Moved user account removal to API

public_html/dispatch.php

@@ -147,6 +147,8 @@ $userValidations =
 \Chibi\Router::register(['UserController', 'banAction'], 'POST', '/user/{name}/ban', $userValidations);
 \Chibi\Router::register(['UserController', 'unbanAction'], 'POST', '/user/{name}/unban', $userValidations);
 \Chibi\Router::register(['UserController', 'acceptRegistrationAction'], 'POST', '/user/{name}/accept-registration', $userValidations);
+\Chibi\Router::register(['UserController', 'deleteView'], 'GET', '/user/{name}/delete', $userValidations);
+\Chibi\Router::register(['UserController', 'deleteAction'], 'POST', '/user/{name}/delete', $userValidations);
 
 foreach (['GET', 'POST'] as $method)
 {
@@ -155,7 +157,6 @@ foreach (['GET', 'POST'] as $method)
 	\Chibi\Router::register(['UserController', 'registrationAction'], $method, '/register', $userValidations);
 	\Chibi\Router::register(['UserController', 'viewAction'], $method, '/user/{name}/{tab}', $userValidations);
 	\Chibi\Router::register(['UserController', 'viewAction'], $method, '/user/{name}/{tab}/{page}', $userValidations);
-	\Chibi\Router::register(['UserController', 'deleteAction'], $method, '/user/{name}/delete', $userValidations);
 	\Chibi\Router::register(['UserController', 'settingsAction'], $method, '/user/{name}/settings', $userValidations);
 	\Chibi\Router::register(['UserController', 'editAction'], $method, '/user/{name}/edit', $userValidations);
 	\Chibi\Router::register(['UserController', 'activationAction'], $method, '/activation/{token}', $userValidations);

src/Api/Jobs/DeleteUserJob.php

@@ -0,0 +1,24 @@
+<?php
+class DeleteUserJob extends AbstractUserJob
+{
+	public function execute()
+	{
+		$user = $this->user;
+
+		$name = $user->name;
+		UserModel::remove($user);
+
+		LogHelper::log('{user} removed {subject}\'s account', [
+			'user' => TextHelper::reprUser(Auth::getCurrentUser()),
+			'subject' => TextHelper::reprUser($name)]);
+	}
+
+	public function requiresPrivilege()
+	{
+		return
+		[
+			Privilege::DeleteUser,
+			Access::getIdentity($this->user)
+		];
+	}
+}

src/Controllers/UserController.php

@@ -42,40 +42,37 @@ class UserController
 			AcceptUserRegistrationJob::USER_NAME => $name]);
 	}
 
-	public function deleteAction($name)
+	public function deleteView($name)
 	{
-		$context = getContext();
 		$user = UserModel::findByNameOrEmail($name);
-		Access::assert(
-			Privilege::ViewUser,
-			Access::getIdentity($user));
-		Access::assert(
-			Privilege::DeleteUser,
-			Access::getIdentity($user));
 
 		$this->loadUserView($user);
+		$context = getContext();
 		$context->transport->tab = 'delete';
+	}
 
-		$context->suppliedCurrentPassword = $suppliedCurrentPassword = InputHelper::get('current-password');
+	public function deleteAction($name)
+	{
+		$this->deleteView($name);
+		$user = UserModel::findByNameOrEmail($name);
 
-		if (!InputHelper::get('submit'))
-			return;
-
-		$name = $user->name;
 		if (Auth::getCurrentUser()->id == $user->id)
 		{
-			$suppliedPasswordHash = UserModel::hashPassword($suppliedCurrentPassword, $user->passSalt);
+			$suppliedPassword = InputHelper::get('current-password');
+			$suppliedPasswordHash = UserModel::hashPassword($suppliedPassword, $user->passSalt);
 			if ($suppliedPasswordHash != $user->passHash)
 				throw new SimpleException('Must supply valid password');
 		}
 
 		$oldId = $user->id;
-		UserModel::remove($user);
+
+		Api::run(new DeleteUserJob(), [
+			DeleteUserJob::USER_NAME => $name]);
+
 		if ($oldId == Auth::getCurrentUser()->id)
 			Auth::logOut();
 
 		\Chibi\Util\Url::forward(\Chibi\Router::linkTo(['StaticPagesController', 'mainPageView']));
-		LogHelper::log('{user} removed {subject}\'s account', ['subject' => TextHelper::reprUser($name)]);
 		exit;
 	}