Remove "Delete My Account" option from Speaker Profile section #1238
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Currently translated at 0.1% (3 of 4121 strings) Translation: eventyay/Eventyay Tickets Translate-URL: https://hosted.weblate.org/projects/open-event/eventyay-tickets/zh_Hant/
Currently translated at 0.2% (9 of 4121 strings) Translation: eventyay/Eventyay Tickets Translate-URL: https://hosted.weblate.org/projects/open-event/eventyay-tickets/zh_Hant/
Currently translated at 0.4% (18 of 4121 strings) Translation: eventyay/Eventyay Tickets Translate-URL: https://hosted.weblate.org/projects/open-event/eventyay-tickets/pl_INFORMAL/
Currently translated at 2.9% (123 of 4121 strings) Translation: eventyay/eventyay Translate-URL: https://hosted.weblate.org/projects/eventyay/eventyay/zh_Hant/
Currently translated at 2.9% (123 of 4121 strings) Translation: eventyay/eventyay Translate-URL: https://hosted.weblate.org/projects/eventyay/eventyay/zh_Hant/
Contributor
Reviewer's GuideTemporarily disables the “Delete My Account” feature by removing its UI, disabling related routes and URL mappings, and annotating the incomplete deletion logic with TODOs for a future comprehensive implementation. Class diagram for updated DeleteAccountView and related URL mappingclassDiagram
class EventUrls {
+reset
+submit
+user
#user_delete (disabled)
+user_submissions
+user_mails
+schedule
}
class DeleteAccountView {
+post(request, event)
#TODO: Only calls user.deactivate(), does not fully delete user data
}
EventUrls <|-- DeleteAccountView
File-Level Changes
Assessment against linked issues
Possibly linked issues
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Hey there - I've reviewed your changes - here's some feedback:
- The broad indentation reformat in user_profile.html adds a lot of noise—please restrict changes to only the deletion section to keep the diff focused.
- Instead of commenting out the delete-account code, consider removing it entirely (you can always restore via version control) to keep templates and URL configs clean.
- Rather than hard‐commenting the delete route, you might introduce a feature flag or conditional setting to disable account deletion until the GDPR-compliant implementation is ready.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The broad indentation reformat in user_profile.html adds a lot of noise—please restrict changes to only the deletion section to keep the diff focused.
- Instead of commenting out the delete-account code, consider removing it entirely (you can always restore via version control) to keep templates and URL configs clean.
- Rather than hard‐commenting the delete route, you might introduce a feature flag or conditional setting to disable account deletion until the GDPR-compliant implementation is ready.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
Contributor
Author
|
@mariobehling please take a look when you're free. Thanks! |
Member
|
@jevinjojo Please follow the suggestion of @sourcery-ai about
|
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR temporarily removes the "Delete My Account" functionality from the speaker profile page until a proper GDPR-compliant account deletion implementation can be developed. The feature is gated behind a feature flag (ENABLE_ACCOUNT_DELETION) that defaults to False.
Key changes:
- Added
ENABLE_ACCOUNT_DELETIONfeature flag in settings (defaults to False) - Conditionally registered the
/me/deleteroute based on feature flag - Removed account deletion UI section from the user profile template
- Commented out
user_deleteURL property in Event model
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| app/eventyay/config/settings.py | Introduces ENABLE_ACCOUNT_DELETION feature flag with default False to control account deletion feature availability |
| app/eventyay/cfp/views/user.py | Adds documentation to DeleteAccountView explaining it's disabled by default and requires GDPR-compliant implementation |
| app/eventyay/cfp/urls.py | Conditionally registers the delete account route only when feature flag is enabled |
| app/eventyay/cfp/templates/cfp/event/user_profile.html | Removes entire account deletion section from the speaker profile UI |
| app/eventyay/base/models/event.py | Comments out user_delete URL property with TODO note about incomplete implementation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
app/eventyay/cfp/views/user.py
Outdated
Comment on lines
427
to
428
| TODO: Current implementation only calls user.deactivate() and does not fully remove user data and | ||
| is not GDPR compliant and will need a complete rework with proper data cleanup, once Account settings feature implemented. |
There was a problem hiding this comment.
