Allow the user to delete their own account

2025-09-22 05:50:47 +02:00 · 2020-08-11 01:18:10 +03:00 · 2020-08-11 01:18:10 +03:00 · 46b8d3ce9f
commit 46b8d3ce9f
parent f8cf140bf4
7 changed files with 43 additions and 8 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1,6 +1,6 @@
 class UsersController < ApplicationController

-  before_action :admin_login_required, :only => [ :index, :show, :destroy ]
+  before_action :admin_login_required, :only => [ :index, :show ]
  skip_before_action :login_required, :only => [ :new, :create ]
  prepend_before_action :login_optional, :only => [ :new, :create ]

@ -103,7 +103,7 @@ class UsersController < ApplicationController
      end
      format.xml do
        unless current_user && current_user.is_admin
-          render :body => "401 Unauthorized: Only admin users are allowed access to this function.", :status => 401
+          render :body => t('errors.user_unauthorized'), :status => 401
          return
        end
        unless check_create_user_params
@ -131,7 +131,15 @@ class UsersController < ApplicationController
  # DELETE /users/id DELETE /users/id.xml
  def destroy
    @deleted_user = User.find(params[:id])
+    unless current_user && (current_user.is_admin || current_user == @deleted_user)
+      render :body => t('errors.user_unauthorized'), :status => 401
+      return
+    end
+
    @saved = @deleted_user.destroy
+    if current_user == @deleted_user
+      logout_user
+    end
    @total_users = User.count

    respond_to do |format|
@ -141,10 +149,16 @@ class UsersController < ApplicationController
        else
          notify :error, t('users.failed_to_delete_user', :username => @deleted_user.login)
        end
+        if current_user == @deleted_user
+          redirect_to login
+        else
          redirect_to users_url
        end
+      end
      format.js
-      format.xml { head :ok }
+      format.xml do
+        head :ok
+      end
    end
  end

--- a/app/helpers/preferences_helper.rb
+++ b/app/helpers/preferences_helper.rb
@ -18,4 +18,14 @@ module PreferencesHelper
    pref(model, pref_name) { text_field(model, pref_name, class: "form-control") }
  end

+  def profile_delete_user(user)
+    return link_to(
+      t('users.destroy_user'),
+      url_for({:controller => 'users', :action => 'destroy', :id => user.id}),
+      {:id => "delete_user_#{user.id}",
+        :class => "delete_user_button btn btn-danger",
+        :title => t('users.destroy_user'),
+        :x_confirm_message => t('users.destroy_confirmation', :login => user.login)
+      })
+  end
 end
--- a/app/views/preferences/_remove_account.html.erb
+++ b/app/views/preferences/_remove_account.html.erb
@ -0,0 +1,4 @@
+<p><%= t 'preferences.remove_introduction' %></p>
+<div class="form-group">
+  <%= profile_delete_user(@user) %>
+</div>
--- a/app/views/preferences/index.html.erb
+++ b/app/views/preferences/index.html.erb
@ -21,16 +21,20 @@
          <li role="presentation">
            <%= link_to t('preferences.tabs.tracks_behavior'), "#behavior", data: { toggle: "tab" } %>
          </li>
+          <li role="presentation">
+            <%= link_to t('preferences.tabs.remove_account'), "#remove_account", data: { toggle: "tab" } %>
+          </li>
        </ul>
        <div class="tab-content">
          <div role="tabpanel" class="tab-pane active" id="profile"><%= render :partial => 'profile'%></div>
          <div role="tabpanel" class="tab-pane" id="authentication"><%= render :partial => 'authentication'%></div>
          <div role="tabpanel" class="tab-pane" id="date_and_time"><%= render :partial => 'date_and_time'%></div>
          <div role="tabpanel" class="tab-pane" id="behavior"><%= render :partial => 'tracks_behavior'%></div>
+          <div role="tabpanel" class="tab-pane" id="remove_account"><%= render :partial => 'remove_account'%></div>
        </div>
-
+        <div class="btn-group" role="group" aria-label="Basic example">
          <button type="submit" id="prefs_submit" class="btn btn-default"><%= t('common.update') %></button>
-
+        </div>
      <% end %>
    </div>
  </div>
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -821,11 +821,13 @@ en:
    authentication_header: Your authentication
    current_authentication_type: Your authentication type is %{auth_type}
    change_authentication_type: Change your authentication type
+    remove_introduction: You can remove your user account here. Note that this is irreversible and will remove all your data! After removal you will be logged out.
    tabs:
      authentication: Authentication
      tracks_behavior: Tracks behavior
      profile: Profile
      date_and_time: Date and time
+      remove_account: Remove account
    generate_new_token_confirm: Are you sure? Generating a new token will replace the existing one and break any external usages of this token.
  data:
    import_successful: Import was successful.
--- a/lib/login_system.rb
+++ b/lib/login_system.rb
@ -222,6 +222,7 @@ private
  def redirect_to_login
    respond_to do |format|
      format.html { redirect_to login_path }
+      format.js { render js: "redirect_to('" + login_path + "')" }
      format.m { redirect_to login_path(:format => 'm') }
    end
  end