Allow the user to delete their own account

app/controllers/users_controller.rb

@@ -1,6 +1,6 @@
 class UsersController < ApplicationController
 
-  before_action :admin_login_required, :only => [ :index, :show, :destroy ]
+  before_action :admin_login_required, :only => [ :index, :show ]
   skip_before_action :login_required, :only => [ :new, :create ]
   prepend_before_action :login_optional, :only => [ :new, :create ]
 
@@ -103,7 +103,7 @@ class UsersController < ApplicationController
       end
       format.xml do
         unless current_user && current_user.is_admin
-          render :body => "401 Unauthorized: Only admin users are allowed access to this function.", :status => 401
+          render :body => t('errors.user_unauthorized'), :status => 401
           return
         end
         unless check_create_user_params
@@ -131,7 +131,15 @@ class UsersController < ApplicationController
   # DELETE /users/id DELETE /users/id.xml
   def destroy
     @deleted_user = User.find(params[:id])
+    unless current_user && (current_user.is_admin || current_user == @deleted_user)
+      render :body => t('errors.user_unauthorized'), :status => 401
+      return
+    end
+
     @saved = @deleted_user.destroy
+    if current_user == @deleted_user
+      logout_user
+    end
     @total_users = User.count
 
     respond_to do |format|
@@ -141,10 +149,16 @@ class UsersController < ApplicationController
         else
           notify :error, t('users.failed_to_delete_user', :username => @deleted_user.login)
         end
-        redirect_to users_url
+        if current_user == @deleted_user
+          redirect_to login
+        else
+          redirect_to users_url
+        end
       end
       format.js
-      format.xml { head :ok }
+      format.xml do
+        head :ok
+      end
     end
   end
 

app/helpers/preferences_helper.rb

@@ -18,4 +18,14 @@ module PreferencesHelper
     pref(model, pref_name) { text_field(model, pref_name, class: "form-control") }
   end
 
+  def profile_delete_user(user)
+    return link_to(
+      t('users.destroy_user'),
+      url_for({:controller => 'users', :action => 'destroy', :id => user.id}),
+      {:id => "delete_user_#{user.id}",
+        :class => "delete_user_button btn btn-danger",
+        :title => t('users.destroy_user'),
+        :x_confirm_message => t('users.destroy_confirmation', :login => user.login)
+      })
+  end
 end

app/views/preferences/_remove_account.html.erb

@@ -0,0 +1,4 @@
+<p><%= t 'preferences.remove_introduction' %></p>
+<div class="form-group">
+  <%= profile_delete_user(@user) %>
+</div>

app/views/preferences/index.html.erb

@@ -21,16 +21,20 @@
           <li role="presentation">
             <%= link_to t('preferences.tabs.tracks_behavior'), "#behavior", data: { toggle: "tab" } %>
           </li>
+          <li role="presentation">
+            <%= link_to t('preferences.tabs.remove_account'), "#remove_account", data: { toggle: "tab" } %>
+          </li>
         </ul>
         <div class="tab-content">
           <div role="tabpanel" class="tab-pane active" id="profile"><%= render :partial => 'profile'%></div>
           <div role="tabpanel" class="tab-pane" id="authentication"><%= render :partial => 'authentication'%></div>
           <div role="tabpanel" class="tab-pane" id="date_and_time"><%= render :partial => 'date_and_time'%></div>
           <div role="tabpanel" class="tab-pane" id="behavior"><%= render :partial => 'tracks_behavior'%></div>
+          <div role="tabpanel" class="tab-pane" id="remove_account"><%= render :partial => 'remove_account'%></div>
+        </div>
+        <div class="btn-group" role="group" aria-label="Basic example">
+          <button type="submit" id="prefs_submit" class="btn btn-default"><%= t('common.update') %></button>
         </div>
-
-        <button type="submit" id="prefs_submit" class="btn btn-default"><%= t('common.update') %></button>
-
       <% end %>
     </div>
   </div>

config/locales/en.yml

@@ -821,11 +821,13 @@ en:
     authentication_header: Your authentication
     current_authentication_type: Your authentication type is %{auth_type}
     change_authentication_type: Change your authentication type
+    remove_introduction: You can remove your user account here. Note that this is irreversible and will remove all your data! After removal you will be logged out.
     tabs:
       authentication: Authentication
       tracks_behavior: Tracks behavior
       profile: Profile
       date_and_time: Date and time
+      remove_account: Remove account
     generate_new_token_confirm: Are you sure? Generating a new token will replace the existing one and break any external usages of this token.
   data:
     import_successful: Import was successful.

config/routes.rb

@@ -106,7 +106,7 @@ Rails.application.routes.draw do
   # This means the controller action needs to parse the extension and set format/content type
   # Needed for /todos/tag/first.last.m to work
   get 'todos/tag/:name' => 'todos#tag', :as => :tag, :format => false, :name => /.*/
-  
+
   get 'attachments/:id/:filename' => "todos#attachment"
   get 'tags.autocomplete' => "todos#tags", :format => 'autocomplete'
   get 'todos/done/tag/:name' => "todos#done_tag", :as => :done_tag

lib/login_system.rb

@@ -222,6 +222,7 @@ private
   def redirect_to_login
     respond_to do |format|
       format.html { redirect_to login_path }
+      format.js { render js: "redirect_to('" + login_path + "')" }
       format.m { redirect_to login_path(:format => 'm') }
     end
   end