Finalize account deletion api

Author: nygrenh

app/controllers/api/v8/users/request_deletion_controller.rb

@@ -7,7 +7,8 @@ class RequestDeletionController < Api::V8::BaseController
         skip_authorization_check
 
         def create
-          user = User.find(params[:user_id])
+          user = current_user
+          user = User.find_by!(id: params[:user_id]) unless params[:user_id] == 'current'
           authorize! :destroy, user
           UserMailer.destroy_confirmation(user).deliver_now
           render json: {

app/controllers/users_controller.rb

@@ -114,8 +114,11 @@ def destroy_user
     token = VerificationToken.delete_user.find_by!(user: user, token: params[:id])
     username = user.login
     sign_out if current_user == user
+    email = user.email
+    username = user.login
     user.destroy
-    redirect_to root_url, notice: "The account #{username} has been permanently destroyed."
+    RecentlyChangedUserDetail.deleted.create!(old_value: false, new_value: true, email: email, username: username)
+    redirect_to root_url, notice: "Your account has been permanently destroyed."
   end
 
   def send_destroy_email

app/models/recently_changed_user_detail.rb

@@ -1,3 +1,3 @@
 class RecentlyChangedUserDetail < ActiveRecord::Base
-  enum change_type: [:email_changed]
+  enum change_type: [:email_changed, :deleted]
 end

app/views/user_mailer/destroy_confirmation.html.erb

@@ -6,7 +6,7 @@
   <body>
     <p>Hello!</p>
 
-    <p>You have requested deleting your mooc.fi account "<%= @user.login %>".</p>
+    <p>You have requested deleting your mooc.fi account.</p>
 
     <p>Please proceed to the following link to continue the deletion process.</p>
 

app/views/user_mailer/destroy_confirmation.text.erb

@@ -1,6 +1,6 @@
 Hello!
 
-You have requested deleting your mooc.fi account "<%= @user.login %>".
+You have requested deleting your mooc.fi account.
 
 Please proceed to the following link to continue the deletion process.
 

config/routes.rb

@@ -42,7 +42,9 @@
     namespace :v8, defaults: {format: 'json'} do
       resources :apidocs, only: :index, path: 'documentation'
 
-      resources :users, only: [:show, :create, :update]
+      resources :users, only: [:show, :create, :update] do
+        resources :request_deletion, only: [:create], module: :users
+      end
 
       namespace :users do
         resources :password_reset, only: [:create]

db/migrate/20180613083429_add_user_fields_to_recently_changed_user_details.rb

@@ -0,0 +1,6 @@
+class AddUserFieldsToRecentlyChangedUserDetails < ActiveRecord::Migration
+  def change
+    add_column :recently_changed_user_details, :username, :string
+    add_column :recently_changed_user_details, :email, :string
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20180608084626) do
+ActiveRecord::Schema.define(version: 20180613083429) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -253,6 +253,8 @@
     t.string   "new_value",   null: false
     t.datetime "created_at"
     t.datetime "updated_at"
+    t.string   "username"
+    t.string   "email"
   end
 
   create_table "reply_to_feedback_answers", force: :cascade do |t|