Django-registration:如何允许用户删除他们的帐户?
Django-registration: How to allow user delete their account?
我有一个简单的网站,用户可以在其中注册以访问私人内容并接收时事通讯。我用过django-registration for user registration and authentication, and used some HTML templates from here。
整个系统都在工作(登录、注销、密码恢复等),但我意识到用户无法从网站上删除他们的帐户。是否有为此设计的插件,或者如何扩展注册 类 来做到这一点?通过删除,我更喜欢真正的抑制,而不仅仅是让用户不活跃。
你可以这样做:
def delete_user(request, username):
context = {}
try:
u = User.objects.get(username=username)
u.delete()
context['msg'] = 'The user is deleted.'
except User.DoesNotExist:
context['msg'] = 'User does not exist.'
except Exception as e:
context['msg'] = e.message
return render(request, 'template.html', context=context)
并且有一个 url 模式,例如:
url(r'^delete/(?P<username>[\w|\W.-]+)/$', views.delete_user, name='delete-user')
这将完成工作。它将通过给定的用户名删除用户。
但是,正如the docs所说:
is_active
Boolean. Designates whether this user account should be considered active. We recommend that you set this flag to False instead of deleting accounts; that way, if your applications have any foreign keys to users, the foreign keys won’t break.
最好将用户设置为 inactive 而不是将其从数据库中完全删除,因为外键会损坏。
所以你可以简单地做:
def delete_user(request, username):
context = {}
try:
user = User.object.get(username=username)
user.is_active = False
user.save()
context['msg'] = 'Profile successfully disabled.'
except User.DoesNotExist:
# ...
except Exception as e:
# ...
# ...
现在每个人都可以访问此视图,您必须添加一些权限。一种直接的方法是覆盖内置的 @user_passes_test 装饰器:
@user_passes_test(lambda u: u.is_staff, login_url=reverse_lazy('login'))
def delete_user(request, username):
# ...
我使用 DeleteView class 解决了类似的问题。
下面的代码允许注册用户无需管理
Django 管理站点的权限,删除自己的帐户
登录后。
views.py
from django.contrib.auth import get_user_model
from django.urls import reverse_lazy
from django.views.generic.edit import DeleteView
User = get_user_model()
class UserDelete(DeleteView):
model = User
success_url = reverse_lazy('home')
template_name = 'user_confirm_delete.html'
urls.py
from django.urls import path
from .views import UserDelete
urlpatterns = [
path('<int:pk>/delete', UserDelete.as_view(), name='user_confirm_delete'),
]
templates/user_confirm_delete.html
{% extends '_base.html' %}
{% load account %}
{% block title %}User Account Delete{% endblock title %}
{% block content %}
{% if user.is_authenticated %}
<form method="post">
{% csrf_token %}
<p>Are you sure you want to delete your account?</p>
<input type="submit" value="Confirm">
</form>
{% else %}
<p><a href="#">Login</a></p>
{% endif %}
{% endblock content %}
templates/_base.html
{% if user.is_authenticated %}
<a href="{% url 'user_confirm_delete' user.id %}">Delete Account</a>
{% else %}
<a href="#">Log In</a>
{% endif %}
Django 3.1 文档:
Generic editing views
我有一个简单的网站,用户可以在其中注册以访问私人内容并接收时事通讯。我用过django-registration for user registration and authentication, and used some HTML templates from here。
整个系统都在工作(登录、注销、密码恢复等),但我意识到用户无法从网站上删除他们的帐户。是否有为此设计的插件,或者如何扩展注册 类 来做到这一点?通过删除,我更喜欢真正的抑制,而不仅仅是让用户不活跃。
你可以这样做:
def delete_user(request, username):
context = {}
try:
u = User.objects.get(username=username)
u.delete()
context['msg'] = 'The user is deleted.'
except User.DoesNotExist:
context['msg'] = 'User does not exist.'
except Exception as e:
context['msg'] = e.message
return render(request, 'template.html', context=context)
并且有一个 url 模式,例如:
url(r'^delete/(?P<username>[\w|\W.-]+)/$', views.delete_user, name='delete-user')
这将完成工作。它将通过给定的用户名删除用户。
但是,正如the docs所说:
is_activeBoolean. Designates whether this user account should be considered active. We recommend that you set this flag to
Falseinstead of deleting accounts; that way, if your applications have any foreign keys to users, the foreign keys won’t break.
最好将用户设置为 inactive 而不是将其从数据库中完全删除,因为外键会损坏。
所以你可以简单地做:
def delete_user(request, username):
context = {}
try:
user = User.object.get(username=username)
user.is_active = False
user.save()
context['msg'] = 'Profile successfully disabled.'
except User.DoesNotExist:
# ...
except Exception as e:
# ...
# ...
现在每个人都可以访问此视图,您必须添加一些权限。一种直接的方法是覆盖内置的 @user_passes_test 装饰器:
@user_passes_test(lambda u: u.is_staff, login_url=reverse_lazy('login'))
def delete_user(request, username):
# ...
我使用 DeleteView class 解决了类似的问题。 下面的代码允许注册用户无需管理 Django 管理站点的权限,删除自己的帐户 登录后。
views.py
from django.contrib.auth import get_user_model
from django.urls import reverse_lazy
from django.views.generic.edit import DeleteView
User = get_user_model()
class UserDelete(DeleteView):
model = User
success_url = reverse_lazy('home')
template_name = 'user_confirm_delete.html'
urls.py
from django.urls import path
from .views import UserDelete
urlpatterns = [
path('<int:pk>/delete', UserDelete.as_view(), name='user_confirm_delete'),
]
templates/user_confirm_delete.html
{% extends '_base.html' %}
{% load account %}
{% block title %}User Account Delete{% endblock title %}
{% block content %}
{% if user.is_authenticated %}
<form method="post">
{% csrf_token %}
<p>Are you sure you want to delete your account?</p>
<input type="submit" value="Confirm">
</form>
{% else %}
<p><a href="#">Login</a></p>
{% endif %}
{% endblock content %}
templates/_base.html
{% if user.is_authenticated %}
<a href="{% url 'user_confirm_delete' user.id %}">Delete Account</a>
{% else %}
<a href="#">Log In</a>
{% endif %}
Django 3.1 文档: Generic editing views