From 0850c92e89682c03c6c45cac2e75d32b14c01a4a Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 16 Feb 2023 15:07:06 +0100
Subject: [PATCH] chg: [users:index] Added setting to allow the deletion of
 users

Fix #119
---
 src/Controller/UsersController.php                        | 3 +++
 .../Table/SettingProviders/CerebrateSettingsProvider.php  | 8 +++++++-
 templates/Users/index.php                                 | 3 +++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
index dc9c34d..3bd715d 100644
--- a/src/Controller/UsersController.php
+++ b/src/Controller/UsersController.php
@@ -308,6 +308,9 @@ class UsersController extends AppController
         }
         $params = [
             'beforeSave' => function($data) use ($currentUser, $validRoles) {
+                if (empty(Configure::read('user.allow-user-deletion'))) {
+                    throw new MethodNotAllowedException(__('User deletion is disabled on this instance.'));
+                }
                 if (!$currentUser['role']['perm_admin']) {
                     if ($data['organisation_id'] !== $currentUser['organisation_id']) {
                         throw new MethodNotAllowedException(__('You do not have permission to delete the given user.'));
diff --git a/src/Model/Table/SettingProviders/CerebrateSettingsProvider.php b/src/Model/Table/SettingProviders/CerebrateSettingsProvider.php
index fb2faa0..3f9bb65 100644
--- a/src/Model/Table/SettingProviders/CerebrateSettingsProvider.php
+++ b/src/Model/Table/SettingProviders/CerebrateSettingsProvider.php
@@ -342,7 +342,13 @@ class CerebrateSettingsProvider extends BaseSettingsProvider
                             'type' => 'boolean',
                             'description' => __('This setting will enforce that usernames conform to basic requirements of e-mail addresses.'),
                             'default' => false
-                        ]
+                        ],
+                        'user.allow-user-deletion' => [
+                            'name' => __('Allow user deletion'),
+                            'type' => 'boolean',
+                            'description' => __('This setting will allow the deletion of users by authorized users.'),
+                            'default' => false
+                        ],
                     ]
                 ]
             ]
diff --git a/templates/Users/index.php b/templates/Users/index.php
index eac53d8..1dff40d 100644
--- a/templates/Users/index.php
+++ b/templates/Users/index.php
@@ -145,6 +145,9 @@ echo $this->element('genericElements/IndexTable/index_table', [
                         ]
                     ],
                     'function' => function ($row, $options)  use ($loggedUser, $validRoles) {
+                        if (empty(Configure::read('user.allow-user-deletion'))) {
+                            return false;
+                        }
                         if ($row['id'] == $loggedUser['id']) {
                             return false;
                         }