User discard_and_anonymize!

app/controllers/manager/users_controller.rb

@@ -1,5 +1,10 @@
 module Manager
   class UsersController < Manager::ApplicationController
+    def scoped_resource
+      # Don't display discarded users
+      User.kept
+    end
+
     def update
       user = User.find(params[:id])
       new_email = params[:user][:email]
@@ -36,10 +41,10 @@ module Manager
 
     def delete
       user = User.find(params[:id])
-      if !user.can_be_deleted?
+      if !user.can_be_discarded?
-        fail "Impossible de supprimer cet utilisateur. Il a des dossiers en instruction ou il est administrateur."
+        fail "Impossible de supprimer cet utilisateur. Il est instructeur ou administrateur."
       end
-      user.delete_and_keep_track_dossiers(current_administration)
+      user.delete_or_discard!(current_administration)
 
       logger.info("L'utilisateur #{user.id} est supprimé par #{current_administration.id}")
       flash[:notice] = "L'utilisateur #{user.id} est supprimé"

app/models/user.rb

@@ -31,6 +31,7 @@
 #
 class User < ApplicationRecord
   include EmailSanitizableConcern
+  include Discard::Model
 
   enum loged_in_with_france_connect: {
     particulier: 'particulier',
@@ -58,6 +59,10 @@ class User < ApplicationRecord
 
   # Override of Devise::Models::Confirmable#send_confirmation_instructions
   def send_confirmation_instructions
+    if discarded?
+      return
+    end
+
     unless @raw_confirmation_token
       generate_confirmation_token!
     end
@@ -141,8 +146,12 @@ class User < ApplicationRecord
     last_sign_in_at.present?
   end
 
+  def can_be_discarded?
+    administrateur.nil? && instructeur.nil?
+  end
+
   def can_be_deleted?
-    administrateur.nil? && instructeur.nil? && dossiers.with_discarded.state_instruction_commencee.empty?
+    can_be_discarded? && dossiers.with_discarded.state_instruction_commencee.empty?
   end
 
   def delete_and_keep_track_dossiers(administration)
@@ -157,6 +166,32 @@ class User < ApplicationRecord
     destroy!
   end
 
+  def discard_and_anonymize!(reason)
+    if !can_be_discarded?
+      raise "Cannot discard this user because they are also instructeur or administrateur"
+    end
+
+    discard!
+    update_columns(
+      discard_reason: reason,
+      email: "#{SecureRandom.hex}@anonymous.org",
+      encrypted_password: SecureRandom.hex,
+      unconfirmed_email: nil,
+      current_sign_in_at: nil,
+      current_sign_in_ip: nil,
+      last_sign_in_at: nil,
+      last_sign_in_ip: nil
+    )
+  end
+
+  def delete_or_discard!(administration)
+    if can_be_deleted?
+      delete_and_keep_track_dossiers(administration)
+    else
+      discard_and_anonymize!("Discarded by Manager##{administration.id}")
+    end
+  end
+
   private
 
   def link_invites!

spec/models/user_spec.rb

@@ -293,4 +293,16 @@ describe User, type: :model do
       end
     end
   end
+
+  describe '#discard_and_anonymize!' do
+    let(:user) { create(:user) }
+
+    before { user.discard_and_anonymize!('HS1234') }
+
+    it 'should discard user and make it anonymous' do
+      expect(user.discarded?).to be_truthy
+      expect(user.email).to end_with '@anonymous.org'
+      expect(user.discard_reason).to eq('HS1234')
+    end
+  end
 end