The documentation has a grammatical error. The phrase "and does not fully remove user data and is not GDPR compliant" is redundant. It should be either "does not fully remove user data" or "is not GDPR compliant", or better yet: "does not fully remove user data (not GDPR compliant)".
Suggested change
| TODO: Current implementation only calls user.deactivate() and does not fully remove user data and | |
| is not GDPR compliant and will need a complete rework with proper data cleanup, once Account settings feature implemented. | |
| TODO: Current implementation only calls user.deactivate() and does not fully remove user data (not GDPR compliant). | |
| A complete rework with proper data cleanup will be needed once the Account settings feature is implemented. |
app/eventyay/base/models/event.py
Outdated
| submit = '{base}submit/' | ||
| user = '{base}me/' | ||
| user_delete = '{base}me/delete' | ||
| # TODO: Disabled user_delete URL — delete endpoint is incomplete/broken. |
There was a problem hiding this comment.
There's an extra space in the TODO comment. "TODO: Disabled" should be "TODO: Disabled" (single space after colon).
Suggested change
| # TODO: Disabled user_delete URL — delete endpoint is incomplete/broken. | |
| # TODO: Disabled user_delete URL — delete endpoint is incomplete/broken. |
Contributor
Author
|
@mariobehling I think we're good to go! |
…ossasia#1341) Updates the requirements on [sentry-sdk](https://github.com/getsentry/sentry-python) to permit the latest version. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@2.45.0...2.46.0) --- updated-dependencies: - dependency-name: sentry-sdk dependency-version: 2.46.0 dependency-type: direct:production ... Signed-off-by: Mario Behling <mb@mariobehling.de>
Those URLs are for logged-in users, not for public search. We don't need to keep them alive. Co-authored-by: Mario Behling <mb@mariobehling.de>
* fix: resolve PDF download issues fossasia#1245 fossasia#1247 - Fix duplicate .pdf extension in ticket filenames by removing redundant provider identifier - Add defensive null checks for order_position to prevent HTTP 500 errors - Apply consistent filename format across presale, control, and API views - Filenames now follow clean pattern: EVENT-CODE-POSITION.pdf Fixes fossasia#1245: HTTP 500 error on confirmation page PDF download Fixes fossasia#1247: Duplicate .pdf extension in ticket filename * fix: correct extra closing brace in filename format string Fixes syntax error where fallback filename had an extra '}' character causing malformed filenames. * fix: remove unnecessary null checks in PDF download --------- Co-authored-by: Mario Behling <mb@mariobehling.de> Co-authored-by: Srivatsav Auswin <75414859+Sak1012@users.noreply.github.com>
Updates the requirements on [django-phonenumber-field](https://github.com/stefanfoulis/django-phonenumber-field) to permit the latest version. - [Release notes](https://github.com/stefanfoulis/django-phonenumber-field/releases) - [Changelog](https://github.com/stefanfoulis/django-phonenumber-field/blob/main/CHANGELOG.rst) - [Commits](stefanfoulis/django-phonenumber-field@7.3.0...8.4.0) --- updated-dependencies: - dependency-name: django-phonenumber-field dependency-version: 8.4.0 dependency-type: direct:production ... Signed-off-by: Mario Behling <mb@mariobehling.de>
…2.* (fossasia#1346) Updates the requirements on [django-countries](https://github.com/SmileyChris/django-countries) to permit the latest version. - [Changelog](https://github.com/SmileyChris/django-countries/blob/main/CHANGES.md) - [Commits](SmileyChris/django-countries@v8.1.0...v8.2.0) --- updated-dependencies: - dependency-name: django-countries dependency-version: 8.2.0 dependency-type: direct:production ... Signed-off-by: Mario Behling <mb@mariobehling.de>
Co-authored-by: Srivatsav Auswin <75414859+Sak1012@users.noreply.github.com> Co-authored-by: Mario Behling <mb@mariobehling.de>
