implement permanent deletion, make user profile migration reversible

2025-11-26 16:50:42 +01:00 · 2025-11-26 16:50:42 +01:00 · 8369035693
commit 8369035693
parent 536e49d1b9
7 changed files with 21 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -17,4 +17,5 @@ config/
 .\#*
 node_modules/
 alembic.ini
-**.egg-info
+**.egg-info
+.vscode
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,9 +2,12 @@

 ## 0.10.0
 + Codebase refactor (with breaking changes!)
+ Dropped support for Python<=3.9
 + Move ALL config to .env (config.py is NO MORE supported)
 + Config SITE_NAME replaced with APP_NAME
 + Add CSRF token and flask_WTF
+ Schema changes: biography and website moved to `User`; `UserProfile` table deprecated (and useless fields removed)
+ Posts can now be permanently deleted

 ## 0.9.0

--- a/src/coriplus/init.py
+++ b/src/coriplus/init.py
@ -24,7 +24,7 @@ from flask_wtf import CSRFProtect
 import dotenv
 import logging

-__version__ = '0.10.0-dev45'
+__version__ = '0.10.0-dev47'

 # we want to support Python 3.10+ only.
 # Python 2 has too many caveats.
@ -63,7 +63,7 @@ def before_request():
    try:
        g.db.connect()
    except OperationalError:
-        logger.error('database connected twice.\n')
+        logger.error('database connected twice')

@app.after_request
 def after_request(response):
--- a/src/coriplus/models.py
+++ b/src/coriplus/models.py
@ -23,6 +23,8 @@ from . import BASEDIR
 database = connect(os.environ['DATABASE_URL'])

 class BaseModel(Model):
+    id = AutoField(primary_key=True)
+
    class Meta:
        database = database

--- a/src/coriplus/templates/confirm_delete.html
+++ b/src/coriplus/templates/confirm_delete.html
@ -16,7 +16,7 @@
  </ul>

  <form method="POST">
-  <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
    <input type="submit" value="Delete">
  </form>
 </div>
--- a/src/coriplus/website.py
+++ b/src/coriplus/website.py
@ -239,12 +239,15 @@ def edit(id):

@bp.route('/delete/<int:id>', methods=['GET', 'POST'])
 def confirm_delete(id):
-    user = get_current_user()
-    message = get_object_or_404(Message, Message.id == id)
+    user: User = current_user
+    message: Message  = get_object_or_404(Message, Message.id == id)
    if message.user != user:
        abort(404)
    if request.method == 'POST':
-        abort(501, 'CSRF-Token missing.')
+        if message.user == user:
+            message.delete_instance()
+            flash('Your message has been deleted forever')
+            return redirect(request.args.get('next', '/'))
    return render_template('confirm_delete.html', message=message)

 # Workaround for problems related to invalid data.
--- a/src/migrations/002_move_columns_from_userprofile.py
+++ b/src/migrations/002_move_columns_from_userprofile.py
@ -70,6 +70,11 @@ def rollback(migrator: Migrator, database: pw.Database, *, fake=False):
        facebook=pw.TextField(null=True),
        telegram=pw.TextField(null=True))

+    migrator.sql("""
+    UPDATE "userprofile" SET biography = (SELECT p.biography FROM user p WHERE p.user_id = id LIMIT 1), 
+    website = (SELECT p.website FROM user p WHERE p.user_id = id LIMIT 1);
+    """)
+
    migrator.remove_fields('user', 'biography', 'website')

    migrator.change_fields('user', username=pw.CharField(max_length=255, unique=True))