Add option to soft-delete an account from admin panel

ReplayBrowser/Controllers/AccountController.cs

@@ -211,14 +211,67 @@ [FromQuery] string guid
         var fileName = $"account-gdpr-{guid}_{DateTime.Now:yyyy-MM-dd}.zip";
         return File(zipStream, "application/zip", fileName);
     }
+
+    /// <summary>
+    /// Deletes an account in a way a user also has the option to delete. This does not remove them from future and past replays, instead only the entry in the account table.
+    /// </summary>
+    [HttpPost("delete-admin-non-gdpr")]
+    [Authorize]
+    public async Task<IActionResult> AdminDeleteNonGdpr(
+        [FromQuery] string guid
+    )
+    {
+        if (string.IsNullOrWhiteSpace(guid))
+        {
+            return BadRequest("Guid is null or empty.");
+        }
+
+        if (!Guid.TryParse(guid, out var parsedGuid))
+        {
+            return BadRequest("Guid is not a valid guid.");
+        }
+
+        if (!User.Identity.IsAuthenticated)
+        {
+            return Unauthorized();
+        }
+
+        var guidRequestor = AccountHelper.GetAccountGuid(User);
+
+        var requestor = await _context.Accounts
+            .Include(a => a.Settings)
+            .Include(a => a.History)
+            .FirstOrDefaultAsync(a => a.Guid == guidRequestor);
+
+        if (requestor == null)
+        {
+            return NotFound("Account is null. This should not happen.");
+        }
+
+        if (!requestor.IsAdmin) 
+            return Unauthorized("You are not an admin.");
+
+        var user = await _context.Accounts
+            .Include(a => a.Settings)
+            .Include(a => a.History)
+            .FirstOrDefaultAsync(a => a.Guid == parsedGuid);
+
+        if (user != null) 
+        {
+            _context.Accounts.Remove(user);
+            await _context.SaveChangesAsync();
+        }
+
+        return Ok();        
+    }
 
     /// <summary>
     /// Removed a specific guid permanently from the database. Future replays will have this player replaced with "Removed by GDPR request".
     /// </summary>
     /// <returns></returns>
     [HttpPost("delete-admin")]
     [Authorize]
-    public async Task<IActionResult> AdminDelete(
+    public async Task<IActionResult> AdminDeleteGdpr(
         [FromQuery] string guid
         )
     {

ReplayBrowser/Pages/Account/Admin.razor

@@ -49,8 +49,9 @@ else
     // GDPR compliance
     <p>Putting in a guid in this field will delete and permanently remove any and all replay data associated with the account.</p>
     <input type="text" id="deleteGuid" placeholder="Guid" class="form-control" />
-    <button id="deleteAccountButton" class="btn btn-primary">Delete account</button>
+    <button id="deleteAccountButton" class="btn btn-primary">Delete account (gdpr)</button>
     <button id="getAccountData" class="btn btn-primary">Download account data</button>
+    <button id="deleteAccountNonGdpr" class="btn btn-primary">Delete account (non-gdpr)</button>
 }
 
 <script>
@@ -89,6 +90,30 @@ else
             // Open a new tab with the account data
             window.open('/account/download-data-admin?guid=' + guid, '_blank');
         });
+        
+        $('#deleteAccountNonGdpr').click(function() {
+            const guid = $('#deleteGuid').val();
+            if (guid === '') {
+                alert('Guid cannot be empty.');
+                return;
+            }
+
+            if (!confirm('Are you sure you want to delete the account?')) {
+                return;
+            }
+
+            $.ajax({
+                url: '/account/delete-admin-non-gdpr?guid=' + guid,
+                type: 'POST',
+                contentType: 'application/json',
+                success: function() {
+                    alert('Account deleted.');
+                },
+                error: function() {
+                    alert('Failed to delete account.');
+                }
+            });
+        });
     });
 </script>