Merge pull request #16424 from CartoDB/bug/sc-232062/check-shared-entities-when-users-delete-themselves

[sc230232] Avoid deleting a user if it has shared entities
2 years ago · 1f25b5f047
parent d9ef0bcdb4 a823924588
commit 1f25b5f047
3 changed files with 10 additions and 3 deletions
--- a/NEWS.md
+++ b/NEWS.md
@ -37,6 +37,7 @@ Development
 - Update browser version checker to allow Firefox/100.0 [#16415](https://github.com/CartoDB/cartodb/pull/16415)
 - Update analysis schemas after giving required permissions on user promotion [#16390](https://github.com/CartoDB/cartodb/pull/16390)
 - Add timeout for SQL API exports [#16377](https://github.com/CartoDB/cartodb/pull/16377)
+- Avoid deleting a user if it has shared entities [#16424](https://github.com/CartoDB/cartodb/pull/16424)
 - Remove all references to Spatial Data Catalog and Kepler GL maps in on-premises [#16293](https://github.com/CartoDB/cartodb/pull/16293)
 - Increase hard-limit of MAX_TABLES_PER_IMPORT [#16374](https://github.com/CartoDB/cartodb/pull/16374)
 - Guard code for vizjson users [#16267](https://github.com/CartoDB/cartodb/pull/16267)
--- a/app/controllers/carto/api/organization_users_controller.rb
+++ b/app/controllers/carto/api/organization_users_controller.rb
@ -121,8 +121,8 @@ module Carto
        force_destroy = params[:force].present?

        if !force_destroy && @user.has_shared_entities?
-          error_message = "Can't delete @user. 'Has shared entities"
-          render_jsonp(error_message, 410 ) and return
+          error_message = "Can't delete user. Has shared entities"
+          render_jsonp(error_message, 401) and return
        end

        @user.set_force_destroy if force_destroy
--- a/app/controllers/carto/api/users_controller.rb
+++ b/app/controllers/carto/api/users_controller.rb
@ -111,7 +111,13 @@ module Carto
        deletion_password_confirmation = params[:deletion_password_confirmation]

        if user.needs_password_confirmation? && !user.validate_old_password(deletion_password_confirmation)
-          render_jsonp({ message: "Error deleting user: #{PASSWORD_DOES_NOT_MATCH_MESSAGE}" }, 400) and return
+          render_jsonp({ message: "Error deleting user: #{PASSWORD_DOES_NOT_MATCH_MESSAGE}" }, 400)
+          return
+        end
+
+        if user.has_shared_entities?
+          render_jsonp({ message: "User can't be deleted because there are shared entities. Please, unshare or delete them and try again." }, 401)
+          return
        end

        user.destroy_account