From 7019d53e2ba269fa18e877d26859c835af9f21a6 Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Tue, 7 Jul 2026 13:47:36 +0200 Subject: [PATCH] Improve user account deletion flow --- apps/api/src/app/user/user.service.ts | 8 ++++++++ .../user-account-settings.component.ts | 15 +++++++-------- .../user-account-settings.html | 8 +++++--- libs/common/src/lib/permissions.ts | 1 + 4 files changed, 21 insertions(+), 11 deletions(-) diff --git a/apps/api/src/app/user/user.service.ts b/apps/api/src/app/user/user.service.ts index 0c159bc1c..4dcf16034 100644 --- a/apps/api/src/app/user/user.service.ts +++ b/apps/api/src/app/user/user.service.ts @@ -535,6 +535,14 @@ export class UserService { user.subscription.offer.label = undefined; } + if ( + !hasRole(user, Role.DEMO) && + (user.provider !== 'ANONYMOUS' || + user.subscription?.type === SubscriptionType.Premium) + ) { + currentPermissions.push(permissions.requestOwnUserDeletion); + } + if (hasRole(user, Role.ADMIN)) { currentPermissions.push(permissions.syncDemoUserAccount); } diff --git a/apps/client/src/app/components/user-account-settings/user-account-settings.component.ts b/apps/client/src/app/components/user-account-settings/user-account-settings.component.ts index 282768d0c..c8210b0c3 100644 --- a/apps/client/src/app/components/user-account-settings/user-account-settings.component.ts +++ b/apps/client/src/app/components/user-account-settings/user-account-settings.component.ts @@ -76,8 +76,8 @@ export class GfUserAccountSettingsComponent implements OnInit { public deleteOwnUserForm = this.formBuilder.group({ accessToken: ['', Validators.required] }); - public hasPermissionForSubscription: boolean; public hasPermissionToDeleteOwnUser: boolean; + public hasPermissionToRequestOwnUserDeletion: boolean; public hasPermissionToUpdateViewMode: boolean; public hasPermissionToUpdateUserSettings: boolean; public isAccessTokenHidden = true; @@ -115,17 +115,11 @@ export class GfUserAccountSettingsComponent implements OnInit { private userService: UserService, public webAuthnService: WebAuthnService ) { - const { baseCurrency, currencies, globalPermissions } = - this.dataService.fetchInfo(); + const { baseCurrency, currencies } = this.dataService.fetchInfo(); this.baseCurrency = baseCurrency; this.currencies = currencies; - this.hasPermissionForSubscription = hasPermission( - globalPermissions, - permissions.enableSubscription - ); - this.userService.stateChanged .pipe(takeUntilDestroyed(this.destroyRef)) .subscribe((state) => { @@ -139,6 +133,11 @@ export class GfUserAccountSettingsComponent implements OnInit { permissions.deleteOwnUser ); + this.hasPermissionToRequestOwnUserDeletion = hasPermission( + this.user.permissions, + permissions.requestOwnUserDeletion + ); + this.hasPermissionToUpdateUserSettings = hasPermission( this.user.permissions, permissions.updateUserSettings diff --git a/apps/client/src/app/components/user-account-settings/user-account-settings.html b/apps/client/src/app/components/user-account-settings/user-account-settings.html index 2f17dace8..99025c2e0 100644 --- a/apps/client/src/app/components/user-account-settings/user-account-settings.html +++ b/apps/client/src/app/components/user-account-settings/user-account-settings.html @@ -285,7 +285,9 @@ - @if (hasPermissionToDeleteOwnUser || hasPermissionForSubscription) { + @if ( + hasPermissionToDeleteOwnUser || hasPermissionToRequestOwnUserDeletion + ) {
Danger Zone
@@ -336,14 +338,14 @@ } @else if ( - hasPermissionForSubscription && + hasPermissionToRequestOwnUserDeletion && (user?.accounts?.length > 0 || user?.activitiesCount > 0) ) {
For security reasons, please delete all activities and accounts first before your Ghostfolio account can be closed.
- } @else if (hasPermissionForSubscription) { + } @else if (hasPermissionToRequestOwnUserDeletion) { Close Account diff --git a/libs/common/src/lib/permissions.ts b/libs/common/src/lib/permissions.ts index f9cb19562..428de1788 100644 --- a/libs/common/src/lib/permissions.ts +++ b/libs/common/src/lib/permissions.ts @@ -50,6 +50,7 @@ export const permissions = { readTags: 'readTags', readWatchlist: 'readWatchlist', reportDataGlitch: 'reportDataGlitch', + requestOwnUserDeletion: 'requestOwnUserDeletion', syncDemoUserAccount: 'syncDemoUserAccount', toggleReadOnlyMode: 'toggleReadOnlyMode', updateAccount: 'updateAccount',