From 3f51a11ab6ba41a1105ca599397ccc3aabd8579e Mon Sep 17 00:00:00 2001
From: iamareebjamal <jamal.areeb@gmail.com>
Date: Sun, 15 Nov 2020 17:45:44 +0530
Subject: [PATCH] fix: Check non-deleted events before user deletion

---
 app/api/users.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/api/users.py b/app/api/users.py
index ece3c935fa..bbf1dcc238 100644
--- a/app/api/users.py
+++ b/app/api/users.py
@@ -276,7 +276,13 @@ def before_update_object(self, user, data, view_kwargs):
         if data.get('deleted_at') != user.deleted_at:
             if has_access('is_user_itself', user_id=user.id) or has_access('is_admin'):
                 if data.get('deleted_at'):
-                    if len(user.events) != 0:
+                    event_exists = db.session.query(
+                        Event.query.filter_by(deleted_at=None)
+                        .join(Event.users)
+                        .filter(User.id == user.id)
+                        .exists()
+                    ).scalar()
+                    if event_exists:
                         raise ForbiddenError(
                             {'source': ''},
                             "Users associated with events cannot be deleted",