From f9422dff18ff9c36d861537b05676807c437a14a Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Thu, 19 Oct 2023 10:48:27 +0100
Subject: [PATCH] My Account: Added self-delete flow

---
 .../Controllers/UserAccountController.php     | 27 ++++++++++++
 lang/en/preferences.php                       |  5 +++
 .../views/users/account/delete.blade.php      | 43 +++++++++++++++++++
 .../views/users/account/profile.blade.php     |  1 +
 resources/views/users/delete.blade.php        | 24 +++++------
 routes/web.php                                |  2 +
 6 files changed, 89 insertions(+), 13 deletions(-)
 create mode 100644 resources/views/users/account/delete.blade.php

diff --git a/app/Users/Controllers/UserAccountController.php b/app/Users/Controllers/UserAccountController.php
index bdd923d6d..2ff58ffac 100644
--- a/app/Users/Controllers/UserAccountController.php
+++ b/app/Users/Controllers/UserAccountController.php
@@ -191,4 +191,31 @@ class UserAccountController extends Controller
 
         return redirect('/my-account/auth');
     }
+
+    /**
+     * Show the user self-delete page.
+     */
+    public function delete()
+    {
+        $this->setPageTitle(trans('preferences.delete_my_account'));
+
+        return view('users.account.delete', [
+            'category' => 'profile',
+        ]);
+    }
+
+    /**
+     * Remove the current user from the system.
+     */
+    public function destroy(Request $request)
+    {
+        $this->preventAccessInDemoMode();
+
+        $requestNewOwnerId = intval($request->get('new_owner_id')) ?: null;
+        $newOwnerId = userCan('users-manage') ? $requestNewOwnerId : null;
+
+        $this->userRepo->destroy(user(), $newOwnerId);
+
+        return redirect('/');
+    }
 }
diff --git a/lang/en/preferences.php b/lang/en/preferences.php
index 042612662..2b88f9671 100644
--- a/lang/en/preferences.php
+++ b/lang/en/preferences.php
@@ -43,4 +43,9 @@ return [
     'profile_avatar_desc' => 'Select an image which will be used to represent yourself to others in the system. Ideally this image should be square and about 256px in width and height.',
     'profile_admin_options' => 'Administrator Options',
     'profile_admin_options_desc' => 'Additional administrator-level options, like those to manage role assignments, can be found for your user account in the "Settings > Users" area of the application.',
+
+    'delete_account' => 'Delete Account',
+    'delete_my_account' => 'Delete My Account',
+    'delete_my_account_desc' => 'This will fully delete your user account from the system. You will not be able to recover this account or revert this action. Content you\'ve created, such as created pages and uploaded images, will remain.',
+    'delete_my_account_warning' => 'Are you sure you want to delete your account?',
 ];
diff --git a/resources/views/users/account/delete.blade.php b/resources/views/users/account/delete.blade.php
new file mode 100644
index 000000000..75698d919
--- /dev/null
+++ b/resources/views/users/account/delete.blade.php
@@ -0,0 +1,43 @@
+@extends('users.account.layout')
+
+@section('main')
+
+    <div class="card content-wrap auto-height">
+        <form action="{{ url("/my-account") }}" method="POST">
+            {{ csrf_field() }}
+            {{ method_field('delete') }}
+
+
+            <h1 class="list-heading">{{ trans('preferences.delete_my_account') }}</h1>
+
+            <p>{{ trans('preferences.delete_my_account_desc') }}</p>
+
+            @if(userCan('users-manage'))
+                <hr class="my-l">
+
+                <div class="grid half gap-xl v-center">
+                    <div>
+                        <label class="setting-list-label">{{ trans('settings.users_migrate_ownership') }}</label>
+                        <p class="small">{{ trans('settings.users_migrate_ownership_desc') }}</p>
+                    </div>
+                    <div>
+                        @include('form.user-select', ['name' => 'new_owner_id', 'user' => null])
+                    </div>
+                </div>
+            @endif
+
+            <hr class="my-l">
+
+            <div class="grid half">
+                <p class="text-neg"><strong>{{ trans('preferences.delete_my_account_warning') }}</strong></p>
+                <div class="text-right">
+                    <a href="{{ url("/my-account/profile") }}"
+                       class="button outline">{{ trans('common.cancel') }}</a>
+                    <button type="submit" class="button">{{ trans('common.confirm') }}</button>
+                </div>
+            </div>
+
+        </form>
+    </div>
+
+@stop
diff --git a/resources/views/users/account/profile.blade.php b/resources/views/users/account/profile.blade.php
index 785d562e4..617c09723 100644
--- a/resources/views/users/account/profile.blade.php
+++ b/resources/views/users/account/profile.blade.php
@@ -68,6 +68,7 @@
             </div>
 
