tootlab-mastodon/app/controllers/settings/deletes_controller.rb

# frozen_string_literal: true

class Settings::DeletesController < Settings::BaseController
  layout 'admin'

  before_action :check_enabled_deletion
  before_action :authenticate_user!
  before_action :require_not_suspended!

  skip_before_action :require_functional!

  def show
    @confirmation = Form::DeleteConfirmation.new
  end

  def destroy
    if current_user.valid_password?(delete_params[:password])
      Admin::SuspensionWorker.perform_async(current_user.account_id, true)
      sign_out
      redirect_to new_user_session_path, notice: I18n.t('deletes.success_msg')
    else
      redirect_to settings_delete_path, alert: I18n.t('deletes.bad_password_msg')
    end
  end

  private

  def check_enabled_deletion
    redirect_to root_path unless Setting.open_deletion
  end

  def delete_params
    params.require(:form_delete_confirmation).permit(:password)
  end

  def require_not_suspended!
    forbidden if current_account.suspended?
  end
end
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search 2017-06-14 12:01:27 -04:00			`# frozen_string_literal: true`

Finalized theme loading and stuff 2017-11-21 01:13:37 -05:00			`class Settings::DeletesController < Settings::BaseController`
Revert some refactoring in order to make codebase closer to upstream 2019-07-23 04:30:24 -04:00			`layout 'admin'`
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search 2017-06-14 12:01:27 -04:00
Revert some refactoring in order to make codebase closer to upstream 2019-07-23 04:30:24 -04:00			`before_action :check_enabled_deletion`
			`before_action :authenticate_user!`
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication. 2019-07-22 04:48:50 -04:00			`before_action :require_not_suspended!`

			`skip_before_action :require_functional!`
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search 2017-06-14 12:01:27 -04:00
			`def show`
			`@confirmation = Form::DeleteConfirmation.new`
			`end`

			`def destroy`
			`if current_user.valid_password?(delete_params[:password])`
			`Admin::SuspensionWorker.perform_async(current_user.account_id, true)`
			`sign_out`
			`redirect_to new_user_session_path, notice: I18n.t('deletes.success_msg')`
			`else`
			`redirect_to settings_delete_path, alert: I18n.t('deletes.bad_password_msg')`
			`end`
			`end`

			`private`

setting-for-account-deletable (#3852) 2017-06-19 09:12:31 -04:00			`def check_enabled_deletion`
			`redirect_to root_path unless Setting.open_deletion`
			`end`

Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search 2017-06-14 12:01:27 -04:00			`def delete_params`
Fix account delete form not accepting password, update suspended (#3745) account before removing content for quicker feedback to end-users 2017-06-14 14:30:12 -04:00			`params.require(:form_delete_confirmation).permit(:password)`
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search 2017-06-14 12:01:27 -04:00			`end`
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication. 2019-07-22 04:48:50 -04:00
			`def require_not_suspended!`
			`forbidden if current_account.suspended?`
			`end`
Account deletion (#3728) * Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from search 2017-06-14 12:01:27 -04:00			`end`