1 files changed, 67 insertions, 38 deletions

diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 646a9e5b..25a617fd 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -27,6 +27,7 @@ from mediagoblin.auth import lib as auth_lib
 from mediagoblin.edit import forms
 from mediagoblin.edit.lib import may_edit_media
 from mediagoblin.decorators import (require_active_login, active_user_from_url,
+     get_media_entry_by_id, 
      get_user_media_entry,  user_may_alter_collection, get_user_collection)
 from mediagoblin.tools.response import render_to_response, redirect
 from mediagoblin.tools.translate import pass_to_ugettext as _
@@ -38,7 +39,7 @@ from mediagoblin.db.util import check_media_slug_used, check_collection_slug_use
 import mimetypes
 
 
-@get_user_media_entry
+@get_media_entry_by_id
 @require_active_login
 def edit_media(request, media):
     if not may_edit_media(request, media):
@@ -190,8 +191,8 @@ def edit_profile(request, url_user=None):
     user = url_user
 
     form = forms.EditProfileForm(request.form,
-        url=user.get('url'),
-        bio=user.get('bio'))
+        url=user.url,
+        bio=user.bio)
 
     if request.method == 'POST' and form.validate():
         user.url = unicode(request.form['url'])
@@ -217,45 +218,42 @@ def edit_profile(request, url_user=None):
 def edit_account(request):
     user = request.user
     form = forms.EditAccountForm(request.form,
-        wants_comment_notification=user.get('wants_comment_notification'))
+        wants_comment_notification=user.wants_comment_notification,
+        license_preference=user.license_preference)
 
     if request.method == 'POST':
         form_validated = form.validate()
 
-        #if the user has not filled in the new or old password fields
-        if not form.new_password.data and not form.old_password.data:
-            if form.wants_comment_notification.validate(form):
-                user.wants_comment_notification = \
-                    form.wants_comment_notification.data
-                user.save()
-                messages.add_message(request,
-                    messages.SUCCESS,
-                    _("Account settings saved"))
-                return redirect(request,
-                                'mediagoblin.user_pages.user_home',
-                                user=user.username)
-
-        #so the user has filled in one or both of the password fields
-        else:
-            if form_validated:
-                password_matches = auth_lib.bcrypt_check_password(
-                    form.old_password.data,
-                    user.pw_hash)
-                if password_matches:
-                    #the entire form validates and the password matches
-                    user.pw_hash = auth_lib.bcrypt_gen_password_hash(
-                        form.new_password.data)
-                    user.wants_comment_notification = \
-                        form.wants_comment_notification.data
-                    user.save()
-                    messages.add_message(request,
-                        messages.SUCCESS,
-                        _("Account settings saved"))
-                    return redirect(request,
-                                    'mediagoblin.user_pages.user_home',
-                                    user=user.username)
-                else:
-                    form.old_password.errors.append(_('Wrong password'))
+        if form_validated and \
+                form.wants_comment_notification.validate(form):
+            user.wants_comment_notification = \
+                form.wants_comment_notification.data
+
+        if form_validated and \
+                form.new_password.data or form.old_password.data:
+            password_matches = auth_lib.bcrypt_check_password(
+                form.old_password.data,
+                user.pw_hash)
+            if password_matches:
+                #the entire form validates and the password matches
+                user.pw_hash = auth_lib.bcrypt_gen_password_hash(
+                    form.new_password.data)
+            else:
+                form.old_password.errors.append(_('Wrong password'))
+
+        if form_validated and \
+                form.license_preference.validate(form):
+            user.license_preference = \
+                form.license_preference.data
+
+        if form_validated and not form.errors:
+            user.save()
+            messages.add_message(request,
+                messages.SUCCESS,
+                _("Account settings saved"))
+            return redirect(request,
+                'mediagoblin.user_pages.user_home',
+                user=user.username)
 
     return render_to_response(
         request,
@@ -265,6 +263,37 @@ def edit_account(request):
 
 
 @require_active_login
+def delete_account(request):
+    """Delete a user completely"""
+    user = request.user
+    if request.method == 'POST':
+        if request.form.get(u'confirmed'):
+            # Form submitted and confirmed. Actually delete the user account
+            # Log out user and delete cookies etc.
+            # TODO: Should we be using MG.auth.views.py:logout for this?
+            request.session.delete()
+
+            # Delete user account and all related media files etc....
+            request.user.delete()
+
+            # We should send a message that the user has been deleted
+            # successfully. But we just deleted the session, so we
+            # can't...
+            return redirect(request, 'index')
+
+        else: # Did not check the confirmation box...
+            messages.add_message(
+                request, messages.WARNING,
+                _('You need to confirm the deletion of your account.'))
+
+    # No POST submission or not confirmed, just show page
+    return render_to_response(
+        request,
+        'mediagoblin/edit/delete_account.html',
+        {'user': user})
+
+
+@require_active_login
 @user_may_alter_collection
 @get_user_collection
 def edit_collection(request, collection):