Make open account deletion configurable

This adds a configuration option to the [app] section: open_deletion. When true, users can delete their account on their own. Ref T319
writefreely · Apr 22, 2021 · d3d77ce · d3d77ce
1 parent 7c1c121
commit d3d77ce
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 3 deletions.
diff --git a/account.go b/account.go
@@ -1156,6 +1156,10 @@ func getTempInfo(app *App, key string, r *http.Request, w http.ResponseWriter) s
 }
 
 func handleUserDelete(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
+	if !app.cfg.App.OpenDeletion {
+		return impart.HTTPError{http.StatusForbidden, "Open account deletion is disabled on this instance."}
+	}
+
 	confirmUsername := r.PostFormValue("confirm-username")
 	if u.Username != confirmUsername {
 		return impart.HTTPError{http.StatusBadRequest, "Confirmation username must match your username exactly."}

diff --git a/admin.go b/admin.go
@@ -555,6 +555,7 @@ func handleAdminUpdateConfig(apper Apper, u *User, w http.ResponseWriter, r *htt
 	apper.App().cfg.App.SiteDesc = r.FormValue("site_desc")
 	apper.App().cfg.App.Landing = r.FormValue("landing")
 	apper.App().cfg.App.OpenRegistration = r.FormValue("open_registration") == "on"
+	apper.App().cfg.App.OpenDeletion = r.FormValue("open_deletion") == "on"
 	mul, err := strconv.Atoi(r.FormValue("min_username_len"))
 	if err == nil {
 		apper.App().cfg.App.MinUsernameLen = mul

diff --git a/config/config.go b/config/config.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2018-2020 A Bunch Tell LLC.
+ * Copyright © 2018-2021 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -139,6 +139,7 @@ type (
 		// Users
 		SingleUser       bool `ini:"single_user"`
 		OpenRegistration bool `ini:"open_registration"`
+		OpenDeletion     bool `ini:"open_deletion"`
 		MinUsernameLen   int  `ini:"min_username_len"`
 		MaxBlogs         int  `ini:"max_blogs"`
 

diff --git a/templates/user/admin/app-settings.tmpl b/templates/user/admin/app-settings.tmpl
@@ -75,6 +75,14 @@ select {
 			<div{{if .Config.SingleUser}} class="invisible"{{end}}><input type="checkbox" name="open_registration" id="open_registration" {{if .Config.OpenRegistration}}checked="checked"{{end}} />
 			</div>
 		</div>
+		<div class="features row">
+			<div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="open_deletion">
+					Allow account deletion
+					<p>Allow all users to delete their account. Admins can always delete users.</p>
+				</label></div>
+			<div{{if .Config.SingleUser}} class="invisible"{{end}}><input type="checkbox" name="open_deletion" id="open_deletion" {{if .Config.OpenDeletion}}checked="checked"{{end}} />
+			</div>
+		</div>
 		<div class="features row">
 			<div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="user_invites">
 					Allow invitations from...

diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl
@@ -158,7 +158,7 @@ h3 { font-weight: normal; }
 		{{ end }}
 	{{ end }}
 
-	{{ if not .IsAdmin }}
+	{{ if and .OpenDeletion (not .IsAdmin) }}
 		<h2>Incinerator</h2>
 		<div class="alert danger">
 			<div class="row">
@@ -205,7 +205,7 @@ for (var i=0; i<showChecks.length; i++) {
 	});
 }
 
-{{ if not .IsAdmin }}
+{{ if and .OpenDeletion (not .IsAdmin) }}
 	H.getEl('cancel-delete').on('click', closeModals);
 
 	let $confirmDelBtn = document.getElementById('confirm-delete');