From 28f0c4f131b02ab67bd9c254f9853168ec6a5b65 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 15 Apr 2012 14:31:54 +0000
Subject: Adds the ability for users to delete their own account (#10664). Can
 be disabled in application settings.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9417 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/account_controller.rb     |  8 --------
 app/controllers/application_controller.rb |  9 +++++++++
 app/controllers/my_controller.rb          | 18 ++++++++++++++++++
 3 files changed, 27 insertions(+), 8 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 3874d2d89..926e04499 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -131,14 +131,6 @@ class AccountController < ApplicationController
 
   private
 
-  def logout_user
-    if User.current.logged?
-      cookies.delete :autologin
-      Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
-      self.logged_user = nil
-    end
-  end
-
   def authenticate_user
     if Setting.openid? && using_open_id?
       open_id_authenticate(params[:openid_url])
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5ac72cc70..0ecc04fcb 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -126,6 +126,15 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  # Logs out current user
+  def logout_user
+    if User.current.logged?
+      cookies.delete :autologin
+      Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
+      self.logged_user = nil
+    end
+  end
+
   # check if login is globally required to access the application
   def check_if_login_required
     # no check needed if user is already logged in
diff --git a/app/controllers/my_controller.rb b/app/controllers/my_controller.rb
index cdf0182de..b3c975b78 100644
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -65,6 +65,24 @@ class MyController < ApplicationController
     end
   end
 
+  # Destroys user's account
+  def destroy
+    @user = User.current
+    unless @user.own_account_deletable?
+      redirect_to :action => 'account'
+      return
+    end
+
+    if request.post? && params[:confirm]
+      @user.destroy
+      if @user.destroyed?
+        logout_user
+        flash[:notice] = l(:notice_account_deleted)
+      end
+      redirect_to home_path
+    end
+  end
+
   # Manage user's password
   def password
     @user = User.current
-- 
cgit v1.2.3