Skip to content

🚫 fix: Hide Delete Account Button When ALLOW_ACCOUNT_DELETION Is Disabled#12568

Merged
danny-avila merged 4 commits into
devfrom
claude/romantic-hodgkin
Apr 8, 2026
Merged

🚫 fix: Hide Delete Account Button When ALLOW_ACCOUNT_DELETION Is Disabled#12568
danny-avila merged 4 commits into
devfrom
claude/romantic-hodgkin

Conversation

@danny-avila

@danny-avila danny-avila commented Apr 8, 2026

Copy link
Copy Markdown
Owner

Summary

Closes #12465

The ALLOW_ACCOUNT_DELETION=false environment variable was only enforced server-side via middleware, but the Delete Account button remained visible in the UI. Users would see a button that silently failed with a 403 — confusing UX.

  • Add allowAccountDeletion boolean to the TStartupConfig type in packages/data-provider
  • Include the ALLOW_ACCOUNT_DELETION env var in the startup config payload returned by GET /api/config, defaulting to true when unset (matching existing middleware behavior). Read inline in buildSharedPayload() for per-request evaluation and test isolation.
  • For authenticated users when deletion is disabled, perform a server-side ACCESS_ADMIN capability check via hasCapability() — matching canDeleteAccount middleware exactly. Users with the capability (regardless of role) get allowAccountDeletion: true in their config.
  • Conditionally render the <DeleteAccount /> component in Account.tsx based on the startup config value, hiding it entirely when account deletion is disabled
  • Add 3 frontend tests (enabled, disabled, loading state) and 6 backend tests (3 unauthenticated env var cases + 3 authenticated capability cases)

Note: After applying, run npm run build:data-provider to rebuild the shared types.

Change Type

  • Bug fix (non-breaking change which fixes an issue)

Testing

  1. Set ALLOW_ACCOUNT_DELETION=false in .env and restart the backend
  2. Confirm the Delete Account button is hidden for non-admin users in Settings > Account
  3. Log in as a user with ACCESS_ADMIN capability — confirm the button is still visible
  4. Remove or comment out ALLOW_ACCOUNT_DELETION (or set to true) and restart
  5. Confirm the Delete Account button reappears for all users
  6. Run npm run build:data-provider after applying changes
  7. Run backend tests: cd api && npx jest routes/__tests__/config.spec.js
  8. Run frontend tests: cd client && npx jest src/components/Nav/SettingsTabs/Account/Account.spec.tsx

Test Configuration:

  • Node.js v22
  • MongoDB
  • Chrome

Checklist

  • My code adheres to this project's style guidelines
  • I have performed a self-review of my own code
  • My changes do not introduce new warnings
  • I have written tests demonstrating that my changes are effective or that my feature works
  • Local unit tests pass with my changes

@danny-avila
danny-avila changed the base branch from main to dev April 8, 2026 02:29
…etion

- Show delete button for admin users even when ALLOW_ACCOUNT_DELETION=false,
  matching the canDeleteAccount middleware's ACCESS_ADMIN bypass
- Move env var read inline in buildSharedPayload() for per-request evaluation
- Add 4 frontend tests for Account conditional rendering
- Add 3 backend tests for allowAccountDeletion config field
…d role check

- Replace frontend SystemRoles.ADMIN check with server-side hasCapability()
  in the authenticated config route, matching canDeleteAccount middleware exactly
- Admin bypass now evaluates ACCESS_ADMIN capability per-user in GET /api/config,
  so users with the grant (regardless of role) see the button, and admins
  without the grant do not
- Add 3 authenticated backend tests: without capability, with capability,
  and skip-when-already-enabled
- Simplify frontend to pure config check (no role logic)
- Remove redundant jest-dom import; add inline env var comment
@danny-avila
danny-avila merged commit d350c58 into dev Apr 8, 2026
14 checks passed
@danny-avila
danny-avila deleted the claude/romantic-hodgkin branch April 8, 2026 03:51
jcbartle pushed a commit to jcbartle/LibreChat that referenced this pull request May 11, 2026
…bled (danny-avila#12568)

* fix: hide Delete Account button when ALLOW_ACCOUNT_DELETION is false

* fix: add admin bypass, inline env read, and tests for allowAccountDeletion

- Show delete button for admin users even when ALLOW_ACCOUNT_DELETION=false,
  matching the canDeleteAccount middleware's ACCESS_ADMIN bypass
- Move env var read inline in buildSharedPayload() for per-request evaluation
- Add 4 frontend tests for Account conditional rendering
- Add 3 backend tests for allowAccountDeletion config field

* fix: use server-side ACCESS_ADMIN capability check instead of frontend role check

- Replace frontend SystemRoles.ADMIN check with server-side hasCapability()
  in the authenticated config route, matching canDeleteAccount middleware exactly
- Admin bypass now evaluates ACCESS_ADMIN capability per-user in GET /api/config,
  so users with the grant (regardless of role) see the button, and admins
  without the grant do not
- Add 3 authenticated backend tests: without capability, with capability,
  and skip-when-already-enabled
- Simplify frontend to pure config check (no role logic)
- Remove redundant jest-dom import; add inline env var comment

* test: add missing toHaveBeenCalled assertion in ACCESS_ADMIN test
ThomasVuNguyen pushed a commit to ThomasVuNguyen/LibreChat that referenced this pull request Jul 15, 2026
…bled (danny-avila#12568)

* fix: hide Delete Account button when ALLOW_ACCOUNT_DELETION is false

* fix: add admin bypass, inline env read, and tests for allowAccountDeletion

- Show delete button for admin users even when ALLOW_ACCOUNT_DELETION=false,
  matching the canDeleteAccount middleware's ACCESS_ADMIN bypass
- Move env var read inline in buildSharedPayload() for per-request evaluation
- Add 4 frontend tests for Account conditional rendering
- Add 3 backend tests for allowAccountDeletion config field

* fix: use server-side ACCESS_ADMIN capability check instead of frontend role check

- Replace frontend SystemRoles.ADMIN check with server-side hasCapability()
  in the authenticated config route, matching canDeleteAccount middleware exactly
- Admin bypass now evaluates ACCESS_ADMIN capability per-user in GET /api/config,
  so users with the grant (regardless of role) see the button, and admins
  without the grant do not
- Add 3 authenticated backend tests: without capability, with capability,
  and skip-when-already-enabled
- Simplify frontend to pure config check (no role logic)
- Remove redundant jest-dom import; add inline env var comment

* test: add missing toHaveBeenCalled assertion in ACCESS_ADMIN test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug]: Delete account button is still enabled even with ALLOW_ACCOUNT_DELETION=false

1 participant