jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

users: delete more data when user deactivates their account.

Browse Source 
* Don't delete the user's favorites unless private favorites are enabled. The general rule is that
  public account activity is kept and private account activity is deleted.
* Delete the user's API keys, forum topics visits, private favgroups, downvotes, and upvotes (if
  privacy is enabled).
* Reset all of the user's account settings to default. This means custom CSS is deleted, where it
  wasn't before.
* Delete everything but the user's name and password asynchronously.
* Don't log the current user out if it's the owner deleting another user's account.
* Fix #5067 (Mod actions sometimes not created for user deletions) by wrapping the deletion process
  in a transaction.
This commit is contained in:
evazion
2022-11-05 23:26:13 -05:00
parent 3ffde5b23d
commit b43a913ad7
7 changed files with 143 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/logical/session_loader.rb
View File

@@ -46,11 +46,11 @@ class SessionLoader
end
# Logs the current user out. Deletes their session cookie and records a logout event.
def logout
def logout(user = CurrentUser.user)
session.delete(:user_id)
session.delete(:last_authenticated_at)
return if CurrentUser.user.is_anonymous?
UserEvent.create_from_request!(CurrentUser.user, :logout, request)
return if user.is_anonymous?
UserEvent.create_from_request!(user, :logout, request)
end
# Sets the current user. Runs on each HTTP request. The user is set based on