config: add DISABLE_ACCOUNT_DELETION

default_config.py

@@ -14,6 +14,9 @@ MAX_ONLINE_QUERIES=3
 # Disable registration of new users via /auth/register (they can still be added by root)
 DISABLE_REGISTER=False
 
+# Disable account deletion for users (still possible for admins)
+DISABLE_ACCOUNT_DELETION=False
+
 # Front URL of the application (for QRCodes generation)
 BASE_URL="http://localhost:5000"
 

partitioncloud/modules/admin.py

@@ -50,7 +50,8 @@ def user_inspect(user_id):
         "settings/index.html",
         skip_old_password=True,
         inspected_user=inspected_user,
-        user=current_user
+        user=current_user,
+        deletion_allowed=True
     )
 
 

partitioncloud/modules/settings.py

@@ -27,7 +27,8 @@ def index():
     return render_template(
         "settings/index.html",
         inspected_user=user,
-        user=user
+        user=user,
+        deletion_allowed=not current_app.config["DISABLE_ACCOUNT_DELETION"]
     )
 
 
@@ -48,6 +49,10 @@ def delete_account():
         if cur_user.id != mod_user.id:
             flash(_("Missing rights."))
             return redirect(request.referrer)
+
+        if current_app.config["DISABLE_ACCOUNT_DELETION"]:
+            flash(_("You are not allowed to delete your account."))
+            return redirect(request.referrer)
     else:
         log_data = [mod_user.username, mod_user.id, cur_user.username]
 

partitioncloud/templates/settings/index.html

@@ -35,8 +35,9 @@
     <input type="hidden" id="user_id" name="user_id" value="{{ inspected_user.id }}">
     <input type="Submit" value="{{ _('confirm') }}">
 </form>
-
+{% if deletion_allowed %}
   <h3>{{ _("Delete account") }}</h3>
   <a href="#delete-account"><button class="red-confirm">{{ _("Delete account") }}</button></a>
+{% endif %}
 
 {% endblock %}