Add a way for users to delete their own account if they have no packages

app/Resources/FOSUserBundle/views/Profile/show.html.twig

@@ -45,5 +45,12 @@
             <h3 class="font-normal">{{ 'packages.yours'|trans }}</h3>
         {% endblock %}
     {% endembed %}
+
+    {%- if deleteForm is defined %}
+        <form class="delete action" action="{{ path('user_delete', {name: user.username}) }}" method="POST">
+            {{ form_widget(deleteForm._token) }}
+            <input class="btn btn-danger" type="submit" value="Delete Account Permanently" onclick="return confirm('Are you sure? There is no way back..');" />
+        </form>
+    {%- endif %}
 </section>
 {% endblock %}

src/Packagist/WebBundle/Controller/UserController.php

@@ -152,14 +152,20 @@ class UserController extends Controller
         $packages = $this->getUserPackages($req, $user);
         $lastGithubSync = $this->getDoctrine()->getRepository(Job::class)->getLastGitHubSyncJob($user->getId());
 
+        $data = array(
+            'packages' => $packages,
+            'meta' => $this->getPackagesMetadata($packages),
+            'user' => $user,
+            'githubSync' => $lastGithubSync,
+        );
+
+        if (!count($packages)) {
+            $data['deleteForm'] = $this->createFormBuilder(array())->getForm()->createView();
+        }
+
         return $this->container->get('templating')->renderResponse(
             'FOSUserBundle:Profile:show.html.twig',
-            array(
-                'packages' => $packages,
-                'meta' => $this->getPackagesMetadata($packages),
-                'user' => $user,
-                'githubSync' => $lastGithubSync,
-            )
+            $data
         );
     }
 
@@ -181,6 +187,9 @@ class UserController extends Controller
         if ($this->isGranted('ROLE_ANTISPAM')) {
             $data['spammerForm'] = $this->createFormBuilder(array())->getForm()->createView();
         }
+        if (!count($packages) && ($this->isGranted('ROLE_ADMIN') || ($this->getUser() && $this->getUser()->getId() === $user->getId()))) {
+            $data['deleteForm'] = $this->createFormBuilder(array())->getForm()->createView();
+        }
 
         return $data;
     }
@@ -274,6 +283,36 @@ class UserController extends Controller
         return new Response('{"status": "success"}', 204);
     }
 
+    /**
+     * @Route("/users/{name}/delete", name="user_delete", defaults={"_format" = "json"}, methods={"POST"})
+     * @ParamConverter("user", options={"mapping": {"name": "username"}})
+     */
+    public function deleteUserAction(User $user, Request $req)
+    {
+        if (!($this->isGranted('ROLE_ADMIN') || ($this->getUser() && $user->getId() === $this->getUser()->getId()))) {
+            throw new AccessDeniedException('You cannot delete this user');
+        }
+
+        if (count($user->getPackages()) > 0) {
+            throw new AccessDeniedException('The user has packages so it can not be deleted');
+        }
+
+        $form = $this->createFormBuilder(array())->getForm();
+
+        $form->submit($req->request->get('form'));
+        if ($form->isValid()) {
+            $em = $this->getDoctrine()->getManager();
+            $em->remove($user);
+            $em->flush();
+
+            $this->container->get('security.token_storage')->setToken(null);
+
+            return $this->redirectToRoute('home');
+        }
+
+        return $this->redirectToRoute('user_profile', ['name' => $user->getName()]);
+    }
+
     /**
      * @Template()
      * @Route("/users/{name}/2fa/", name="user_2fa_configure", methods={"GET"})

src/Packagist/WebBundle/Resources/views/user/profile.html.twig

@@ -20,6 +20,12 @@
         {%- if is_granted('ROLE_ADMIN') %}
             <a href="mailto:{{ user.email }}">{{ user.email }}</a>
         {%- endif %}
+        {%- if deleteForm is defined and (is_granted('ROLE_ADMIN') or isActualUser) %}
+            <form class="delete action" action="{{ path('user_delete', {name: user.username}) }}" method="POST">
+                {{ form_widget(deleteForm._token) }}
+                <input class="btn btn-danger" type="submit" value="Delete Account Permanently" onclick="return confirm('Are you sure? There is no way back..');" />
+            </form>
+        {%- endif %}
         {%- if is_granted('ROLE_ANTISPAM') %}
             <form class="delete action" action="{{ path('mark_spammer', {name: user.username}) }}" method="POST">
                 {{ form_widget(spammerForm._token) }}