diff --git a/app/api/users.py b/app/api/users.py index bb9d0c04c9..499bb8e811 100644 --- a/app/api/users.py +++ b/app/api/users.py @@ -1,8 +1,10 @@ import base64 +import logging from flask import Blueprint, abort, jsonify, make_response, request from flask_jwt_extended import current_user, verify_fresh_jwt_in_request from flask_rest_jsonapi import ResourceDetail, ResourceList, ResourceRelationship +from sqlalchemy import or_ from sqlalchemy.orm.exc import NoResultFound from app.api.bootstrap import api @@ -31,6 +33,7 @@ from app.models.feedback import Feedback from app.models.mail import PASSWORD_RESET_AND_VERIFY, USER_REGISTER_WITH_PASSWORD from app.models.notification import Notification +from app.models.order import Order from app.models.session import Session from app.models.speaker import Speaker from app.models.ticket_holder import TicketHolder @@ -38,6 +41,8 @@ from app.models.users_events_role import UsersEventsRoles from app.settings import get_settings +logger = logging.getLogger(__name__) + user_misc_routes = Blueprint('user_misc', __name__, url_prefix='/v1') @@ -284,7 +289,26 @@ def before_update_object(self, user, data, view_kwargs): {'source': ''}, "Users associated with events cannot be deleted", ) - if len(user.orders) != 0: + # TODO(Areeb): Deduplicate the query. Present in video stream model as well + order_exists = db.session.query( + TicketHolder.query.filter_by(user=user) + .join(Order) + .filter( + or_( + Order.status == 'completed', + Order.status == 'placed', + Order.status == 'initializing', + Order.status == 'pending', + ) + ) + .exists() + ).scalar() + # If any pending or completed order exists, we cannot delete the user + if order_exists: + logger.warning( + 'User %s has pending or completed orders, hence cannot be deleted', + user, + ) raise ForbiddenError( {'source': ''}, "Users associated with orders cannot be deleted",