Allowing to delete a user account (#302)

Add a "Delete user account" template and link to it from the user account settings page. Create a delete_account function and fill in most blanks. We can now successfully delete our own account. Thanks to Elrond for catching a stray csrf_exempt in a previous iteration of this patch. Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2012-11-15 10:44:38 +01:00
parent 3809a8b8e2
commit 380f22b859
4 changed files with 77 additions and 0 deletions
--- a/mediagoblin/edit/routing.py
+++ b/mediagoblin/edit/routing.py
@@ -22,3 +22,5 @@ add_route('mediagoblin.edit.legacy_edit_profile', '/edit/profile/',
    'mediagoblin.edit.views:legacy_edit_profile')
 add_route('mediagoblin.edit.account', '/edit/account/',
    'mediagoblin.edit.views:edit_account')
+add_route('mediagoblin.edit.delete_account', '/edit/account/delete/',
+    'mediagoblin.edit.views:delete_account')
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -266,6 +266,37 @@ def edit_account(request):
         'form': form})


+@require_active_login
+def delete_account(request):
+    """Delete a user completely"""
+    user = request.user
+    if request.method == 'POST':
+        if request.form.get(u'confirmed'):
+            # Form submitted and confirmed. Actually delete the user account
+            # Log out user and delete cookies etc.
+            # TODO: Should we be using MG.auth.views.py:logout for this?
+            request.session.delete()
+
+            # Delete user account and all related media files etc....
+            request.user.delete()
+
+            # We should send a message that the user has been deleted
+            # successfully. But we just deleted the session, so we
+            # can't...
+            return redirect(request, 'index')
+
+        else: # Did not check the confirmation box...
+            messages.add_message(
+                request, messages.WARNING,
+                _('You need to confirm the deletion of your account.'))
+
+    # No POST submission or not confirmed, just show page
+    return render_to_response(
+        request,
+        'mediagoblin/edit/delete_account.html',
+        {'user': user})
+
+
@require_active_login
@user_may_alter_collection
@get_user_collection