added account deletion

Author: appinteractive

server/services/comments/comments.hooks.js

@@ -12,6 +12,7 @@ const nullDeletedData = require('../../hooks/null-deleted-data');
 const hideDeletedData = require('../../hooks/hide-deleted-data');
 const createNotifications = require('./hooks/create-notifications');
 const createMentionNotifications = require('./hooks/create-mention-notifications');
+const isModerator = require('../../hooks/is-moderator-boolean');
 const _ = require('lodash');
 const xss = require('../../hooks/xss');
 
@@ -58,8 +59,8 @@ module.exports = {
     ],
     patch: [
       authenticate('jwt'),
-      isVerified(),
       unless(isProvider('server'),
+        isVerified(),
         unless((hook) => {
           // TODO: change that to a more sane method by going through the server with an constum service
           // only allow upvoteCount increment for non owners
@@ -79,8 +80,7 @@ module.exports = {
     ],
     remove: [
       authenticate('jwt'),
-      isVerified(),
-      unless(isProvider('server'),
+      unless(isModerator(),
         restrictToOwner()
       ),
       softDelete()

server/services/contributions/contributions.hooks.js

@@ -137,9 +137,7 @@ module.exports = {
     ],
     remove: [
       authenticate('jwt'),
-      isVerified(),
       unless(isModerator(),
-        excludeDisabled(),
         restrictToOwner()
       )
     ]

server/services/follows/follows.hooks.js

@@ -14,13 +14,16 @@ module.exports = {
       ])
     ],
     update: [
-      authenticate('jwt')
+      authenticate('jwt'),
+      hooks.restrictToOwner()
     ],
     patch: [
-      authenticate('jwt')
+      authenticate('jwt'),
+      hooks.restrictToOwner()
     ],
     remove: [
-      authenticate('jwt')
+      authenticate('jwt'),
+      hooks.restrictToOwner()
     ]
   },
 

server/services/users/hooks/remove-all-related-user-data.js

@@ -0,0 +1,66 @@
+
+const errors = require('feathers-errors');
+
+module.exports = () => {
+  return async (hook) => {
+    async function deleteData (service, query) {
+      try {
+        return await hook.app.service(service).remove(null, {query});
+      } catch (err) {
+        console.log('ERROR ON SERVICE', service);
+        throw new errors.GeneralError(err.message);
+      }
+    }
+
+    if (hook.method !== 'remove') {
+      hook.app.error('removeAllRelatedUserData hook works only on remove');
+      return hook;
+    }
+
+    const user = hook.params.user;
+    if (!user || !user._id) {
+      throw new errors.Forbidden('Forbidden');
+    }
+
+    const query = hook.params.query;
+
+    let res;
+
+    if (query.deleteContributions === true) {
+      await deleteData('contributions', {
+        userId: user._id,
+        type: 'post'
+      });
+    }
+    if (query.deleteCandos === true) {
+      await deleteData('contributions', {
+        userId: user._id,
+        type: 'cando'
+      });
+    }
+    if (query.deleteComments === true) {
+      await deleteData('comments', {
+        userId: user._id
+      });
+    }
+    // TODO: find a way to remove shouts without error
+    // await deleteData('shouts', {
+    //   userId: user._id
+    // });
+    await deleteData('users-candos', {
+      userId: user._id
+    });
+    await deleteData('notifications', {
+      userId: user._id
+    });
+    await deleteData('usersettings', {
+      userId: user._id
+    });
+    await deleteData('invites', {
+      email: user.email
+    });
+
+    // throw new errors.FeathersError('BOOOM');
+    return hook;
+  };
+};

server/services/users/users.hooks.js

@@ -11,6 +11,7 @@ const thumbnails = require('../../hooks/thumbnails');
 const inviteCode = require('./hooks/invite-code')();
 const search = require('feathers-mongodb-fuzzy-search');
 const isOwnEntry = require('./hooks/is-own-entry');
+const removeAllRelatedUserData = require('./hooks/remove-all-related-user-data');
 
 const { hashPassword } = require('feathers-authentication-local').hooks;
 
@@ -145,7 +146,11 @@ module.exports = {
       ),
       saveRemoteImages(['avatar', 'coverImg'])
     ],
-    remove: [ ...restrict, disableMultiItemChange() ]
+    remove: [
+      ...restrict,
+      disableMultiItemChange(),
+      removeAllRelatedUserData()
+    ]
   },
 
   after: {