jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

users: move account deletion endpoint to /users/:id/deactivate.

Browse Source 
Move the account deletion endpoint from /maintenance/users/deletion to either:

* https://danbooru.donmai.us/users/deactivate
* https://danbooru.donmai.us/users/:id/deactivate

This incidentally allows the Owner-level user to deactivate accounts belonging to other users. This
is meant for things like deactivating inactive accounts with invalid or abusive names. This is
limited to accounts below Gold level for security.
This commit is contained in:
evazion
2022-11-05 18:31:49 -05:00
parent 59872d2ed5
commit 3ffde5b23d
10 changed files with 163 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
app/controllers/users_controller.rb
View File

@@ -114,6 +114,32 @@ class UsersController < ApplicationController
end
end
def deactivate
if params[:id].present?
@user = authorize User.find(params[:id])
else
@user = authorize CurrentUser.user
end
respond_with(@user)
end
def destroy
@user = authorize User.find(params[:id])
user_deletion = UserDeletion.new(user: @user, deleter: CurrentUser.user, password: params.dig(:user, :password), request: request)
user_deletion.delete!
if user_deletion.errors.none?
session.delete(:user_id)
flash[:notice] = "Your account has been deactivated"
respond_with(user_deletion, location: posts_path)
else
flash[:notice] = user_deletion.errors.full_messages.join("; ")
redirect_to deactivate_user_path(@user)
end
end
def custom_style
@custom_css = CurrentUser.user.custom_css
expires_in 10.years