5 files changed, 53 insertions, 6 deletions
diff --git a/src/backend/merchant.conf b/src/backend/merchant.conf
index 4aac2dab..6a0cc53e 100644
--- a/src/backend/merchant.conf
+++ b/src/backend/merchant.conf
@@ -17,6 +17,10 @@ PORT = 9966
 # if left empty.  Only used if "SERVE" is 'tcp'.
 # BIND_TO =
 
+# How long do we keep contract / payment information around after the
+# purchase (for tax records and other legal reasons).
+LEGAL_PRESERVATION = 11 years
+
 
 # Which unix domain path should we bind to? Only used if "SERVE" is 'unix'.
 UNIXPATH = ${TALER_RUNTIME_DIR}/merchant.http
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
index 7406d1fc..f11d18ca 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -74,6 +74,13 @@ struct TALER_MERCHANTDB_Plugin *TMH_db;
 struct GNUNET_CONTAINER_MultiHashMap *TMH_by_id_map;
 
 /**
+ * How long do we need to keep information on paid contracts on file for tax
+ * or other legal reasons?  Used to block deletions for younger transaction
+ * data.
+ */
+struct GNUNET_TIME_Relative TMH_legal_expiration;
+
+/**
  * The port we are running on
  */
 static uint16_t port;
@@ -1189,6 +1196,18 @@ run (void *cls,
     GNUNET_SCHEDULER_shutdown ();
     return;
   }
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_time (cfg,
+                                           "merchant",
+                                           "LEGAL_PRESERVATION",
+                                           &TMH_legal_expiration))
+  {
+    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+                               "merchant",
+                               "LEGAL_PRESERVATION");
+    GNUNET_SCHEDULER_shutdown ();
+    return;
+  }
   if (GNUNET_YES ==
       GNUNET_CONFIGURATION_get_value_yesno (cfg,
                                             "merchant",
diff --git a/src/backend/taler-merchant-httpd.h b/src/backend/taler-merchant-httpd.h
index a6867e24..ceb7dfe2 100644
--- a/src/backend/taler-merchant-httpd.h
+++ b/src/backend/taler-merchant-httpd.h
@@ -353,6 +353,14 @@ extern struct TALER_MERCHANTDB_Plugin *TMH_db;
 extern struct GNUNET_CONTAINER_MultiHashMap *TMH_by_id_map;
 
 /**
+ * How long do we need to keep information on paid contracts on file for tax
+ * or other legal reasons?  Used to block deletions for younger transaction
+ * data.
+ */
+extern struct GNUNET_TIME_Relative TMH_legal_expiration;
+
+
+/**
  * Kick MHD to run now, to be called after MHD_resume_connection().
  * Basically, we need to explicitly resume MHD's event loop whenever
  * we made progress serving a request.  This function re-schedules
diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-claim.c b/src/backend/taler-merchant-httpd_post-orders-ID-claim.c
index e58a73c5..6b3a9229 100644
--- a/src/backend/taler-merchant-httpd_post-orders-ID-claim.c
+++ b/src/backend/taler-merchant-httpd_post-orders-ID-claim.c
@@ -31,7 +31,7 @@
 
 
 /**
- * How often do we retry the simple INSERT database transaction?
+ * How often do we retry the database transaction?
  */
 #define MAX_RETRIES 3
 
@@ -103,7 +103,17 @@ claim_order (const char *instance_id,
       *contract_terms = NULL;
       return qs;
     }
-    // FIXME: should we remove the ORDER from the order table here?
+    qs = TMH_db->delete_order (TMH_db->cls,
+                               instance_id,
+                               order_id);
+    if (0 >= qs)
+    {
+      GNUNET_break (0);
+      TMH_db->rollback (TMH_db->cls);
+      json_decref (*contract_terms);
+      *contract_terms = NULL;
+      return qs;
+    }
     qs = TMH_db->commit (TMH_db->cls);
     if (0 > qs)
       return qs;
diff --git a/src/backend/taler-merchant-httpd_private-delete-orders-ID.c b/src/backend/taler-merchant-httpd_private-delete-orders-ID.c
index f699bdc0..73994327 100644
--- a/src/backend/taler-merchant-httpd_private-delete-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_private-delete-orders-ID.c
@@ -40,13 +40,14 @@ TMH_private_delete_orders_ID (const struct TMH_RequestHandler *rh,
   enum GNUNET_DB_QueryStatus qs;
 
   GNUNET_assert (NULL != mi);
-  // FIXME: do we delete ORDERS or (claimed) contract_terms?
-  // FIXME: what SHOULD be the semantics here?
-  // NOTE: We MAY need the delete_order() DB API to
-  //       clean up the order table when claiming orders...
   qs = TMH_db->delete_order (TMH_db->cls,
                              mi->settings.id,
                              hc->infix);
+  if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
+    qs = TMH_db->delete_contract_terms (TMH_db->cls,
+                                        mi->settings.id,
+                                        hc->infix,
+                                        TMH_legal_expiration);
   switch (qs)
   {
   case GNUNET_DB_STATUS_HARD_ERROR:
@@ -66,6 +67,11 @@ TMH_private_delete_orders_ID (const struct TMH_RequestHandler *rh,
                                hc->infix,
                                NULL);
     if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
+      qs = TMH_db->lookup_contract_terms (TMH_db->cls,
+                                          mi->settings.id,
+                                          hc->infix,
+                                          NULL);
+    if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
       return TALER_MHD_reply_with_error (connection,
                                          MHD_HTTP_NOT_FOUND,
                                          TALER_EC_ORDERS_DELETE_NO_SUCH_ORDER,