This PR allows users to delete their own accounts. The logic implemented matches
that currently used by the admins when they manually close accounts, although
there is room to be more complex in future e.g. completely removing accounts
with no content.
The error handling has been slightly adapted for namespaced controllers, by
anchoring the controller name with a leading forward slash.
The user status is a bit complex, since there are various states and
not all transitions between them make sense.
Using AASM means that we can name and restrict the transitions, which
hopefully makes them easier to reason about.
Without the ability defined, the user is still logged out, but then
the deny_access check redirects to the login page. The re-login attempt
would then fail anyway, with an error message, but let's fix the abilities
and use the intended page.
Since flash objects can only be String, Hash or Array (notably excluding SafeBuffers), then this approach is necessary to render complex html in a safe manner.
Each local can be treated as an (unsafe) string, and therefore escaped normally when rendered into the template. The template (and translation strings) can
contain html since they are no longer stored in the flash as a plain string.
Fixes#3215
This avoids needing to access the session id, which is currently
only working with the memcache store.
The fallback page is preserved for anyone who wants to logout without
using javascript.
Refs #2488
Normally when an en-GB.yml translation is missing, rails falls back to en.yml. But when
using the submit helpers, if the en-GB translation is missing, rails knows how to create
a fallback like 'Create {model_name}' without touching the en.yml file. This string might
then be different from what the test expects, e.g. 'Add Comment'.
So it's important to set the language headers, to avoid phantomjs from picking up your desktop
preferences in this specific case.
