From c3e9c414408a8c9c2806af12e659e395c605496f Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Mon, 28 May 2018 16:20:08 +0200 Subject: [MM-1915] Add Deactivate Account - server side (#8699) --- api4/user.go | 13 +++++++++++++ api4/user_test.go | 15 +++++++++++++++ 2 files changed, 28 insertions(+) (limited to 'api4') diff --git a/api4/user.go b/api4/user.go index 2a539a551..ea90d2127 100644 --- a/api4/user.go +++ b/api4/user.go @@ -713,6 +713,12 @@ func updateUserActive(c *Context, w http.ResponseWriter, r *http.Request) { return } + // if EnableUserDeactivation flag is disabled the user cannot deactivate himself. + if isSelfDeactive && !*c.App.GetConfig().TeamSettings.EnableUserDeactivation { + c.Err = model.NewAppError("updateUserActive", "api.user.update_active.not_enable.app_error", nil, "userId="+c.Params.UserId, http.StatusUnauthorized) + return + } + var user *model.User var err *model.AppError @@ -725,6 +731,13 @@ func updateUserActive(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = err } else { c.LogAuditWithUserId(user.Id, fmt.Sprintf("active=%v", active)) + if isSelfDeactive { + c.App.Go(func() { + if err = c.App.SendDeactivateAccountEmail(user.Email, user.Locale, c.App.GetSiteURL()); err != nil { + mlog.Error(err.Error()) + } + }) + } ReturnStatusOK(w) } } diff --git a/api4/user_test.go b/api4/user_test.go index 4851f139e..593208c92 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -1198,6 +1198,12 @@ func TestUpdateUserActive(t *testing.T) { SystemAdminClient := th.SystemAdminClient user := th.BasicUser + EnableUserDeactivation := th.App.Config().TeamSettings.EnableUserDeactivation + defer func() { + th.App.UpdateConfig(func(cfg *model.Config) { cfg.TeamSettings.EnableUserDeactivation = EnableUserDeactivation }) + }() + + th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableUserDeactivation = true }) pass, resp := Client.UpdateUserActive(user.Id, false) CheckNoError(t, resp) @@ -1205,6 +1211,15 @@ func TestUpdateUserActive(t *testing.T) { t.Fatal("should have returned true") } + th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableUserDeactivation = false }) + pass, resp = Client.UpdateUserActive(user.Id, false) + CheckUnauthorizedStatus(t, resp) + + if pass { + t.Fatal("should have returned false") + } + + th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableUserDeactivation = true }) pass, resp = Client.UpdateUserActive(user.Id, false) CheckUnauthorizedStatus(t, resp) -- cgit v1.2.3-1-g7c22