Django：如何使用户能够删除他们的帐户

Question

我不确定出了什么问题，但我仍然无法删除我自己的帐户。

我只是被重定向到主页。

视图.py

def delete_user(request, username):

    if request.method == 'DELETE':
        try:
            user = User.objects.get(username = username)
            user.delete()
            context['msg'] = 'Bye Bye'
        except Exception as e: 
            context['msg'] = 'Something went wrong!'

    else:
        context['msg'] = 'Request method should be "DELETE"!'

    return render(request, 'HomeFeed/snippets/home.html', context=context) 

网址.py

from account.views import (
    delete_user,
)

 path('delete/<username>', delete_user, name='delete_account'),

account.html

      <form action="{% url 'account:delete_account' username=request.user.username %}" method="GET">
  <a class="mt-4 btn btn-danger deleteaccount" onclick="return confirm('Are you sure you want to delete your account')" href="">Delete Account</a> 
</form>   

Answer 1

您的代码只是停用用户不要删除用户。 因此用户在不活动时无法再次登录。

虽然您希望用户删除自己，而不是其他任何人。 直接从请求中获取用户。 无需 url。

def delete_user(request, username):
    context = {}
    
    if not request.user.is_authenticated:
        return redirect("login")

    if request.method == 'DELETE':
        try:
            user = request.user
            user.delete()
            context['msg'] = 'Bye Bye'
        except Exception as e: 
            context['msg'] = 'Something went wrong!'

    else:
        context['msg'] = 'Request method should be "DELETE"!'

    return render(request, 'template.html', context=context) 

路径应该看起来像

path('account/delete', delete_user, name='delete_account'),

注意：请求应该是DELETE而不是GET或POST

Answer 2

1. 首先，如果你想删除登录的用户，你不需要在参数中传递它。 刚刚在您的 function request.user中调用它
2. 我对您的代码进行了一些修改，例如下面的代码（仅用于测试）。 有用。 用户将被删除。 粘贴此代码并与 postman 一起尝试。 我不知道您的项目，但请确保您的方法 DELETE 请求正常工作。 根据 HTML 标准，表单的有效方法是 GET 和 POST。 所以你不能这样做<form method="delete"> 。 However Django correct handle 'PUT' and 'DELETE' (and all others) http methods.You can make PUT and DELETE http calls thought the ajax.

仅用于测试，使用 DELETE 方法localhost:8000/delete/user1调用 Postman

from django.contrib import admin
from django.urls import path
from django.http import HttpResponse
from django.shortcuts import render
from django.contrib.auth.models import User
from django.views.decorators.csrf import csrf_exempt

# Create your views here.


@csrf_exempt
def delete_user(request, username):
    
    if request.method == 'DELETE':
        try:
            user = User.objects.get(username=username)
            user.delete()
            return HttpResponse('Bye bye')
        except Exception as e: 
            return HttpResponse('Something went wrong!')

    else:
        return HttpResponse('Request method should be "DELETE"!')



urlpatterns = [
    path('admin/', admin.site.urls),
    path('delete/<username>', delete_user)
]

注意：我使用@csrf_exempt跳过 CSRF_TOKEN 验证