2 files changed, 11 insertions, 3 deletions

diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb
index 9c01605..0af21d2 100644
--- a/app/controllers/v1/configs_controller.rb
+++ b/app/controllers/v1/configs_controller.rb
@@ -32,7 +32,7 @@ class V1::ConfigsController < ApiController
   def sanitize_filename
     @filename = params[:id].downcase
     @filename += '.json' unless @filename.ends_with?('.json')
-    access_denied unless SERVICES.values.include? name
+    access_denied unless SERVICES.values.include? @filename
     @filename = Rails.root.join('public', '1', 'config', @filename)
   end
 end
diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb
index bfa04fc..d57db6f 100644
--- a/app/controllers/v1/users_controller.rb
+++ b/app/controllers/v1/users_controller.rb
@@ -2,9 +2,9 @@ module V1
   class UsersController < ApiController
     include ControllerExtension::FetchUser
 
-    before_filter :fetch_user, :only => [:update]
+    before_filter :fetch_user, :only => [:update, :destroy]
     before_filter :require_admin, :only => [:index]
-    before_filter :require_login, :only => [:index, :update]
+    before_filter :require_login, :only => [:index, :update, :destroy]
     before_filter :require_registration_allowed, only: :create
 
     respond_to :json
@@ -29,6 +29,14 @@ module V1
       respond_with @user
     end
 
+    def destroy
+      @user.account.destroy
+      if @user == current_user
+        logout
+      end
+      render :json => {'success' => 'user deleted'}
+    end
+
     protected
 
     def require_registration_allowed