From c8a1b5c73c09c7bdab371bf93253e86f26e6295c Mon Sep 17 00:00:00 2001
From: Uku Taht <uku.taht@gmail.com>
Date: Wed, 8 Sep 2021 11:09:58 +0300
Subject: [PATCH] Do not cascade user deletion to sites they do now own

---
 lib/plausible_web/controllers/auth_controller.ex       | 10 +++++++---
 .../templates/auth/user_settings.html.eex              |  2 +-
 .../plausible_web/controllers/auth_controller_test.exs | 10 ++++++++++
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/lib/plausible_web/controllers/auth_controller.ex b/lib/plausible_web/controllers/auth_controller.ex
index 1a9556bc..90ba3327 100644
--- a/lib/plausible_web/controllers/auth_controller.ex
+++ b/lib/plausible_web/controllers/auth_controller.ex
@@ -482,11 +482,15 @@ defmodule PlausibleWeb.AuthController do
   def delete_me(conn, params) do
     user =
       conn.assigns[:current_user]
-      |> Repo.preload(:sites)
+      |> Repo.preload(site_memberships: :site)
       |> Repo.preload(:subscription)
 
-    for site <- user.sites do
-      Repo.delete!(site)
+    for membership <- user.site_memberships do
+      Repo.delete!(membership)
+
+      if membership.role == :owner do
+        Repo.delete!(membership.site)
+      end
     end
 
     if user.subscription, do: Repo.delete!(user.subscription)
diff --git a/lib/plausible_web/templates/auth/user_settings.html.eex b/lib/plausible_web/templates/auth/user_settings.html.eex
index 6a9a38fe..16e1c4b3 100644
--- a/lib/plausible_web/templates/auth/user_settings.html.eex
+++ b/lib/plausible_web/templates/auth/user_settings.html.eex
@@ -226,6 +226,6 @@
     <span class="mt-6 bg-gray-300 button dark:bg-gray-800 hover:shadow-none">Delete my account</span>
     <p class="mt-2 text-sm text-gray-600 dark:text-gray-400">Your account cannot be deleted because you have an active subscription. If you want to delete your account, please cancel your subscription first.</p>
   <% else %>
-    <%= link("Delete my account", to: "/me", class: "inline-block mt-4 px-4 py-2 border border-gray-300 dark:border-gray-500 text-sm leading-5 font-medium rounded-md text-red-700 bg-white dark:bg-gray-800 hover:text-red-500 dark:hover:text-red-400 focus:outline-none focus:border-blue-300 focus:ring active:text-red-800 active:bg-gray-50 transition ease-in-out duration-150", method: "delete", data: [confirm: "Deleting your account cannot be reversed. Are you sure?"]) %>
+    <%= link("Delete my account", to: "/me", class: "inline-block mt-4 px-4 py-2 border border-gray-300 dark:border-gray-500 text-sm leading-5 font-medium rounded-md text-red-700 bg-white dark:bg-gray-800 hover:text-red-500 dark:hover:text-red-400 focus:outline-none focus:border-blue-300 focus:ring active:text-red-800 active:bg-gray-50 transition ease-in-out duration-150", method: "delete", data: [confirm: "Deleting your account will also delete all the sites that you own. This action cannot be reversed. Are you sure?"]) %>
   <% end %>
 </div>
diff --git a/test/plausible_web/controllers/auth_controller_test.exs b/test/plausible_web/controllers/auth_controller_test.exs
index b93ed8a1..cb44b32b 100644
--- a/test/plausible_web/controllers/auth_controller_test.exs
+++ b/test/plausible_web/controllers/auth_controller_test.exs
@@ -368,5 +368,15 @@ defmodule PlausibleWeb.AuthControllerTest do
       conn = delete(conn, "/me")
       assert redirected_to(conn) == "/"
     end
+
+    test "deletes sites that the user owns", %{conn: conn, user: user, site: owner_site} do
+      viewer_site = insert(:site)
+      insert(:site_membership, site: viewer_site, user: user, role: "viewer")
+
+      delete(conn, "/me")
+
+      assert Repo.get(Plausible.Site, viewer_site.id)
+      refute Repo.get(Plausible.Site, owner_site.id)
+    end
   end
 end
-- 
GitLab