From 47039cfce74fc25fa5066493a5e8c3a59bc4f0a6 Mon Sep 17 00:00:00 2001 From: jevinjojo Date: Wed, 12 Nov 2025 23:37:59 +0530 Subject: [PATCH 1/3] temporarily disable incomplete delete account feature --- app/eventyay/base/models/event.py | 4 +- .../cfp/templates/cfp/event/user_profile.html | 142 +++++++++--------- app/eventyay/cfp/urls.py | 12 +- app/eventyay/cfp/views/user.py | 2 + 4 files changed, 86 insertions(+), 74 deletions(-) diff --git a/app/eventyay/base/models/event.py b/app/eventyay/base/models/event.py index 58d13bde06..0cf63d218d 100644 --- a/app/eventyay/base/models/event.py +++ b/app/eventyay/base/models/event.py @@ -818,7 +818,9 @@ class urls(EventUrls): reset = '{base}reset' submit = '{base}submit/' user = '{base}me/' - user_delete = '{base}me/delete' + # TODO: Disabled user_delete URL — delete endpoint is incomplete/broken. + # Will restore once proper deletion logic is ready. + # user_delete = '{base}me/delete' user_submissions = '{user}submissions/' user_mails = '{user}mails/' schedule = '{base}schedule/' diff --git a/app/eventyay/cfp/templates/cfp/event/user_profile.html b/app/eventyay/cfp/templates/cfp/event/user_profile.html index 5a70593f87..e7b7abb5f5 100644 --- a/app/eventyay/cfp/templates/cfp/event/user_profile.html +++ b/app/eventyay/cfp/templates/cfp/event/user_profile.html @@ -7,84 +7,89 @@ {% block title %}{% translate "Your Profile" %} :: {% endblock title %} {% block cfp_header %} - {% include "cfp/includes/forms_header.html" %} - {% compress js %} - - - {% endcompress %} +{% include "cfp/includes/forms_header.html" %} +{% compress js %} + + +{% endcompress %} {% endblock cfp_header %} {% block content %} - {% html_signal "eventyay.cfp.signals.html_above_profile_page" sender=request.event request=request %} +{% html_signal "eventyay.cfp.signals.html_above_profile_page" sender=request.event request=request %} -

{% translate "Your Profile" %}

-

- {% translate "This data will be displayed publicly if your proposal is accepted. It is also visible to reviewers." %} -

-
- {% csrf_token %} - {% include "common/forms/errors.html" with form=profile_form %} +

{% translate "Your Profile" %}

+

+ {% translate "This data will be displayed publicly if your proposal is accepted. It is also visible to reviewers." + %} +

+ + {% csrf_token %} + {% include "common/forms/errors.html" with form=profile_form %} - {{ profile_form.name.as_field_group }} - {% if profile_form.biography %} - {{ profile_form.biography.as_field_group }} - {% endif %} - {% if request.event.cfp.request_avatar %} - {% include "common/avatar.html" with user=request.user form=profile_form %} - {% endif %} - {% if profile_form.avatar_source %}{{ profile_form.avatar_source.as_field_group }}{% endif %} - {% if profile_form.avatar_license %}{{ profile_form.avatar_license.as_field_group }}{% endif %} - {% if profile_form.availabilities %} - {% include "common/availabilities.html" %} - {{ profile_form.availabilities.as_field_group }} - {% endif %} -
-
- - -
+ {{ profile_form.name.as_field_group }} + {% if profile_form.biography %} + {{ profile_form.biography.as_field_group }} + {% endif %} + {% if request.event.cfp.request_avatar %} + {% include "common/avatar.html" with user=request.user form=profile_form %} + {% endif %} + {% if profile_form.avatar_source %}{{ profile_form.avatar_source.as_field_group }}{% endif %} + {% if profile_form.avatar_license %}{{ profile_form.avatar_license.as_field_group }}{% endif %} + {% if profile_form.availabilities %} + {% include "common/availabilities.html" %} + {{ profile_form.availabilities.as_field_group }} + {% endif %} +
+
+ +
- +
+ - {% if questions_exist %} -

{% translate "We have some questions" %}

-
- {% csrf_token %} - {{ questions_form }} -
-
- - -
-
-
- {% endif %} +{% if questions_exist %} +

