Make open account deletion configurable

This adds a configuration option to the [app] section: open_deletion. When
true, users can delete their account on their own.

Ref T319
pull/204/head
Matt Baer 4 years ago
parent 7c1c1218b1
commit d3d77cee54
  1. 4
      account.go
  2. 1
      admin.go
  3. 3
      config/config.go
  4. 8
      templates/user/admin/app-settings.tmpl
  5. 4
      templates/user/settings.tmpl

@ -1156,6 +1156,10 @@ func getTempInfo(app *App, key string, r *http.Request, w http.ResponseWriter) s
} }
func handleUserDelete(app *App, u *User, w http.ResponseWriter, r *http.Request) error { func handleUserDelete(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
if !app.cfg.App.OpenDeletion {
return impart.HTTPError{http.StatusForbidden, "Open account deletion is disabled on this instance."}
}
confirmUsername := r.PostFormValue("confirm-username") confirmUsername := r.PostFormValue("confirm-username")
if u.Username != confirmUsername { if u.Username != confirmUsername {
return impart.HTTPError{http.StatusBadRequest, "Confirmation username must match your username exactly."} return impart.HTTPError{http.StatusBadRequest, "Confirmation username must match your username exactly."}

@ -555,6 +555,7 @@ func handleAdminUpdateConfig(apper Apper, u *User, w http.ResponseWriter, r *htt
apper.App().cfg.App.SiteDesc = r.FormValue("site_desc") apper.App().cfg.App.SiteDesc = r.FormValue("site_desc")
apper.App().cfg.App.Landing = r.FormValue("landing") apper.App().cfg.App.Landing = r.FormValue("landing")
apper.App().cfg.App.OpenRegistration = r.FormValue("open_registration") == "on" apper.App().cfg.App.OpenRegistration = r.FormValue("open_registration") == "on"
apper.App().cfg.App.OpenDeletion = r.FormValue("open_deletion") == "on"
mul, err := strconv.Atoi(r.FormValue("min_username_len")) mul, err := strconv.Atoi(r.FormValue("min_username_len"))
if err == nil { if err == nil {
apper.App().cfg.App.MinUsernameLen = mul apper.App().cfg.App.MinUsernameLen = mul

@ -1,5 +1,5 @@
/* /*
* Copyright © 2018-2020 A Bunch Tell LLC. * Copyright © 2018-2021 A Bunch Tell LLC.
* *
* This file is part of WriteFreely. * This file is part of WriteFreely.
* *
@ -139,6 +139,7 @@ type (
// Users // Users
SingleUser bool `ini:"single_user"` SingleUser bool `ini:"single_user"`
OpenRegistration bool `ini:"open_registration"` OpenRegistration bool `ini:"open_registration"`
OpenDeletion bool `ini:"open_deletion"`
MinUsernameLen int `ini:"min_username_len"` MinUsernameLen int `ini:"min_username_len"`
MaxBlogs int `ini:"max_blogs"` MaxBlogs int `ini:"max_blogs"`

@ -75,6 +75,14 @@ select {
<div{{if .Config.SingleUser}} class="invisible"{{end}}><input type="checkbox" name="open_registration" id="open_registration" {{if .Config.OpenRegistration}}checked="checked"{{end}} /> <div{{if .Config.SingleUser}} class="invisible"{{end}}><input type="checkbox" name="open_registration" id="open_registration" {{if .Config.OpenRegistration}}checked="checked"{{end}} />
</div> </div>
</div> </div>
<div class="features row">
<div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="open_deletion">
Allow account deletion
<p>Allow all users to delete their account. Admins can always delete users.</p>
</label></div>
<div{{if .Config.SingleUser}} class="invisible"{{end}}><input type="checkbox" name="open_deletion" id="open_deletion" {{if .Config.OpenDeletion}}checked="checked"{{end}} />
</div>
</div>
<div class="features row"> <div class="features row">
<div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="user_invites"> <div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="user_invites">
Allow invitations from... Allow invitations from...

@ -158,7 +158,7 @@ h3 { font-weight: normal; }
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ if not .IsAdmin }} {{ if and .OpenDeletion (not .IsAdmin) }}
<h2>Incinerator</h2> <h2>Incinerator</h2>
<div class="alert danger"> <div class="alert danger">
<div class="row"> <div class="row">
@ -205,7 +205,7 @@ for (var i=0; i<showChecks.length; i++) {
}); });
} }
{{ if not .IsAdmin }} {{ if and .OpenDeletion (not .IsAdmin) }}
H.getEl('cancel-delete').on('click', closeModals); H.getEl('cancel-delete').on('click', closeModals);
let $confirmDelBtn = document.getElementById('confirm-delete'); let $confirmDelBtn = document.getElementById('confirm-delete');

Loading…
Cancel
Save