users: delete more data when user deactivates their account.

* Don't delete the user's favorites unless private favorites are enabled. The general rule is that public account activity is kept and private account activity is deleted. * Delete the user's API keys, forum topics visits, private favgroups, downvotes, and upvotes (if privacy is enabled). * Reset all of the user's account settings to default. This means custom CSS is deleted, where it wasn't before. * Delete everything but the user's name and password asynchronously. * Don't log the current user out if it's the owner deleting another user's account. * Fix #5067 (Mod actions sometimes not created for user deletions) by wrapping the deletion process in a transaction.
2022-11-05 23:26:13 -05:00
parent 3ffde5b23d
commit b43a913ad7
7 changed files with 143 additions and 53 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -58,6 +58,9 @@ class User < ApplicationRecord

  ACTIVE_BOOLEAN_ATTRIBUTES = BOOLEAN_ATTRIBUTES.grep_v(/unused/)

+  # Personal preferences that are editable by the user, rather than internal flags. These will be cleared when the user deactivates their account.
+  USER_PREFERENCE_BOOLEAN_ATTRIBUTES = ACTIVE_BOOLEAN_ATTRIBUTES - %w[is_banned requires_verification is_verified]
+
  DEFAULT_BLACKLIST = ["guro", "scat", "furry -rating:g"].join("\n")

  attribute :id