def change_password(request, user_id): """ Change the password of the user with the given user_id. Checks for permission to change users. """ if not can_edit_user(request.user, user_id): raise PermissionDenied if request.user.id == int(user_id): Form = PasswordChangeForm else: Form = SetPasswordForm user = User.objects.get(id=user_id) if request.POST: form = Form(user, request.POST) if form.is_valid(): form.save() messages.success(request, _("Password changed successfully.")) return HttpResponseRedirect( reverse("profiles.profile_edit", args=[user_id])) else: form = Form(request.user) return render(request, "registration/password_change_form.html", { 'form': form, 'change_user': user, })
def change_password(request, user_id): """ Change the password of the user with the given user_id. Checks for permission to change users. """ if not can_edit_user(request.user, user_id): raise PermissionDenied if request.user.id == int(user_id): Form = PasswordChangeForm else: Form = SetPasswordForm user = User.objects.get(id=user_id) if request.POST: form = Form(user, request.POST) if form.is_valid(): form.save() messages.success(request, _("Password changed successfully.")) return HttpResponseRedirect(reverse("profiles.profile_edit", args=[user_id])) else: form = Form(request.user) return render(request, "registration/password_change_form.html", { 'form': form, 'change_user': user, })
def delete(request, user_id): try: user_id = int(user_id) except ValueError: raise Http404 if request.user.id != user_id and not ( request.user.has_perm("auth.delete_user") and \ can_edit_user(request.user, user_id)): raise PermissionDenied to_delete = User.objects.get(id=user_id) if request.method != 'POST': return render(request, "profiles/confirm_delete_self.html", {'site_email' : settings.DEFAULT_FROM_EMAIL}) # POST delete_comments = request.POST.get('delete_comments', False) if delete_comments: from comments.models import Comment, Favorite Comment.objects.filter(user=request.user).delete() Favorite.objects.filter(user=request.user).delete() u = to_delete u.username = "******" % u.pk u.is_active = False u.is_staff = False u.is_superuser = False u.first_name = "" u.last_name = "" u.password = "" u.groups.clear() u.save() p = u.profile p.display_name = "(withdrawn)" p.blog_name = "" p.mailing_address = "" p.special_mail_handling = "" p.show_adult_content = False p.save() for scan in Scan.objects.filter(author=u): scan.full_delete() deleter = "self" if request.user == u else request.user.username Note.objects.create( text="User account deleted by %s." % deleter, user=p.user, resolved=datetime.datetime.now(), creator=request.user, important=True, ) if request.user == u: logout(request) messages.add_message(request, messages.INFO, "User account successfully deleted.") return redirect("home")
def delete(request, user_id): try: user_id = int(user_id) except ValueError: raise Http404 if request.user.id != user_id and not ( request.user.has_perm("auth.delete_user") and \ can_edit_user(request.user, user_id)): raise PermissionDenied to_delete = User.objects.get(id=user_id) if request.method != 'POST': return render(request, "profiles/confirm_delete_self.html") # POST delete_comments = request.POST.get('delete_comments', False) if delete_comments: from comments.models import Comment, Favorite Comment.objects.filter(user=request.user).delete() Favorite.objects.filter(user=request.user).delete() u = to_delete u.username = "******" % u.pk u.is_active = False u.is_staff = False u.is_superuser = False u.first_name = "" u.last_name = "" u.password = "" u.groups.clear() u.save() p = u.profile p.display_name = "(withdrawn)" p.blog_name = "" p.comments_disabled = False p.mailing_address = "" p.special_mail_handling = "" p.show_adult_content = False p.save() for scan in Scan.objects.filter(author=u): scan.full_delete() deleter = "self" if request.user == u else request.user.username Note.objects.create( text="User account deleted by %s." % deleter, user=p.user, resolved=datetime.datetime.now(), creator=request.user, important=True, ) if request.user == u: logout(request) messages.add_message(request, messages.INFO, "User account successfully deleted.") return redirect("home")
def edit_profile(request, user_id=None): edit_profile = can_edit_profile(request.user, user_id) edit_user = can_edit_user(request.user, user_id) if not edit_profile and not edit_user: raise PermissionDenied user = get_object_or_404(User, pk=user_id) try: document = Document.objects.filter(type="profile", status="published", author=user).order_by('-modified')[0] except IndexError: document = None # XXX Could probably simplify the permissions backflips by assuming that an # editor using this interface either has permissions to edit both # profile/user, or neither. user_form = None profile_form = None scan_upload_form = None ProfileForm = get_profile_form(request.user) if request.method == 'POST': if edit_profile: profile_form = ProfileForm(request.POST, instance=user.profile) scan_upload_form = ProfileUploadForm(request.POST, request.FILES) if edit_user: user_form = UserFormNoEmail(request.POST, instance=user) if (not profile_form or profile_form.is_valid()) and \ (not user_form or user_form.is_valid()) and \ (not scan_upload_form or scan_upload_form.is_valid()): if profile_form: profile_form.save() if user_form: user_form.save() if scan_upload_form and 'file' in request.FILES: pdf = move_scan_file(uploaded_file=request.FILES['file']) scan = Scan.objects.create( uploader=user, author=user, pdf=pdf ) task_id = process_scan_to_profile.delay( scan.pk, reverse('profiles.profile_show', args=[user_id]), ) return redirect('moderation.wait_for_processing', task_id=task_id) messages.success(request, _("Changes saved.")) return redirect('profiles.profile_show', user_id) else: if edit_profile: profile_form = ProfileForm(instance=user.profile) scan_upload_form = ProfileUploadForm() if edit_user: user_form = UserFormNoEmail(instance=user) return render(request, "profiles/profile_edit.html", { 'document': document, 'profile_form': profile_form, 'user_form': user_form, 'scan_upload_form': scan_upload_form, 'profile': user.profile, 'can_edit_profile': edit_profile, 'can_edit_user': edit_user, })
def edit_profile(request, user_id=None): #FIXME: org permission here edit_profile = can_edit_profile(request.user, user_id) edit_user = can_edit_user(request.user, user_id) if not edit_profile and not edit_user: raise PermissionDenied user = get_object_or_404(User, pk=user_id) try: document = Document.objects.filter( type="profile", status="published", author=user).order_by('-modified')[0] except IndexError: document = None # XXX Could probably simplify the permissions backflips by assuming that an # editor using this interface either has permissions to edit both # profile/user, or neither. user_form = None profile_form = None scan_upload_form = None ProfileForm = get_profile_form(request.user) if request.method == 'POST': if edit_profile: profile_form = ProfileForm(request.POST, instance=user.profile) scan_upload_form = ProfileUploadForm(request.POST, request.FILES) if edit_user: user_form = UserFormNoEmail(request.POST, instance=user) if (not profile_form or profile_form.is_valid()) and \ (not user_form or user_form.is_valid()) and \ (not scan_upload_form or scan_upload_form.is_valid()): if profile_form: profile_form.save() if user_form: user_form.save() if scan_upload_form and 'file' in request.FILES: pdf = move_scan_file(uploaded_file=request.FILES['file']) scan = Scan.objects.create(uploader=user, author=user, pdf=pdf) task_id = process_scan_to_profile.delay( scan.pk, reverse('profiles.profile_show', args=[user_id]), ) return redirect('moderation.wait_for_processing', task_id=task_id) messages.success(request, _("Changes saved.")) return redirect('profiles.profile_show', user_id) else: if edit_profile: profile_form = ProfileForm(instance=user.profile) scan_upload_form = ProfileUploadForm() if edit_user: user_form = UserFormNoEmail(instance=user) return render( request, "profiles/profile_edit.html", { 'document': document, 'profile_form': profile_form, 'user_form': user_form, 'scan_upload_form': scan_upload_form, 'profile': user.profile, 'can_edit_profile': edit_profile, 'can_edit_user': edit_user, })