Skip to content

Allow deleting members with payments again #3707

Description

@DeD1rk

Describe the bug

Since #3417 it's not possible to delete a Member when they've made a payment.

For privacy reasons, the user coudl request being deleted. While we do need to maintain payment history (so the old CASCADE of payments was not correct either), I think we can probably be fine allowing the delete with SET_NULL on Payment.paid_by.

I'm reasonably confident this will work fine:

  • BankAccounts (including sepa mandates) contain a copy of the real name, and have SET_NULL on they FK to the user. So we still keep any sepa mandate that we're legally required to store.
  • Payments don't need to have a payer (we do currently payments without a known payer, and can push those to moneybird).

Something we also need to fix is this CASCADE, and the equivalent in FoodOrder:

member = models.ForeignKey(
"members.Member",
models.CASCADE,
blank=True,
null=True,
)

Basically, if we're deleting a user, we shouldn't CASCADE objects that in the normal dataminimisation simply get their FK to Member set to null. This goes for eventregistrations but also FoodOrder.

How to reproduce

  1. Try to delete a user.
  2. It's not allowed because of protected foreign keys.

Expected behaviour

There is a warning that people should be very careful about it, but it is allowed.

Metadata

Metadata

Assignees

Labels

app:eventsIssues regarding the events-appapp:membersIssues regarding the members-appapp:moneybirdsynchronizationIssues regarding the Moneybird synchronizationapp:paymentsIssues regarding the payments-appapp:pizzasIssues regarding the pizzas-appboardNeed to involve the boardbugSomething that should be fixedpriority: highMust be dealt with before the next release is deployed.securitySecurity related issues

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions