Refs #678 -- Allow deletion of events that do not have any orders

src/pretix/control/forms/event.py

@@ -1,5 +1,6 @@
 from django import forms
 from django.conf import settings
+from django.contrib.auth.hashers import check_password
 from django.core.exceptions import ValidationError
 from django.core.validators import RegexValidator
 from django.db.models import Q
@@ -951,3 +952,43 @@ class WidgetCodeForm(forms.Form):
             raise ValidationError(_('The given voucher code does not exist.'))
 
         return v
+
+
+class EventDeleteForm(forms.Form):
+    error_messages = {
+        'pw_current_wrong': _("The password you entered was not correct."),
+        'slug_wrong': _("The slug you entered was not correct."),
+    }
+    user_pw = forms.CharField(
+        max_length=255,
+        label=_("New password"),
+        widget=forms.PasswordInput()
+    )
+    slug = forms.CharField(
+        max_length=255,
+        label=_("Event slug"),
+    )
+
+    def __init__(self, *args, **kwargs):
+        self.event = kwargs.pop('event')
+        self.user = kwargs.pop('user')
+        super().__init__(*args, **kwargs)
+
+    def clean_user_pw(self):
+        user_pw = self.cleaned_data.get('user_pw')
+        if not check_password(user_pw, self.user.password):
+            raise forms.ValidationError(
+                self.error_messages['pw_current_wrong'],
+                code='pw_current_wrong',
+            )
+
+        return user_pw
+
+    def clean_slug(self):
+        slug = self.cleaned_data.get('slug')
+        if slug != self.event.slug:
+            raise forms.ValidationError(
+                self.error_messages['slug_wrong'],
+                code='slug_wrong',
+            )
+        return slug

src/pretix/control/logdisplay.py

@@ -137,6 +137,7 @@ def pretixcontrol_logentry_display(sender: Event, logentry: LogEntry, **kwargs):
         'pretix.event.order.email.order_paid': _('An email has been sent to notify the user that payment has been received.'),
         'pretix.event.order.email.order_placed': _('An email has been sent to notify the user that the order has been received and requires payment.'),
         'pretix.event.order.email.resend': _('An email with a link to the order detail page has been resent to the user.'),
+        'pretix.control.auth.user.created': _('The user has been created.'),
         'pretix.user.settings.2fa.enabled': _('Two-factor authentication has been enabled.'),
         'pretix.user.settings.2fa.disabled': _('Two-factor authentication has been disabled.'),
         'pretix.user.settings.2fa.regenemergency': _('Your two-factor emergency codes have been regenerated.'),

src/pretix/control/templates/pretixcontrol/event/delete.html

@@ -0,0 +1,70 @@
+{% extends "pretixcontrol/event/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block content %}
+    <h1>{% trans "Delete event" %}</h1>
+    {% if request.event.allow_delete %}
+        {% bootstrap_form_errors form layout="inline" %}
+        <p>
+            {% blocktrans trimmed %}
+                This operation will destroy your event including all configuration, products, quotas, questions,
+                vouchers, lists, etc.
+            {% endblocktrans %}
+        </p>
+        <p><strong>
+            {% blocktrans trimmed %}
+                This operation is irreversible and there is no way to bring your data back.
+            {% endblocktrans %}
+        </strong></p>
+        <form action="" method="post">
+            {% csrf_token %}
+            <p>
+                {% blocktrans trimmed with slug=request.event.slug %}
+                    To confirm you really want this, please type out the event's short name ("{{ slug }}") here:
+                {% endblocktrans %}
+            </p>
+            {% bootstrap_field form.slug layout="inline" %}
+            <p>
+                {% blocktrans trimmed with slug=request.event.slug %}
+                    Also, to make sure it's really you, please enter your user password here:
+                {% endblocktrans %}
+            </p>
+            {% bootstrap_field form.user_pw layout="inline" %}
+
+            <div class="form-group submit-group">
+                <button type="submit" class="btn btn-danger btn-save">
+                    {% trans "Delete" %}
+                </button>
+            </div>
+        </form>
+    {% else %}
+        <p>
+            {% trans "Your event can not be deleted as it already contains orders." %}
+        </p>
+        <p>
+            {% blocktrans trimmed %}
+                pretix does not allow deleting orders once they have been placed in order to be audit-proof and
+                trustable by financial authorities.
+            {% endblocktrans %}
+        </p>
+        {% if request.event.live %}
+            <p>
+                {% trans "You can instead take your shop offline. This will hide it from everyone except from the organizer teams you configured to have access to the event." %}
+            </p>
+            <form action="" method="post">
+                {% csrf_token %}
+                <input type="hidden" name="live" value="false">
+
+                <div class="form-group submit-group">
+                    <button type="submit" class="btn btn-primary btn-save">
+                        {% trans "Go offline" %}
+                    </button>
+                </div>
+            </form>
+        {% else %}
+            <p>
+                {% trans "However, since your shop is offline, it is only visible to the organizing team according to the permissions you configured." %}
+            </p>
+        {% endif %}
+    {% endif %}
+{% endblock %}

src/pretix/control/templates/pretixcontrol/event/settings.html

@@ -78,6 +78,10 @@
             <button type="submit" class="btn btn-primary btn-save">
                 {% trans "Save" %}
             </button>
+            <a href="{% url "control:event.delete" organizer=request.organizer.slug event=request.event.slug %}"
+                    class="btn {% if request.event.allow_delete %}{% endif %} btn-danger btn-lg pull-left">
+                {% trans "Delete event" %}
+            </a>
         </div>
     </form>
 {% endblock %}

src/pretix/control/urls.py

@@ -66,6 +66,7 @@ urlpatterns = [
         url(r'^$', dashboards.event_index, name='event.index'),
         url(r'^live/$', event.EventLive.as_view(), name='event.live'),
         url(r'^logs/$', event.EventLog.as_view(), name='event.log'),
+        url(r'^delete/$', event.EventDelete.as_view(), name='event.delete'),
         url(r'^requiredactions/$', event.EventActions.as_view(), name='event.requiredactions'),
         url(r'^requiredactions/(?P<id>\d+)/discard$', event.EventActionDiscard.as_view(),
             name='event.requiredaction.discard'),

src/pretix/control/views/event.py

@@ -9,6 +9,7 @@ from django.contrib.contenttypes.models import ContentType
 from django.core.files import File
 from django.core.urlresolvers import reverse
 from django.db import transaction
+from django.db.models import ProtectedError
 from django.http import (
     Http404, HttpResponse, HttpResponseBadRequest, HttpResponseNotAllowed,
     JsonResponse,
@@ -34,8 +35,8 @@ from pretix.base.services import tickets
 from pretix.base.services.invoices import build_preview_invoice_pdf
 from pretix.base.signals import event_live_issues, register_ticket_outputs
 from pretix.control.forms.event import (
-    CommentForm, DisplaySettingsForm, EventMetaValueForm, EventSettingsForm,
-    EventUpdateForm, InvoiceSettingsForm, MailSettingsForm,
+    CommentForm, DisplaySettingsForm, EventDeleteForm, EventMetaValueForm,
+    EventSettingsForm, EventUpdateForm, InvoiceSettingsForm, MailSettingsForm,
     PaymentSettingsForm, ProviderForm, TaxRuleForm, TicketSettingsForm,
     WidgetCodeForm,
 )
@@ -786,6 +787,48 @@ class EventLive(EventPermissionRequiredMixin, TemplateView):
         })
 
 
+class EventDelete(EventPermissionRequiredMixin, FormView):
+    permission = 'can_change_event_settings'
+    template_name = 'pretixcontrol/event/delete.html'
+    form_class = EventDeleteForm
+
+    def post(self, request, *args, **kwargs):
+        if not self.request.event.allow_delete():
+            messages.error(self.request, _('This event can not be deleted.'))
+            return self.get(self.request, *self.args, **self.kwargs)
+        return super().post(request, *args, **kwargs)
+
+    def get_form_kwargs(self):
+        kwargs = super().get_form_kwargs()
+        kwargs['user'] = self.request.user
+        kwargs['event'] = self.request.event
+        return kwargs
+
+    def form_valid(self, form):
+        try:
+            with transaction.atomic():
+                self.request.organizer.log_action(
+                    'pretix.event.deleted', user=self.request.user,
+                    data={
+                        'event_id': self.request.event.pk,
+                        'name': str(self.request.event.name),
+                        'logentries': list(self.request.event.logentry_set.values_list('pk', flat=True))
+                    }
+                )
+                self.request.event.items.all().delete()
+                self.request.event.subevents.all().delete()
+                self.request.event.delete()
+            messages.success(self.request, _('The event has been deleted.'))
+            return redirect(self.get_success_url())
+        except ProtectedError:
+            messages.error(self.request, _('The event could not be deleted as some constraints (e.g. data created by '
+                                           'plug-ins) do not allow it.'))
+            return self.get(self.request, *self.args, **self.kwargs)
+
+    def get_success_url(self) -> str:
+        return reverse('control:index')
+
+
 class EventLog(EventPermissionRequiredMixin, ListView):
     template_name = 'pretixcontrol/event/logs.html'
     model = LogEntry