{% translate "We have some questions" %}

+
+ {% csrf_token %} + {{ questions_form }} +
+
+ + +
+
+
+{% endif %} -

{% translate "Your Account" %}

-

{% translate "You can change your log in data here." %}

-
- {% csrf_token %} - {{ login_form.media }} - {{ login_form.old_password.as_field_group }} - {{ login_form.email.as_field_group }} - {{ login_form.password.as_field_group }} - {{ login_form.password_repeat.as_field_group }} -
-
- - -
+

{% translate "Your Account" %}

+

{% translate "You can change your log in data here." %}

+ + {% csrf_token %} + {{ login_form.media }} + {{ login_form.old_password.as_field_group }} + {{ login_form.email.as_field_group }} + {{ login_form.password.as_field_group }} + {{ login_form.password_repeat.as_field_group }} +
+
+ +
- +
+ - {% html_signal "eventyay.common.signals.profile_bottom_html" sender=request.event user=user %} +{% html_signal "eventyay.common.signals.profile_bottom_html" sender=request.event user=user %} + +{% endblock content %} \ No newline at end of file diff --git a/app/eventyay/cfp/urls.py b/app/eventyay/cfp/urls.py index d99667047f..d33cec1fe9 100644 --- a/app/eventyay/cfp/urls.py +++ b/app/eventyay/cfp/urls.py @@ -33,11 +33,13 @@ name="invitation.view", ), path("me/", user.ProfileView.as_view(), name="event.user.view"), - path( - "me/delete", - user.DeleteAccountView.as_view(), - name="event.user.delete", - ), + # TODO: Commented out delete route — current impl doesn’t fully remove user data. + # Rebuild properly in Account Settings. + # path( + # "me/delete", + # user.DeleteAccountView.as_view(), + # name="event.user.delete", + # ), path( "me/submissions/", user.SubmissionsListView.as_view(), diff --git a/app/eventyay/cfp/views/user.py b/app/eventyay/cfp/views/user.py index 2cb9a25d5d..ac52d3c045 100644 --- a/app/eventyay/cfp/views/user.py +++ b/app/eventyay/cfp/views/user.py @@ -420,6 +420,8 @@ def form_valid(self, form): return redirect(self.object.urls.user_base) +# TODO: Delete view only calls user.deactivate() — doesn’t actually remove user data. +# Needs full data cleanup, rework when Account Settings is implemented. class DeleteAccountView(LoggedInEventPageMixin, View): @staticmethod def post(request, event): From 8d444cd54c1c7a3645edf6fdb5941e125901ea66 Mon Sep 17 00:00:00 2001 From: jevinjojo Date: Thu, 13 Nov 2025 12:38:45 +0530 Subject: [PATCH 2/3] feature flags and changes --- .../cfp/templates/cfp/event/user_profile.html | 29 ------------------- app/eventyay/cfp/urls.py | 20 ++++++++----- app/eventyay/cfp/views/user.py | 10 +++++-- app/eventyay/config/settings.py | 4 +++ 4 files changed, 25 insertions(+), 38 deletions(-) diff --git a/app/eventyay/cfp/templates/cfp/event/user_profile.html b/app/eventyay/cfp/templates/cfp/event/user_profile.html index e7b7abb5f5..edb9716d89 100644 --- a/app/eventyay/cfp/templates/cfp/event/user_profile.html +++ b/app/eventyay/cfp/templates/cfp/event/user_profile.html @@ -86,33 +86,4 @@

