User self-deletion

resolves #3013

CHANGELOG-v3.1.md

@@ -37,3 +37,4 @@
 - User permission definitions can now include `info` and/or `warning` keys.
 - The old “Administrate users” permission has been renamed to “Moderate users”.
 - The old “Change users’ emails” permission has been renamed to “Administrate users”, and now comes with the ability to activate user accounts and reset their passwords. ([#942](https://github.com/craftcms/cms/issues/942))  
+- All users now have the ability to delete their own user accounts. ([#3013](https://github.com/craftcms/cms/issues/3013))

src/controllers/UsersController.php

@@ -659,18 +659,18 @@ public function actionEditUser($userId = null, User $user = null): Response
                         'label' => Craft::t('app', 'Suspend')
                     ];
                 }
+            }
 
-                if ($userSession->checkPermission('deleteUsers')) {
-                    // Even if they have delete user permissions, we don't want a non-admin
-                    // to be able to delete an admin.
-                    $currentUser = $userSession->getIdentity();
+            if ($isCurrentUser || $userSession->checkPermission('deleteUsers')) {
+                // Even if they have delete user permissions, we don't want a non-admin
+                // to be able to delete an admin.
+                $currentUser = $userSession->getIdentity();
 
-                    if (($currentUser && $currentUser->admin) || !$user->admin) {
-                        $destructiveActions[] = [
-                            'id' => 'delete-btn',
-                            'label' => Craft::t('app', 'Delete…')
-                        ];
-                    }
+                if (($currentUser && $currentUser->admin) || !$user->admin) {
+                    $destructiveActions[] = [
+                        'id' => 'delete-btn',
+                        'label' => Craft::t('app', 'Delete…')
+                    ];
                 }
             }
         }
@@ -1368,9 +1368,13 @@ public function actionUserContentSummary(): Response
     {
         $this->requirePostRequest();
         $this->requireLogin();
-        $this->requirePermission('deleteUsers');
 
         $userIds = Craft::$app->getRequest()->getRequiredBodyParam('userId');
+
+        if ($userIds !== (string)Craft::$app->getUser()->getIdentity()->id) {
+            $this->requirePermission('deleteUsers');
+        }
+
         $summary = [];
 
         $entryCount = (new Query())
@@ -1401,18 +1405,20 @@ public function actionDeleteUser()
         $this->requirePostRequest();
         $this->requireLogin();
 
-        $this->requirePermission('deleteUsers');
-
         $userId = Craft::$app->getRequest()->getRequiredBodyParam('userId');
         $user = Craft::$app->getUsers()->getUserById($userId);
 
         if (!$user) {
             $this->_noUserExists();
         }
 
-        // Even if you have deleteUser permissions, only and admin should be able to delete another admin.
-        if ($user->admin) {
-            $this->requireAdmin();
+        if (!$user->getIsCurrent()) {
+            $this->requirePermission('deleteUsers');
+
+            // Even if you have deleteUser permissions, only and admin should be able to delete another admin.
+            if ($user->admin) {
+                $this->requireAdmin();
+            }
         }
 
         // Are we transferring the user's content to a different user?