FEATURE: Allow admins to disable self-service account deletion

https://meta.discourse.org/t/-/146276

app/models/user.rb

@@ -233,7 +233,6 @@ class User < ActiveRecord::Base
     LAST_VISIT = -2
   end
 
-  MAX_SELF_DELETE_POST_COUNT ||= 1
   MAX_STAFF_DELETE_POST_COUNT ||= 5
 
   def self.max_password_length
@@ -1286,6 +1285,7 @@ class User < ActiveRecord::Base
 
   def has_more_posts_than?(max_post_count)
     return true if user_stat && (user_stat.topic_count + user_stat.post_count) > max_post_count
+    return true if max_post_count < 0
 
     DB.query_single(<<~SQL, user_id: self.id).first > max_post_count
       SELECT COUNT(1)

config/locales/server.en.yml

@@ -1952,6 +1952,7 @@ en:
     relative_date_duration: "Number of days after posting where post dates will be shown as relative (7d) instead of absolute (20 Feb)."
     delete_user_max_post_age: "Don't allow deleting users whose first post is older than (x) days."
     delete_all_posts_max: "The maximum number of posts that can be deleted at once with the Delete All Posts button. If a user has more than this many posts, the posts cannot all be deleted at once and the user can't be deleted."
+    delete_user_self_max_post_count: "The maximum number of posts a user can have while allowing self-service account deletion. Set to -1 to disable self-service account deletion."
     username_change_period: "The maximum number of days after registration that accounts can change their username (0 to disallow username change)."
     email_editable: "Allow users to change their e-mail address after registration."
     logout_redirect: "Location to redirect browser to after logout (eg: https://example.com/logout)"

config/site_settings.yml

@@ -542,6 +542,9 @@ users:
     client: true
     default: 15
     min: 1
+  delete_user_self_max_post_count:
+    default: 1
+    min: -1
   redirect_users_to_top_page: true
   prioritize_username_in_ux:
     client: true

lib/guardian/user_guardian.rb

@@ -62,7 +62,7 @@ module UserGuardian
     return false if user.nil? || user.admin?
     if is_me?(user)
       !SiteSetting.enable_sso &&
-      !user.has_more_posts_than?(User::MAX_SELF_DELETE_POST_COUNT)
+      !user.has_more_posts_than?(SiteSetting.delete_user_self_max_post_count)
     else
       is_staff? && (
         user.first_post_created_at.nil? ||

spec/components/guardian/user_guardian_spec.rb

@@ -303,6 +303,30 @@ describe UserGuardian do
         Fabricate(:post, user: user, topic: topic)
         expect(guardian.can_delete_user?(user)).to eq(false)
       end
+
+      it "isn't allowed when site admin blocked self deletion" do
+        expect(user.first_post_created_at).to be_nil
+
+        SiteSetting.delete_user_self_max_post_count = -1
+        expect(guardian.can_delete_user?(user)).to eq(false)
+      end
+
+      it "correctly respects the delete_user_self_max_post_count setting" do
+        SiteSetting.delete_user_self_max_post_count = 0
+        expect(guardian.can_delete_user?(user)).to eq(true)
+
+        Fabricate(:post, user: user)
+
+        expect(guardian.can_delete_user?(user)).to eq(false)
+        SiteSetting.delete_user_self_max_post_count = 1
+        expect(guardian.can_delete_user?(user)).to eq(true)
+
+        Fabricate(:post, user: user)
+
+        expect(guardian.can_delete_user?(user)).to eq(false)
+        SiteSetting.delete_user_self_max_post_count = 2
+        expect(guardian.can_delete_user?(user)).to eq(true)
+      end
     end
 
     context "for moderators" do