Make open account deletion configurable

This adds a configuration option to the [app] section: open_deletion. When true, users can delete their account on their own. Ref T319
2024-11-10 19:34:19 +00:00 · 2021-04-22 13:13:47 -04:00 · 2021-04-22 13:13:47 -04:00 · d3d77cee54
commit d3d77cee54
parent 7c1c1218b1
5 changed files with 17 additions and 3 deletions
--- a/account.go
+++ b/account.go
@ -1156,6 +1156,10 @@ func getTempInfo(app *App, key string, r *http.Request, w http.ResponseWriter) s
 }

 func handleUserDelete(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
+	if !app.cfg.App.OpenDeletion {
+		return impart.HTTPError{http.StatusForbidden, "Open account deletion is disabled on this instance."}
+	}
+
 	confirmUsername := r.PostFormValue("confirm-username")
 	if u.Username != confirmUsername {
 		return impart.HTTPError{http.StatusBadRequest, "Confirmation username must match your username exactly."}
--- a/admin.go
+++ b/admin.go
@ -555,6 +555,7 @@ func handleAdminUpdateConfig(apper Apper, u *User, w http.ResponseWriter, r *htt
 	apper.App().cfg.App.SiteDesc = r.FormValue("site_desc")
 	apper.App().cfg.App.Landing = r.FormValue("landing")
 	apper.App().cfg.App.OpenRegistration = r.FormValue("open_registration") == "on"
+	apper.App().cfg.App.OpenDeletion = r.FormValue("open_deletion") == "on"
 	mul, err := strconv.Atoi(r.FormValue("min_username_len"))
 	if err == nil {
 		apper.App().cfg.App.MinUsernameLen = mul
--- a/config/config.go
+++ b/config/config.go
@ -1,5 +1,5 @@
 /*
- * Copyright © 2018-2020 A Bunch Tell LLC.
+ * Copyright © 2018-2021 A Bunch Tell LLC.
 *
 * This file is part of WriteFreely.
 *
@ -139,6 +139,7 @@ type (
 		// Users
 		SingleUser       bool `ini:"single_user"`
 		OpenRegistration bool `ini:"open_registration"`
+		OpenDeletion     bool `ini:"open_deletion"`
 		MinUsernameLen   int  `ini:"min_username_len"`
 		MaxBlogs         int  `ini:"max_blogs"`

--- a/templates/user/admin/app-settings.tmpl
+++ b/templates/user/admin/app-settings.tmpl
@ -75,6 +75,14 @@ select {
 			<div{{if .Config.SingleUser}} class="invisible"{{end}}><input type="checkbox" name="open_registration" id="open_registration" {{if .Config.OpenRegistration}}checked="checked"{{end}} />
 			</div>
 		</div>
+		<div class="features row">
+			<div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="open_deletion">
+					Allow account deletion
+					<p>Allow all users to delete their account. Admins can always delete users.</p>
+				</label></div>
+			<div{{if .Config.SingleUser}} class="invisible"{{end}}><input type="checkbox" name="open_deletion" id="open_deletion" {{if .Config.OpenDeletion}}checked="checked"{{end}} />
+			</div>
+		</div>
 		<div class="features row">
 			<div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="user_invites">
 					Allow invitations from...
--- a/templates/user/settings.tmpl
+++ b/templates/user/settings.tmpl
@ -158,7 +158,7 @@ h3 { font-weight: normal; }
 		{{ end }}
 	{{ end }}

-	{{ if not .IsAdmin }}
+	{{ if and .OpenDeletion (not .IsAdmin) }}
 		<h2>Incinerator</h2>
 		<div class="alert danger">
 			<div class="row">
@ -205,7 +205,7 @@ for (var i=0; i<showChecks.length; i++) {
 	});
 }

-{{ if not .IsAdmin }}
+{{ if and .OpenDeletion (not .IsAdmin) }}
 	H.getEl('cancel-delete').on('click', closeModals);

 	let $confirmDelBtn = document.getElementById('confirm-delete');