code Form is subject to the terms of the Mozilla Public |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file is almost identical to edit.html. This results in too much duplicate code. Please find a way to use include
to reduce the duplication.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Both of these are separate forms and have target to different views although they have some fields in common.
I looked more into this but couldn't find a way that could achieve what we want to do here.
@bobsilverberg Please let me know if you know of any solution for this, I will be happy to make the change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ouch !! sorry got confused with something else. Fixed this. Ignore the comment.
There is a bug in the code. If you delete your profile and click confirm, it first sends you to the home page and it looks logged out, but then it redirects you to the |
This sounds like Persona attempting to log you back in because [1] Specifically, Persona maintains a session for users when they log into your site. If they show up at your site and they aren't logged into your site, but It is incredibly confusing and hard to debug and they recently added a way to disable it (which I have a PR for in the django-browserid repo). |
Thanks for the info, @Osmose. I tried to upgrade django-browserid in the past and was unsuccessful (errors on staging that I couldn't debug), so I backed it out. I can try again, but we have a really tight timeline so I'm not sure it's something I can do by Monday. Can we do something to manually call |
I made the suggested changes leaving that Persona bug. We should wait for more info from @Osmose on that and how to fix it here. I observed that the force login by Persona occurs if you delete and logout a few times in a row. For single delete and logout it works fine. It will be great if we can fix that, but in the worst case we can live with it (assuming user will delete his profile once only and not experiment with the things too much) |
If, post-deletion, you redirect to a specific post-deletion view, you can add the JS to that page that calls
No, django-browserid 0.10.1 already had a workaround in place. The aforementioned PR switches us from using our workaround to using the new API that disables it. 0.10 and above will not perform any auto-login. |
@bobsilverberg can we please try to upgrade the django-browserid version ? |
@bitgeeky I am not sure there will be time to do that now. It is on the roadmap for the next release, so we should not count on it being done now. You should try to implement Osmose's recommended workaround now, as we need a solution to this immediately. Regarding your comments about when it happens: with my testing it happened every time I deleted a user. When I delete the user I am first directed to the home page, and then I am directed to the |
@@ -17,7 +17,7 @@ | |||
from oneanddone.tasks.mixins import TaskMustBePublishedMixin | |||
from oneanddone.tasks.models import Feedback, Task, TaskAttempt | |||
from oneanddone.tasks.serializers import TaskSerializer | |||
from oneanddone.users.mixins import MyStaffUserRequiredMixin, UserProfileRequiredMixin | |||
from oneanddone.users.mixins import MyStaffUserRequiredMixin, UserProfileRequiredMixin, PrivacyPolicyRequiredMixin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that UserProfileRequiredMixin
has effectively been replaced by PrivacyPolicyRequiredMixin
, you no longer need to import it.
@bitgeeky I have finished my latest review. Please address the issues, plus I know you are also working on the logout issue. Also, there are now conflicts, but we can deal with those once the PR is ready to merge. |
I made the changes suggested by @Osmose. Logout works pretty fine for me now. @bobsilverberg please test it and let me know if it works fine for you also. |
The logout code works! Great work, @bitgeeky! Let's get the rest of the changes in so we can merge this. We are very close to having all the features done for this release. :) |
Made the suggested changes ! @bobsilverberg r ? |
Looks good, @bitgeeky. Can you resolve the conflicts and squash the commits and then we'll merge this. Good work! |
This has landed in e67fe32 |
Note that I renamed the migration to |
Works fine for me.
It required to add some new mixins, views and unit tests.