feat: automate account deletion (#11406)

- Automate the deletion of accounts that have requested deletion via
account settings.
- Add a Sidekiq job that runs daily to find accounts that have requested
deletion and have passed the 7-day window.
- This job deletes the account and then soft-deletes users if they do
not belong to any other account.
- This job also sends an email to the Chatwoot instance admin for
compliance purposes.
- The Chatwoot instance admin's email is configurable via the
`CHATWOOT_INSTANCE_ADMIN_EMAIL` global config.

---------

Co-authored-by: Sojan Jose <sojan@pepalo.com>

app/jobs/internal/delete_accounts_job.rb

@@ -0,0 +1,27 @@
+class Internal::DeleteAccountsJob < ApplicationJob
+  queue_as :scheduled_jobs
+
+  def perform
+    delete_expired_accounts
+  end
+
+  private
+
+  def delete_expired_accounts
+    accounts_pending_deletion.each do |account|
+      AccountDeletionService.new(account: account).perform
+    end
+  end
+
+  def accounts_pending_deletion
+    Account.where("custom_attributes->>'marked_for_deletion_at' IS NOT NULL")
+           .select { |account| deletion_period_expired?(account) }
+  end
+
+  def deletion_period_expired?(account)
+    deletion_time = account.custom_attributes['marked_for_deletion_at']
+    return false if deletion_time.blank?
+
+    DateTime.parse(deletion_time) <= Time.current
+  end
+end

app/mailers/administrator_notifications/account_compliance_mailer.rb

@@ -0,0 +1,53 @@
+class AdministratorNotifications::AccountComplianceMailer < AdministratorNotifications::BaseMailer
+  def account_deleted(account)
+    return if instance_admin_email.blank?
+
+    subject = subject_for(account)
+    meta = build_meta(account)
+
+    send_notification(subject, to: instance_admin_email, meta: meta)
+  end
+
+  private
+
+  def build_meta(account)
+    deleted_users = params[:soft_deleted_users] || []
+
+    user_info_list = []
+    deleted_users.each do |user|
+      user_info_list << {
+        'user_id' => user[:id].to_s,
+        'user_email' => user[:original_email].to_s
+      }
+    end
+
+    {
+      'instance_url' => instance_url,
+      'account_id' => account.id,
+      'account_name' => account.name,
+      'deleted_at' => format_time(Time.current.iso8601),
+      'deletion_reason' => account.custom_attributes['marked_for_deletion_reason'] || 'not specified',
+      'marked_for_deletion_at' => format_time(account.custom_attributes['marked_for_deletion_at']),
+      'soft_deleted_users' => user_info_list,
+      'deleted_user_count' => user_info_list.size
+    }
+  end
+
+  def format_time(time_string)
+    return 'not specified' if time_string.blank?
+
+    Time.zone.parse(time_string).strftime('%B %d, %Y %H:%M:%S %Z')
+  end
+
+  def subject_for(account)
+    "Account Deletion Notice for #{account.id} - #{account.name}"
+  end
+
+  def instance_admin_email
+    GlobalConfig.get('CHATWOOT_INSTANCE_ADMIN_EMAIL')['CHATWOOT_INSTANCE_ADMIN_EMAIL']
+  end
+
+  def instance_url
+    ENV.fetch('FRONTEND_URL', 'not available')
+  end
+end

app/services/account_deletion_service.rb

@@ -0,0 +1,50 @@
+class AccountDeletionService
+  attr_reader :account, :soft_deleted_users
+
+  def initialize(account:)
+    @account = account
+    @soft_deleted_users = []
+  end
+
+  def perform
+    Rails.logger.info("Deleting account #{account.id} - #{account.name} that was marked for deletion")
+
+    soft_delete_orphaned_users
+    send_compliance_notification
+    DeleteObjectJob.perform_later(account)
+  end
+
+  private
+
+  def send_compliance_notification
+    AdministratorNotifications::AccountComplianceMailer.with(
+      account: account,
+      soft_deleted_users: soft_deleted_users
+    ).account_deleted(account).deliver_later
+  end
+
+  def soft_delete_orphaned_users
+    account.users.each do |user|
+      # Find all account_users for this user excluding the current account
+      other_accounts = user.account_users.where.not(account_id: account.id).count
+
+      # If user has no other accounts, soft delete them
+      next unless other_accounts.zero?
+
+      # Soft delete user by appending -deleted.com to email
+      original_email = user.email
+      user.email = "#{original_email}-deleted.com"
+      user.skip_reconfirmation!
+      user.save!
+
+      user_info = {
+        id: user.id.to_s,
+        original_email: original_email
+      }
+
+      soft_deleted_users << user_info
+
+      Rails.logger.info("Soft deleted user #{user.id} with email #{original_email}")
+    end
+  end
+end

app/views/mailers/administrator_notifications/account_compliance_mailer/account_deleted.liquid

@@ -0,0 +1,30 @@
+<p>Hello,</p>
+
+<p>This is a notification to inform you that an account has been permanently deleted from your Chatwoot instance.</p>
+
+<p>
+  <strong>Chatwoot Installation:</strong> {{ meta.instance_url }}<br>
+  <strong>Account ID:</strong> {{ meta.account_id }}<br>
+  <strong>Account Name:</strong> {{ meta.account_name }}<br>
+  <strong>Deleted At:</strong> {{ meta.deleted_at }}<br>
+  <strong>Marked for Deletion at:</strong> {{ meta.marked_for_deletion_at }}<br>
+  <strong>Deletion Reason:</strong> {{ meta.deletion_reason }}
+</p>
+
+{% if meta.deleted_user_count > 0 %}
+<p>
+  <strong>Deleted Users ({{ meta.deleted_user_count }}):</strong><br>
+  {% for user in meta.soft_deleted_users %}
+    User ID: {{ user.user_id }}, Email: {{ user.user_email }}{% unless forloop.last %}<br>{% endunless %}
+  {% endfor %}
+</p>
+{% else %}
+<p>
+  <strong>Deleted Users:</strong> None
+</p>
+{% endif %}
+
+<p>This email serves as a record for compliance purposes.</p>
+
+<p>Thank you,<br>
+Chatwoot System</p>