Solving the issue for disable account deletion in the Account MFE

Hi!

I am trying to contribute with this issue There is no way to disable account deletion in the Account MFE #189 , but i am new to the openEdx platform, so please let me know if I say something wrong in here.

I did study the relevant code for the problem, and started with a PR for the MFE:
PR: Allow disable account deletion #817

This will just hide the option to delete the account on the front-end, what for me does not looks like a definitive solution.

Assuming that the PR is OK, i would like to propose a update on the endpoint. (I still don’t know how the build process, and if is need some communication on build the front-end application using the ENABLE_ACCOUNT_DELETION feature)

The way it works in both cases (legacy account view and MFE account page) is making a request to the same endpoint, with the users password, going to this view. The view does not check the ENABLE_ACCOUNT_DELETION feature.

My propose is to check this feature returning a forbidden HTTP status in case that account deletion is not allowed (should have a message also?).

I did not see another use besides this for the view, but i may be wrong.

So should i make this change in the code or there is some thing else that I am not seeing?

Thank you, have a nice week!

If I understand correctly, you are noting that if ENABLE_ACCOUNT_DELETION is toggled off, then:

1. The MFE should respect this and not allow for this, and
2. The backend should protect against this server-side to protect the API.

Both of these sound reasonable to me. I’ll also pass this along to the owning team.

Hi @Jonas and welcome to the forums!

I am not involved with this area of the code but wish to welcome you and say keep up the good work.

Hi @Jonas thank you for your contribution. Yes, you are right, our current API doesn’t have check to disable account deletion. I have created this issue in edx-platform and we’ll merge this PR soon