Allow to anonymize users

2018-11-05 11:11:21 +01:00
parent 0a5347c08b
commit 7039374588
5 changed files with 52 additions and 2 deletions
--- a/src/pretix/control/logdisplay.py
+++ b/src/pretix/control/logdisplay.py
@@ -215,11 +215,12 @@ def pretixcontrol_logentry_display(sender: Event, logentry: LogEntry, **kwargs):
        'pretix.user.settings.notifications.enabled': _('Notifications have been enabled.'),
        'pretix.user.settings.notifications.disabled': _('Notifications have been disabled.'),
        'pretix.user.settings.notifications.changed': _('Your notification settings have been changed.'),
-        'pretix.organizer.deleted': _('The organizer "{name}" has been deleted.'),
+        'pretix.user.anonymized': _('This user has been anonymized.'),
        'pretix.user.oauth.authorized': _('The application "{application_name}" has been authorized to access your '
                                          'account.'),
        'pretix.control.auth.user.forgot_password.mail_sent': _('Password reset mail sent.'),
        'pretix.control.auth.user.forgot_password.recovered': _('The password has been reset.'),
+        'pretix.organizer.deleted': _('The organizer "{name}" has been deleted.'),
        'pretix.voucher.added': _('The voucher has been created.'),
        'pretix.voucher.added.waitinglist': _('The voucher has been created and sent to a person on the waiting list.'),
        'pretix.voucher.changed': _('The voucher has been changed.'),
--- a/src/pretix/control/templates/pretixcontrol/users/anonymize.html
+++ b/src/pretix/control/templates/pretixcontrol/users/anonymize.html
@@ -0,0 +1,15 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Anonymize user" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Anonymize user" %} {{ user.email }}</h1>
+    <form action="" method="post" class="form-horizontal">
+        {% csrf_token %}
+        <div class="form-group submit-group">
+            <button type="submit" class="btn btn-danger btn-save">
+                {% trans "Disable and anonymize user" %}
+            </button>
+        </div>
+    </form>
+{% endblock %}
--- a/src/pretix/control/templates/pretixcontrol/users/form.html
+++ b/src/pretix/control/templates/pretixcontrol/users/form.html
@@ -13,6 +13,7 @@
            {% csrf_token %}
            <button class="btn btn-default">{% trans "Impersonate user" %}</button>
        </form>
+        <a href="{% url "control:users.anonymize" id=user.pk %}" class="btn btn-default">{% trans "Anonymize" %}</a>
    </p>
    <div class="row">
        <div class="col-md-10 col-xs-12">
--- a/src/pretix/control/urls.py
+++ b/src/pretix/control/urls.py
@@ -31,6 +31,7 @@ urlpatterns = [
    url(r'^users/(?P<id>\d+)/$', users.UserEditView.as_view(), name='users.edit'),
    url(r'^users/(?P<id>\d+)/reset$', users.UserResetView.as_view(), name='users.reset'),
    url(r'^users/(?P<id>\d+)/impersonate', users.UserImpersonateView.as_view(), name='users.impersonate'),
+    url(r'^users/(?P<id>\d+)/anonymize', users.UserAnonymizeView.as_view(), name='users.anonymize'),
    url(r'^settings/?$', user.UserSettings.as_view(), name='user.settings'),
    url(r'^settings/history/$', user.UserHistoryView.as_view(), name='user.settings.history'),
    url(r'^settings/notifications/$', user.UserNotificationsEditView.as_view(), name='user.settings.notifications'),
--- a/src/pretix/control/views/users.py
+++ b/src/pretix/control/views/users.py
@@ -1,3 +1,5 @@
+import json
+
 from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
@@ -6,7 +8,7 @@ from django.urls import reverse
 from django.utils.functional import cached_property
 from django.utils.translation import ugettext_lazy as _
 from django.views import View
-from django.views.generic import ListView
+from django.views.generic import ListView, TemplateView
 from hijack.helpers import login_user, release_hijack

 from pretix.base.models import User
@@ -99,6 +101,36 @@ class UserResetView(AdministratorPermissionRequiredMixin, RecentAuthenticationRe
        return reverse('control:users.edit', kwargs=self.kwargs)


+class UserAnonymizeView(AdministratorPermissionRequiredMixin, RecentAuthenticationRequiredMixin, TemplateView):
+    template_name = "pretixcontrol/users/anonymize.html"
+
+    def get_context_data(self, **kwargs):
+        ctx = super().get_context_data(**kwargs)
+        ctx['user'] = get_object_or_404(User, pk=self.kwargs.get("id"))
+        return ctx
+
+    def post(self, request, *args, **kwargs):
+        self.object = get_object_or_404(User, pk=self.kwargs.get("id"))
+        self.object.log_action('pretix.user.anonymized',
+                               user=request.user)
+        self.object.email = "{}@disabled.pretix.eu".format(self.object.pk)
+        self.object.fullname = ""
+        self.object.is_active = False
+        self.object.notifications_send = False
+        self.object.save()
+        for le in self.object.all_logentries.filter(action_type="pretix.user.settings.changed"):
+            d = le.parsed_data
+            if 'email' in d:
+                d['email'] = '█'
+            if 'fullname' in d:
+                d['fullname'] = '█'
+            le.data = json.dumps(d)
+            le.shredded = True
+            le.save(update_fields=['data', 'shredded'])
+
+        return redirect(reverse('control:users.edit', kwargs=self.kwargs))
+
+
 class UserImpersonateView(AdministratorPermissionRequiredMixin, RecentAuthenticationRequiredMixin, View):

    def get(self, request, *args, **kwargs):