add admin user account deletion

this adds a section to the admin user view to delete the account and a
handler to process the request.

admin.go

@@ -123,6 +123,7 @@ func handleViewAdminUsers(app *App, u *User, w http.ResponseWriter, r *http.Requ
 		*UserPage
 		Config  config.AppCfg
 		Message string
+		Flashes []string
 
 		Users      *[]User
 		CurPage    int
@@ -134,6 +135,7 @@ func handleViewAdminUsers(app *App, u *User, w http.ResponseWriter, r *http.Requ
 		Message:  r.FormValue("m"),
 	}
 
+	p.Flashes, _ = getSessionFlashes(app, w, r, nil)
 	p.TotalUsers = app.db.GetAllUsersCount()
 	ttlPages := p.TotalUsers / adminUsersPerPage
 	p.TotalPages = []int{}
@@ -230,6 +232,37 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 	return nil
 }
 
+func handleAdminDeleteUser(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
+	if !u.IsAdmin() {
+		return impart.HTTPError{http.StatusForbidden, "Administrator privileges required for this action"}
+	}
+
+	vars := mux.Vars(r)
+	username := vars["username"]
+	confirmUsername := r.PostFormValue("confirm-username")
+
+	if confirmUsername != username {
+		return impart.HTTPError{http.StatusBadRequest, "Username was not confirmed"}
+	}
+
+	user, err := app.db.GetUserForAuth(username)
+	if err == ErrUserNotFound {
+		return impart.HTTPError{http.StatusNotFound, fmt.Sprintf("User '%s' was not found", username)}
+	} else if err != nil {
+		log.Error("get user for deletion: %v", err)
+		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user with username '%s': %v", username, err)}
+	}
+
+	err = app.db.DeleteAccount(user.ID)
+	if err != nil {
+		log.Error("delete user %s: %v", user.Username, err)
+		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not delete user account for '%s': %v", username, err)}
+	}
+
+	_ = addSessionFlash(app, w, r, fmt.Sprintf("Account for user \"%s\" was deleted successfully.", username), nil)
+	return impart.HTTPError{http.StatusFound, "/admin/users"}
+}
+
 func handleViewAdminPages(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
 	p := struct {
 		*UserPage

routes.go

@@ -144,6 +144,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	write.HandleFunc("/admin", handler.Admin(handleViewAdminDash)).Methods("GET")
 	write.HandleFunc("/admin/users", handler.Admin(handleViewAdminUsers)).Methods("GET")
 	write.HandleFunc("/admin/user/{username}", handler.Admin(handleViewAdminUser)).Methods("GET")
+	write.HandleFunc("/admin/user/{username}/delete", handler.Admin(handleAdminDeleteUser)).Methods("POST")
 	write.HandleFunc("/admin/pages", handler.Admin(handleViewAdminPages)).Methods("GET")
 	write.HandleFunc("/admin/page/{slug}", handler.Admin(handleViewAdminPage)).Methods("GET")
 	write.HandleFunc("/admin/update/config", handler.AdminApper(handleAdminUpdateConfig)).Methods("POST")

templates/user/admin/users.tmpl

@@ -4,6 +4,12 @@
 <div class="snug content-container">
 	{{template "admin-header" .}}
 
+	<!-- TODO: if other use for flashes use patern like account_import.go -->
+	{{if .Flashes}}
+		<p class="alert success">
+		{{range .Flashes}}{{.}}{{end}}
+		</p>
+	{{end}}
 	<h2 id="posts-header" style="display: flex; justify-content: space-between;">Users <span style="font-style: italic; font-size: 0.75em;">{{.TotalUsers}} total</strong></h2>
 
 	<table class="classy export" style="width:100%">

templates/user/admin/view-user.tmpl

@@ -81,6 +81,18 @@ h3 {
 		{{end}}
 	</table>
 	{{end}}
+
+	{{ if not .User.IsAdmin }}
+	<hr/>
+	<h2>Delete Account</h2>
+	<h3><strong>Danger Zone - This cannot be undone</strong></h3>
+	<p>This will delete the user {{.User.Username}} and all their blogs AND posts.</p>
+	<form action="/admin/user/{{.User.Username}}/delete" method="post">
+		<p>Type their username to confirm deletion.<p>
+		<input name="confirm-username" type="text" title="confirm username to delete" placeholder="confirm username">
+		<input class="danger" type="submit" value="DELETE">
+	</form>
+	{{end}}
 </div>
 
 {{template "footer" .}}