From 8369035693c15eb304fa54da34d4e61f0e7e05bb Mon Sep 17 00:00:00 2001 From: Yusur Princeps Date: Wed, 26 Nov 2025 16:50:42 +0100 Subject: [PATCH] implement permanent deletion, make user profile migration reversible --- .gitignore | 3 ++- CHANGELOG.md | 3 +++ src/coriplus/__init__.py | 4 ++-- src/coriplus/models.py | 2 ++ src/coriplus/templates/confirm_delete.html | 2 +- src/coriplus/website.py | 9 ++++++--- src/migrations/002_move_columns_from_userprofile.py | 5 +++++ 7 files changed, 21 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 546be68..75b7704 100644 --- a/.gitignore +++ b/.gitignore @@ -17,4 +17,5 @@ config/ .\#* node_modules/ alembic.ini -**.egg-info \ No newline at end of file +**.egg-info +.vscode \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 24a2232..6bf0e72 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,9 +2,12 @@ ## 0.10.0 + Codebase refactor (with breaking changes!) ++ Dropped support for Python<=3.9 + Move ALL config to .env (config.py is NO MORE supported) + Config SITE_NAME replaced with APP_NAME + Add CSRF token and flask_WTF ++ Schema changes: biography and website moved to `User`; `UserProfile` table deprecated (and useless fields removed) ++ Posts can now be permanently deleted ## 0.9.0 diff --git a/src/coriplus/__init__.py b/src/coriplus/__init__.py index 9543c60..305ea7b 100644 --- a/src/coriplus/__init__.py +++ b/src/coriplus/__init__.py @@ -24,7 +24,7 @@ from flask_wtf import CSRFProtect import dotenv import logging -__version__ = '0.10.0-dev45' +__version__ = '0.10.0-dev47' # we want to support Python 3.10+ only. # Python 2 has too many caveats. @@ -63,7 +63,7 @@ def before_request(): try: g.db.connect() except OperationalError: - logger.error('database connected twice.\n') + logger.error('database connected twice') @app.after_request def after_request(response): diff --git a/src/coriplus/models.py b/src/coriplus/models.py index f47fa65..07d52b7 100644 --- a/src/coriplus/models.py +++ b/src/coriplus/models.py @@ -23,6 +23,8 @@ from . import BASEDIR database = connect(os.environ['DATABASE_URL']) class BaseModel(Model): + id = AutoField(primary_key=True) + class Meta: database = database diff --git a/src/coriplus/templates/confirm_delete.html b/src/coriplus/templates/confirm_delete.html index 3d89e16..7343dad 100644 --- a/src/coriplus/templates/confirm_delete.html +++ b/src/coriplus/templates/confirm_delete.html @@ -16,7 +16,7 @@
- +
diff --git a/src/coriplus/website.py b/src/coriplus/website.py index 14b944c..ab9ab53 100644 --- a/src/coriplus/website.py +++ b/src/coriplus/website.py @@ -239,12 +239,15 @@ def edit(id): @bp.route('/delete/', methods=['GET', 'POST']) def confirm_delete(id): - user = get_current_user() - message = get_object_or_404(Message, Message.id == id) + user: User = current_user + message: Message = get_object_or_404(Message, Message.id == id) if message.user != user: abort(404) if request.method == 'POST': - abort(501, 'CSRF-Token missing.') + if message.user == user: + message.delete_instance() + flash('Your message has been deleted forever') + return redirect(request.args.get('next', '/')) return render_template('confirm_delete.html', message=message) # Workaround for problems related to invalid data. diff --git a/src/migrations/002_move_columns_from_userprofile.py b/src/migrations/002_move_columns_from_userprofile.py index 0b2d004..d8637f7 100644 --- a/src/migrations/002_move_columns_from_userprofile.py +++ b/src/migrations/002_move_columns_from_userprofile.py @@ -70,6 +70,11 @@ def rollback(migrator: Migrator, database: pw.Database, *, fake=False): facebook=pw.TextField(null=True), telegram=pw.TextField(null=True)) + migrator.sql(""" + UPDATE "userprofile" SET biography = (SELECT p.biography FROM user p WHERE p.user_id = id LIMIT 1), + website = (SELECT p.website FROM user p WHERE p.user_id = id LIMIT 1); + """) + migrator.remove_fields('user', 'biography', 'website') migrator.change_fields('user', username=pw.CharField(max_length=255, unique=True))