deletes_controller.rb 1.2 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152
  1. # frozen_string_literal: true
  2. class Settings::DeletesController < Settings::BaseController
  3. layout 'admin'
  4. before_action :check_enabled_deletion
  5. before_action :authenticate_user!
  6. before_action :require_not_suspended!
  7. skip_before_action :require_functional!
  8. def show
  9. @confirmation = Form::DeleteConfirmation.new
  10. end
  11. def destroy
  12. if challenge_passed?
  13. destroy_account!
  14. redirect_to new_user_session_path, notice: I18n.t('deletes.success_msg')
  15. else
  16. redirect_to settings_delete_path, alert: I18n.t('deletes.challenge_not_passed')
  17. end
  18. end
  19. private
  20. def check_enabled_deletion
  21. redirect_to root_path unless Setting.open_deletion
  22. end
  23. def resource_params
  24. params.require(:form_delete_confirmation).permit(:password, :username)
  25. end
  26. def require_not_suspended!
  27. forbidden if current_account.suspended?
  28. end
  29. def challenge_passed?
  30. if current_user.encrypted_password.blank?
  31. current_account.username == resource_params[:username]
  32. else
  33. current_user.valid_password?(resource_params[:password])
  34. end
  35. end
  36. def destroy_account!
  37. current_account.suspend!
  38. Admin::SuspensionWorker.perform_async(current_user.account_id, true)
  39. sign_out
  40. end
  41. end