             <div class="form-group text-right">
+                <a href="{{ url('/my-account/delete') }}" class="button outline">{{ trans('preferences.delete_account') }}</a>
                 <button class="button">{{ trans('common.save') }}</button>
             </div>
 
diff --git a/resources/views/users/delete.blade.php b/resources/views/users/delete.blade.php
index b2f08b641..c927ed243 100644
--- a/resources/views/users/delete.blade.php
+++ b/resources/views/users/delete.blade.php
@@ -6,33 +6,31 @@
         @include('settings.parts.navbar', ['selected' => 'users'])
 
         <form action="{{ url("/settings/users/{$user->id}") }}" method="POST">
-            {!! csrf_field() !!}
+            {{ csrf_field() }}
+            {{ method_field('delete') }}
 
             <div class="card content-wrap auto-height">
                 <h1 class="list-heading">{{ trans('settings.users_delete') }}</h1>
 
                 <p>{{ trans('settings.users_delete_warning', ['userName' => $user->name]) }}</p>
 
-                @if(userCan('users-manage'))
-                    <hr class="my-l">
+                <hr class="my-l">
 
-                    <div class="grid half gap-xl v-center">
-                        <div>
-                            <label class="setting-list-label">{{ trans('settings.users_migrate_ownership') }}</label>
-                            <p class="small">{{ trans('settings.users_migrate_ownership_desc') }}</p>
-                        </div>
-                        <div>
-                            @include('form.user-select', ['name' => 'new_owner_id', 'user' => null])
-                        </div>
+                <div class="grid half gap-xl v-center">
+                    <div>
+                        <label class="setting-list-label">{{ trans('settings.users_migrate_ownership') }}</label>
+                        <p class="small">{{ trans('settings.users_migrate_ownership_desc') }}</p>
                     </div>
-                @endif
+                    <div>
+                        @include('form.user-select', ['name' => 'new_owner_id', 'user' => null])
+                    </div>
+                </div>
 
                 <hr class="my-l">
 
                 <div class="grid half">
                     <p class="text-neg"><strong>{{ trans('settings.users_delete_confirm') }}</strong></p>
                     <div class="text-right">
-                        <input type="hidden" name="_method" value="DELETE">
                         <a href="{{ url("/settings/users/{$user->id}") }}" class="button outline">{{ trans('common.cancel') }}</a>
                         <button type="submit" class="button">{{ trans('common.confirm') }}</button>
                     </div>
diff --git a/routes/web.php b/routes/web.php
index 16c3c3d6a..69ce5167c 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -242,6 +242,8 @@ Route::middleware('auth')->group(function () {
     Route::put('/my-account/notifications', [UserControllers\UserAccountController::class, 'updateNotifications']);
     Route::get('/my-account/auth', [UserControllers\UserAccountController::class, 'showAuth']);
     Route::put('/my-account/auth/password', [UserControllers\UserAccountController::class, 'updatePassword']);
+    Route::get('/my-account/delete', [UserControllers\UserAccountController::class, 'delete']);
+    Route::delete('/my-account', [UserControllers\UserAccountController::class, 'destroy']);
     Route::patch('/preferences/change-view/{type}', [UserControllers\UserPreferencesController::class, 'changeView']);
     Route::patch('/preferences/change-sort/{type}', [UserControllers\UserPreferencesController::class, 'changeSort']);
     Route::patch('/preferences/change-expansion/{type}', [UserControllers\UserPreferencesController::class, 'changeExpansion']);