diff options
| author |  Marien Fressinaud <dev@marienfressinaud.fr>
| 2015-07-22 14:22:26 +0200 |
|---|---|---|
| committer | Marien Fressinaud <dev@marienfressinaud.fr>
| 2015-07-22 14:22:26 +0200 |
| commit | 3a929138b000a45f57b3a6c62d5cfa72b842538c (patch) | |
| tree | ef477319f976201f6836b0c051feb28d15670231 | |
| parent | 8754347a586ff595553bf00f8e70f96706760956 (diff) | |
Give possibility to delete its own account
See https://github.com/FreshRSS/FreshRSS/issues/679
| -rw-r--r-- | app/Controllers/userController.php | 17 | ||||
| -rw-r--r-- | app/views/user/profile.phtml | 22 |
2 files changed, 36 insertions, 3 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index 46f4f434d..cebfcd5ec 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -212,11 +212,15 @@ class FreshRSS_user_Controller extends Minz_ActionController { * @todo clean up this method. Idea: create a User->clean() method. */ public function deleteAction() { - if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) { + $username = Minz_Request::param('username'); + + if (Minz_Request::isPost() && ( + FreshRSS_Auth::hasAccess('admin') || + Minz_Session::param('currentUser', '_') === $username + )) { $db = FreshRSS_Context::$system_conf->db; require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php'); - $username = Minz_Request::param('username'); $ok = ctype_alnum($username); $user_data = join_path(DATA_PATH, 'users', $username); @@ -234,6 +238,9 @@ class FreshRSS_user_Controller extends Minz_ActionController { //TODO: delete Persona file } invalidateHttpCache(); + if (Minz_Session::param('currentUser', '_') === $username) { + FreshRSS_Auth::removeAccess(); + } $notif = array( 'type' => $ok ? 'good' : 'bad', @@ -242,7 +249,11 @@ class FreshRSS_user_Controller extends Minz_ActionController { Minz_Session::_param('notification', $notif); } - Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true); + $redirect_url = urldecode(Minz_Request::param('r', false, true)); + if (!$redirect_url) { + $redirect_url = array('c' => 'user', 'a' => 'manage'); + } + Minz_Request::forward($redirect_url, true); } /** diff --git a/app/views/user/profile.phtml b/app/views/user/profile.phtml index c44202edd..11097e546 100644 --- a/app/views/user/profile.phtml +++ b/app/views/user/profile.phtml @@ -57,4 +57,26 @@ </div> </div> </form> + + <?php if (!FreshRSS_Auth::hasAccess('admin')) { ?> + <form method="post" action="<?php echo _url('user', 'delete'); ?>"> + <legend><?php echo _t('conf.profile.delete'); ?></legend> + + <p class="alert alert-warn"><span class="alert-head"><?php echo _t('gen.short.attention'); ?></span> <?php echo _t('conf.profile.delete.warn'); ?></p> + + <div class="form-group form-actions"> + <div class="group-controls"> + <?php + $redirect_url = urlencode(Minz_Url::display( + array('c' => 'index', 'a' => 'index'), + 'php', true + )); + ?> + <input type="hidden" name="r" value="<?php echo $redirect_url; ?>" /> + <input type="hidden" name="username" value="<?php echo Minz_Session::param('currentUser', '_'); ?>" /> + <button type="submit" class="btn btn-attention confirm"><?php echo _t('gen.action.remove'); ?></button> + </div> + </div> + </form> + <?php } ?> </div> |