* Show Wikimedia username in ticket checkout page * Address Sourcery review * Correct the label of `wikimedia_username` in User Settings form
* Translated using Weblate (Chinese (Traditional Han script)) Currently translated at 0.1% (3 of 4121 strings) Translation: eventyay/Eventyay Tickets Translate-URL: https://hosted.weblate.org/projects/open-event/eventyay-tickets/zh_Hant/ * Translated using Weblate (Chinese (Traditional Han script)) Currently translated at 0.2% (9 of 4121 strings) Translation: eventyay/Eventyay Tickets Translate-URL: https://hosted.weblate.org/projects/open-event/eventyay-tickets/zh_Hant/ * Translated using Weblate (Polish (pl_INFORMAL)) Currently translated at 0.4% (18 of 4121 strings) Translation: eventyay/Eventyay Tickets Translate-URL: https://hosted.weblate.org/projects/open-event/eventyay-tickets/pl_INFORMAL/ * Added translation using Weblate (Persian) * Added translation using Weblate (Indonesian) * Added translation using Weblate (Japanese) * Added translation using Weblate (Korean) * Added translation using Weblate (Malay) * Added translation using Weblate (Thai) * Added translation using Weblate (Vietnamese) * i18n(translations): update localized strings from Weblate Currently translated at 2.9% (123 of 4121 strings) Translation: eventyay/eventyay Translate-URL: https://hosted.weblate.org/projects/eventyay/eventyay/zh_Hant/ * i18n(translations): update localized strings from Weblate Currently translated at 2.9% (123 of 4121 strings) Translation: eventyay/eventyay Translate-URL: https://hosted.weblate.org/projects/eventyay/eventyay/zh_Hant/ * fix(wlc): add wlc --------- Co-authored-by: marvel at flowers <qiuhangli_2024@qq.com> Co-authored-by: Supaplex <bejokeup@gmail.com> Co-authored-by: Jakub Paw <jakub201307@gmail.com> Co-authored-by: abbas davarpanah <abbasdp@proton.me> Co-authored-by: Mario Behling <mb@mariobehling.de> Co-authored-by: Yucheng Lin <yuchenglinedu@gmail.com>
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.12.4 to 2.12.5. - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/v2.12.5/HISTORY.md) - [Commits](pydantic/pydantic@v2.12.4...v2.12.5) --- updated-dependencies: - dependency-name: pydantic dependency-version: 2.12.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: Mario Behling <mb@mariobehling.de>
…t-500-clean fix: unable to export order data – HTTP 500 error
…fossasia#1248) (fossasia#1357) Co-authored-by: Mario Behling <mb@mariobehling.de>
i18n(translations): update localized strings from Weblate
…sasia#1321) * fix: Resolve multiple exporter failures after database migration * Update app/eventyay/base/exporters/waitinglist.py * removed redundant length checks in reports exporter * Update app/eventyay/plugins/ticketoutputpdf/exporters.py * Update app/eventyay/plugins/checkinlists/exporters.py * Update app/eventyay/plugins/badges/exporters.py * fix: remove duplicate JSON_FIELD_AVAILABLE definition --------- Co-authored-by: Mario Behling <mb@mariobehling.de> Co-authored-by: Srivatsav Auswin <75414859+Sak1012@users.noreply.github.com>
…fossasia#1331) * fixed featured sessions and 500 errors on sessions and reviews * implemented suggestions --------- Co-authored-by: Mario Behling <mb@mariobehling.de>
…a#997 (fossasia#1352) Co-authored-by: Mario Behling <mb@mariobehling.de>
Co-authored-by: Mario Behling <mb@mariobehling.de>
* urls fix * fix pages and schedule communication * implemented suggestions --------- Co-authored-by: Mario Behling <mb@mariobehling.de>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue
Changes Made
user_profile.html/me/deleteroute incfp/urls.pyto prevent API accessDeleteAccountViewexplaining the issueSummary by Sourcery
Temporarily remove the "Delete My Account" option from the speaker profile page and disable its endpoint until a full, GDPR-compliant account deletion feature is implemented.
Enhancements:
Documentation:
Chores: