Use LdapManager delete_user to delete the user's account

2019-02-24 17:45:39 +01:00 · 2019-02-24 17:45:39 +01:00 · db4ffe7979
parent 4e9493f198
commit db4ffe7979
1 changed files with 21 additions and 18 deletions
--- a/dal/views.py
+++ b/dal/views.py
@ -379,24 +379,27 @@ class DeleteAccount(View):

        # Does the user exist?
        username = request.POST.get('username')
-        if not check_user_exists(username):
-            return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Unknown user.' } )
-
-        # Do user and password match?
-        password = request.POST.get('password')
-        pwd = r'%s' % password
-        check = authenticate(request, username=username, password=pwd)
-        if check is None:
-            return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Wrong password for user.' } )
-
-        # Try to delete the user
-        with get_pool().next() as rpc:
-            result = rpc.deleteuser.delete_user(username)
-        # User deleted
-        if result == True:
-            logout(request)
-            return render(request, 'deleteduser.html', { 'user': username } )
-        # User not deleted, got some kind of error
+        ldap_manager = LdapManager()
+        user_exists, user_details = ldap_manager.check_user_exists(username)
+        if user_exists and request.user.username == username:
+            # Do user and password match?
+            password = request.POST.get('password')
+            pwd = r'%s' % password
+            check = authenticate(request, username=username, password=pwd)
+            if check is None:
+                return render(request, 'error.html',
+                              {'urlname': urlname, 'service': service,
+                               'error': 'Wrong password for user.'})
+            result = ldap_manager.delete_user(username)
+            # User deleted
+            if result:
+                logout(request)
+                return render(request, 'deleteduser.html', {'user': username})
+            # User not deleted, got some kind of error
+            else:
+                return render(request, 'error.html',
+                              {'urlname': urlname, 'service': service,
+                               'error': result})
        else:
            return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': result } )