diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index c78bad9ee..2d5e69091 100644 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -92,12 +92,20 @@ class SettingsController extends Controller public function removeAccountTemporary(Request $request) { + $user = Auth::user(); + abort_if(!config('pixelfed.account_deletion'), 403); + abort_if($user->is_admin, 403); + abort_if($user->created_at->gt(now()->subHours(12)), 403); + return view('settings.remove.temporary'); } public function removeAccountTemporarySubmit(Request $request) { $user = Auth::user(); + abort_if(!config('pixelfed.account_deletion'), 403); + abort_if($user->is_admin, 403); + abort_if($user->created_at->gt(now()->subHours(12)), 403); $profile = $user->profile; $user->status = 'disabled'; $profile->status = 'disabled'; @@ -110,9 +118,9 @@ class SettingsController extends Controller public function removeAccountPermanent(Request $request) { - if(config('pixelfed.account_deletion') == false) { - abort(404); - } + $user = Auth::user(); + abort_if($user->is_admin, 403); + abort_if($user->created_at->gt(now()->subDays(7)), 403); return view('settings.remove.permanent'); } @@ -122,9 +130,9 @@ class SettingsController extends Controller abort(404); } $user = Auth::user(); - if($user->is_admin == true) { - return abort(400, 'You cannot delete an admin account.'); - } + abort_if(!config('pixelfed.account_deletion'), 403); + abort_if($user->is_admin, 403); + abort_if($user->created_at->gt(now()->subDays(7)), 403); $profile = $user->profile; $ts = Carbon::now()->addMonth(); $user->status = 'delete'; diff --git a/resources/views/settings/security.blade.php b/resources/views/settings/security.blade.php index 00ce15689..49f48b2d2 100644 --- a/resources/views/settings/security.blade.php +++ b/resources/views/settings/security.blade.php @@ -27,7 +27,7 @@ @include('settings.security.device-panel') - @if(config('pixelfed.account_deletion') == true) + @if(config('pixelfed.account_deletion') && !$user->is_admin && $user->created_at->gt(now()->subHours(12))) <h4 class="font-weight-bold pt-3">Danger Zone</h4> <div class="mb-4 border rounded border-danger"> <ul class="list-group mb-0 pb-0"> @@ -40,6 +40,7 @@ <a class="btn btn-outline-danger font-weight-bold py-1" href="{{route('settings.remove.temporary')}}">Disable</a> </div> </li> + @if( !$user->is_admin && $user->created_at->gt(now()->subDays(7)) ) <li class="list-group-item border-left-0 border-right-0 py-3 d-flex justify-content-between"> <div> <p class="font-weight-bold mb-1">Delete this Account</p> @@ -49,6 +50,7 @@ <a class="btn btn-outline-danger font-weight-bold py-1" href="{{route('settings.remove.permanent')}}">Delete</a> </div> </li> + @endif </ul> </div> @endif