diff options
| author | Sebastian Spaeth <Sebastian@SSpaeth.de> | 2012-11-15 10:44:38 +0100 |
|---|---|---|
| committer | Sebastian Spaeth <Sebastian@SSpaeth.de> | 2013-01-17 12:19:52 +0100 |
| commit | 380f22b859070725a2446cef7d7b250559f1ad27 (patch) | |
| tree | 766874690ec992a479291a26cfe4f0f29945bcb3 /mediagoblin/edit | |
| parent | 3809a8b8e231d7eb22935cf78225121b9043e7fe (diff) | |
| download | mediagoblin-380f22b859070725a2446cef7d7b250559f1ad27.tar.lz mediagoblin-380f22b859070725a2446cef7d7b250559f1ad27.tar.xz mediagoblin-380f22b859070725a2446cef7d7b250559f1ad27.zip | |
Allowing to delete a user account (#302)
Add a "Delete user account" template and link to it from the user
account settings page.
Create a delete_account function and fill in most blanks. We can now
successfully delete our own account.
Thanks to Elrond for catching a stray csrf_exempt in a previous iteration
of this patch.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Diffstat (limited to 'mediagoblin/edit')
| -rw-r--r-- | mediagoblin/edit/routing.py | 2 | ||||
| -rw-r--r-- | mediagoblin/edit/views.py | 31 |
2 files changed, 33 insertions, 0 deletions
diff --git a/mediagoblin/edit/routing.py b/mediagoblin/edit/routing.py index d382e549..035a766f 100644 --- a/mediagoblin/edit/routing.py +++ b/mediagoblin/edit/routing.py @@ -22,3 +22,5 @@ add_route('mediagoblin.edit.legacy_edit_profile', '/edit/profile/', 'mediagoblin.edit.views:legacy_edit_profile') add_route('mediagoblin.edit.account', '/edit/account/', 'mediagoblin.edit.views:edit_account') +add_route('mediagoblin.edit.delete_account', '/edit/account/delete/', + 'mediagoblin.edit.views:delete_account') diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 9b7cab46..c656c63f 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -267,6 +267,37 @@ def edit_account(request): @require_active_login +def delete_account(request): + """Delete a user completely""" + user = request.user + if request.method == 'POST': + if request.form.get(u'confirmed'): + # Form submitted and confirmed. Actually delete the user account + # Log out user and delete cookies etc. + # TODO: Should we be using MG.auth.views.py:logout for this? + request.session.delete() + + # Delete user account and all related media files etc.... + request.user.delete() + + # We should send a message that the user has been deleted + # successfully. But we just deleted the session, so we + # can't... + return redirect(request, 'index') + + else: # Did not check the confirmation box... + messages.add_message( + request, messages.WARNING, + _('You need to confirm the deletion of your account.')) + + # No POST submission or not confirmed, just show page + return render_to_response( + request, + 'mediagoblin/edit/delete_account.html', + {'user': user}) + + +@require_active_login @user_may_alter_collection @get_user_collection def edit_collection(request, collection): |