chg: [users:index] Added setting to allow the deletion of users

Fix #119
2023-02-16 15:07:06 +01:00 · 2023-02-16 15:07:06 +01:00 · 0850c92e89
parent b0e06cd0f6
commit 0850c92e89
3 changed files with 13 additions and 1 deletions
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@ -308,6 +308,9 @@ class UsersController extends AppController
        }
        $params = [
            'beforeSave' => function($data) use ($currentUser, $validRoles) {
+                if (empty(Configure::read('user.allow-user-deletion'))) {
+                    throw new MethodNotAllowedException(__('User deletion is disabled on this instance.'));
+                }
                if (!$currentUser['role']['perm_admin']) {
                    if ($data['organisation_id'] !== $currentUser['organisation_id']) {
                        throw new MethodNotAllowedException(__('You do not have permission to delete the given user.'));
--- a/src/Model/Table/SettingProviders/CerebrateSettingsProvider.php
+++ b/src/Model/Table/SettingProviders/CerebrateSettingsProvider.php
@ -342,7 +342,13 @@ class CerebrateSettingsProvider extends BaseSettingsProvider
                            'type' => 'boolean',
                            'description' => __('This setting will enforce that usernames conform to basic requirements of e-mail addresses.'),
                            'default' => false
-                        ]
+                        ],
+                        'user.allow-user-deletion' => [
+                            'name' => __('Allow user deletion'),
+                            'type' => 'boolean',
+                            'description' => __('This setting will allow the deletion of users by authorized users.'),
+                            'default' => false
+                        ],
                    ]
                ]
            ]
--- a/templates/Users/index.php
+++ b/templates/Users/index.php
@ -145,6 +145,9 @@ echo $this->element('genericElements/IndexTable/index_table', [
                        ]
                    ],
                    'function' => function ($row, $options)  use ($loggedUser, $validRoles) {
+                        if (empty(Configure::read('user.allow-user-deletion'))) {
+                            return false;
+                        }
                        if ($row['id'] == $loggedUser['id']) {
                            return false;
                        }