-
Notifications
You must be signed in to change notification settings - Fork 13
Allow deleting members with payments again #3707
Copy link
Copy link
Open
Labels
app:eventsIssues regarding the events-appIssues regarding the events-appapp:membersIssues regarding the members-appIssues regarding the members-appapp:moneybirdsynchronizationIssues regarding the Moneybird synchronizationIssues regarding the Moneybird synchronizationapp:paymentsIssues regarding the payments-appIssues regarding the payments-appapp:pizzasIssues regarding the pizzas-appIssues regarding the pizzas-appboardNeed to involve the boardNeed to involve the boardbugSomething that should be fixedSomething that should be fixedpriority: highMust be dealt with before the next release is deployed.Must be dealt with before the next release is deployed.securitySecurity related issuesSecurity related issues
Milestone
Description
Metadata
Metadata
Assignees
Labels
app:eventsIssues regarding the events-appIssues regarding the events-appapp:membersIssues regarding the members-appIssues regarding the members-appapp:moneybirdsynchronizationIssues regarding the Moneybird synchronizationIssues regarding the Moneybird synchronizationapp:paymentsIssues regarding the payments-appIssues regarding the payments-appapp:pizzasIssues regarding the pizzas-appIssues regarding the pizzas-appboardNeed to involve the boardNeed to involve the boardbugSomething that should be fixedSomething that should be fixedpriority: highMust be dealt with before the next release is deployed.Must be dealt with before the next release is deployed.securitySecurity related issuesSecurity related issues
Type
Fields
No fields configured for issues without a type.
Describe the bug
Since #3417 it's not possible to delete a Member when they've made a payment.
For privacy reasons, the user coudl request being deleted. While we do need to maintain payment history (so the old CASCADE of payments was not correct either), I think we can probably be fine allowing the delete with SET_NULL on Payment.paid_by.
I'm reasonably confident this will work fine:
Something we also need to fix is this CASCADE, and the equivalent in FoodOrder:
concrexit/website/events/models/event_registration.py
Lines 31 to 36 in ad15aba
Basically, if we're deleting a user, we shouldn't CASCADE objects that in the normal dataminimisation simply get their FK to Member set to null. This goes for eventregistrations but also FoodOrder.
How to reproduce
Expected behaviour
There is a warning that people should be very careful about it, but it is allowed.