{% translate "Your Account" %}

{% html_signal "eventyay.common.signals.profile_bottom_html" sender=request.event user=user %} - {% endblock content %} \ No newline at end of file diff --git a/app/eventyay/cfp/urls.py b/app/eventyay/cfp/urls.py index d33cec1fe9..2e87480643 100644 --- a/app/eventyay/cfp/urls.py +++ b/app/eventyay/cfp/urls.py @@ -1,5 +1,6 @@ from django.urls import include, path from django.views.generic import RedirectView +from django.conf import settings from .views import auth, event, locale, robots, user, wizard @@ -33,13 +34,6 @@ name="invitation.view", ), path("me/", user.ProfileView.as_view(), name="event.user.view"), - # TODO: Commented out delete route — current impl doesn’t fully remove user data. - # Rebuild properly in Account Settings. - # path( - # "me/delete", - # user.DeleteAccountView.as_view(), - # name="event.user.delete", - # ), path( "me/submissions/", user.SubmissionsListView.as_view(), @@ -85,3 +79,15 @@ path("locale/set", locale.LocaleSet.as_view(), name="locale.set"), path("robots.txt", robots.robots_txt, name="robots.txt"), ] + +# Conditionally add account deletion route based on feature flag +# TODO: Current implementation doesn't fully remove user data (not GDPR compliant) +# Will be properly implemented in Account Settings +if getattr(settings, 'ENABLE_ACCOUNT_DELETION', False): + urlpatterns.append( + path( + "me/delete", + user.DeleteAccountView.as_view(), + name="event.user.delete", + ) + ) diff --git a/app/eventyay/cfp/views/user.py b/app/eventyay/cfp/views/user.py index ac52d3c045..189ce151fa 100644 --- a/app/eventyay/cfp/views/user.py +++ b/app/eventyay/cfp/views/user.py @@ -420,9 +420,15 @@ def form_valid(self, form): return redirect(self.object.urls.user_base) -# TODO: Delete view only calls user.deactivate() — doesn’t actually remove user data. -# Needs full data cleanup, rework when Account Settings is implemented. class DeleteAccountView(LoggedInEventPageMixin, View): + """ + Account deletion view - currently disabled by default. + + TODO: Current implementation only calls user.deactivate() and does not fully remove user data and + is not GDPR compliant and will need a complete rework with proper data cleanup, once Account settings feature implemented. + + This view is only accessible when the ENABLE_ACCOUNT_DELETION feature flag is enabled. + """ @staticmethod def post(request, event): if request.POST.get('really'): diff --git a/app/eventyay/config/settings.py b/app/eventyay/config/settings.py index 1893ef69dc..e6026d5599 100644 --- a/app/eventyay/config/settings.py +++ b/app/eventyay/config/settings.py @@ -1045,6 +1045,10 @@ def instance_name(request): EVENTYAY_SESSION_TIMEOUT_RELATIVE = 3600 * 3 EVENTYAY_SESSION_TIMEOUT_ABSOLUTE = 3600 * 12 +# Feature flags +# TODO: Enable when GDPR-compliant account deletion is implemented +ENABLE_ACCOUNT_DELETION = config.getboolean('features', 'enable_account_deletion', fallback=False) + PDFTK = config.get('tools', 'pdftk', fallback=None) PRETIX_SESSION_TIMEOUT_RELATIVE = 3600 * 3 PRETIX_SESSION_TIMEOUT_ABSOLUTE = 3600 * 12 From 76cac83dbca91a8e1e119fa858ad5f90edf12d3a Mon Sep 17 00:00:00 2001 From: jevinjojo Date: Thu, 13 Nov 2025 23:12:29 +0530 Subject: [PATCH 3/3] clean up --- app/eventyay/base/models/event.py | 2 +- app/eventyay/cfp/views/user.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/eventyay/base/models/event.py b/app/eventyay/base/models/event.py index 0cf63d218d..b1718f58db 100644 --- a/app/eventyay/base/models/event.py +++ b/app/eventyay/base/models/event.py @@ -818,7 +818,7 @@ class urls(EventUrls): reset = '{base}reset' submit = '{base}submit/' user = '{base}me/' - # TODO: Disabled user_delete URL — delete endpoint is incomplete/broken. + # TODO: Disabled user_delete URL — delete endpoint is incomplete/broken. # Will restore once proper deletion logic is ready. # user_delete = '{base}me/delete' user_submissions = '{user}submissions/' diff --git a/app/eventyay/cfp/views/user.py b/app/eventyay/cfp/views/user.py index 189ce151fa..62ad0c12ec 100644 --- a/app/eventyay/cfp/views/user.py +++ b/app/eventyay/cfp/views/user.py @@ -424,8 +424,8 @@ class DeleteAccountView(LoggedInEventPageMixin, View): """ Account deletion view - currently disabled by default. - TODO: Current implementation only calls user.deactivate() and does not fully remove user data and - is not GDPR compliant and will need a complete rework with proper data cleanup, once Account settings feature implemented. + TODO: Current implementation only calls user.deactivate() and does not fully remove user data (not GDPR compliant). + A complete rework with proper data cleanup will be needed once the Account settings feature is implemented. This view is only accessible when the ENABLE_ACCOUNT_DELETION feature flag is enabled. """