From 0bde09ad5c89547a5250549b4210b0fe22783e33 Mon Sep 17 00:00:00 2001
From: Joseph D'Souza <joseph.souza@trya.it>
Date: Tue, 10 Feb 2026 16:46:08 +0100
Subject: [PATCH] enable account deletion

---
 .../Api/Profile/DetailsController.php          | 17 +++++++++++++++++
 .../Controllers/Api/Users/UsersController.php  | 18 ++++++++++--------
 server/routes/api.php                          |  1 +
 3 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/server/app/Http/Controllers/Api/Profile/DetailsController.php b/server/app/Http/Controllers/Api/Profile/DetailsController.php
index a75058b..5dc2e1c 100644
--- a/server/app/Http/Controllers/Api/Profile/DetailsController.php
+++ b/server/app/Http/Controllers/Api/Profile/DetailsController.php
@@ -49,4 +49,21 @@ class DetailsController extends ApiController
 
         return new UserResource($user);
     }
+
+    /**
+     * Delete user's account.
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function destroy()
+    {
+        $user = auth()->user();
+
+        try {
+            event(new \Vanguard\Events\User\Deleted($user));
+            $user->delete();
+            return $this->respondWithSuccess();
+        } catch (\Exception $e) {
+            return $this->errorInternal($e->getMessage());
+        }
+    }
 }
diff --git a/server/app/Http/Controllers/Api/Users/UsersController.php b/server/app/Http/Controllers/Api/Users/UsersController.php
index 70bc1e8..c74e614 100644
--- a/server/app/Http/Controllers/Api/Users/UsersController.php
+++ b/server/app/Http/Controllers/Api/Users/UsersController.php
@@ -127,14 +127,16 @@ class UsersController extends ApiController
      */
     public function destroy(User $user)
     {
-        if ($user->id == auth()->id()) {
-            return $this->errorForbidden(__("You cannot delete yourself."));
+        try {
+            event(new Deleted($user));
+
+            $user->delete();
+
+            return $this->respondWithSuccess();
+        } catch (\Illuminate\Database\QueryException $e) {
+            return $this->errorInternal($e->getMessage());
+        } catch (\Exception $e) {
+            return $this->errorInternal($e->getMessage());
         }
-
-        event(new Deleted($user));
-
-        $this->users->delete($user->id);
-
-        return $this->respondWithSuccess();
     }
 }
diff --git a/server/routes/api.php b/server/routes/api.php
index a70a89b..72e15f7 100644
--- a/server/routes/api.php
+++ b/server/routes/api.php
@@ -19,6 +19,7 @@ Route::group(['middleware' => ['auth', 'registration']], function () {
 Route::group(['middleware' => ['auth', 'verified']], function () {
     Route::get('me', 'Profile\DetailsController@index');
     Route::patch('me/details', 'Profile\DetailsController@update');
+    Route::delete('me', 'Profile\DetailsController@destroy');
     Route::patch('me/details/auth', 'Profile\AuthDetailsController@update');
     Route::post('me/avatar', 'Profile\AvatarController@update');
     Route::delete('me/avatar', 'Profile\AvatarController@destroy');