def post(self, request, *args, **kwargs): user = request.user target = self.get_obj() target = user_permissions(request, target) profile = target.profile # The response after the action response = HttpResponseRedirect(target.get_absolute_url()) if target.is_administrator: messages.warning(request, "Cannot moderate an administrator") return response if user == target: messages.warning(request, "Cannot moderate yourself") return response if not user.is_moderator: messages.warning(request, "Only moderators have this permission") return response if not target.is_editable: messages.warning(request, "Target not editable by this user") return response form = self.form_class(request.POST, pk=target.id) if not form.is_valid(): messages.error(request, "Invalid user modification action") return response action = int(form.cleaned_data['action']) if action == User.BANNED and not user.is_administrator: messages.error(request, "Only administrators may ban users") return response if action == User.BANNED and user.is_administrator: # Remove data by user profile.clear_data() # Remove badges that may have been earned by this user Award.objects.filter(user=target).delete() # Mass delete posts by this user query = Post.objects.filter(author=target, type__in=Post.TOP_LEVEL).update(status=Post.DELETED) # Delete posts with no votes. query = Post.objects.filter(author=target, type__in=Post.TOP_LEVEL, vote_count=0, reply_count=0) count = query.count() query.delete() messages.success(request, "User banned, %s posts removed" % count) # Apply the new status User.objects.filter(pk=target.id).update(status=action) messages.success(request, 'Moderation completed') return response
def get(self, request, *args, **kwargs): target = self.get_obj() target = user_permissions(request, target) form = self.form_class(pk=target.id) context = dict(form=form, target=target) return render(request, self.template_name, context)
def post(self, request, *args, **kwargs): target = User.objects.get(pk=self.kwargs['pk']) target = auth.user_permissions(request=request, target=target) profile = target.profile # The essential authentication step. if not target.has_ownership: messages.error(request, "Only owners may edit their profiles") return HttpResponseRedirect(reverse("home")) form = self.form_class(profile, request.POST) if form.is_valid(): f = form.cleaned_data if User.objects.filter(email=f['email']).exclude(pk=request.user.id): # Changing email to one that already belongs to someone else. messages.error(request, "The email that you've entered is already registered to another user!") return render(request, self.template_name, {'form': form}) # Valid data. Save model attributes and redirect. for field in self.user_fields: setattr(target, field, f[field]) for field in self.prof_fields: setattr(profile, field, f[field]) target.save() profile.add_tags(profile.watched_tags) profile.save() messages.success(request, "Profile updated") return HttpResponseRedirect(self.get_success_url()) # There is an error in the form. return render(request, self.template_name, {'form': form})
def post(self, request=None, *args, **kwargs): target = User.objects.get(pk=self.kwargs['pk']) target = auth.user_permissions(request=request, target=target) # The essential authentication step. if not target.has_ownership: messages.error(request, "Only owners may edit their EnergyNote account") return HttpResponseRedirect(reverse("home")) form = self.form_class(request.POST) if form.is_valid(): f = form.cleaned_data # Valid data. Save model attributes and redirect. setattr(target, 'energynote_email', f['energynote_email']) setattr(target, 'is_energynote_verified', True) target.save() messages.success(request, "EnergyNote account connected") return HttpResponseRedirect(self.get_success_url()) # There is an error in the form. return render(request, self.template_name, {'form': form})
def get(self, request, *args, **kwargs): user = request.user target = self.get_obj() target = user_permissions(request, target) form = self.form_class(pk=target.id) context = dict(form=form, target=target) return render(request, self.template_name, context)
def get(self, request, *args, **kwargs): target = User.objects.get(pk=self.kwargs['pk']) target = auth.user_permissions(request=request, target=target) if not target.has_ownership: messages.error(request, "Only owners may edit their EnergyNote account") return HttpResponseRedirect(reverse("home")) initial = {} initial['energynote_email'] = getattr(target, 'energynote_email') form = self.form_class(initial=initial) return render(request, self.template_name, {'form': form})
def post(self, request, *args, **kwargs): user = request.user target = self.get_obj() target = user_permissions(request, target) # The response after the action response = HttpResponseRedirect(target.get_absolute_url()) if not user.is_moderator or not target.is_editable: messages.warning( request, "Current user does not have sufficient moderator privileges") return response if target.is_administrator: messages.warning(request, "Cannot moderate an administrator") return response if user == target: messages.warning(request, "Cannot moderate yourself") return response form = self.form_class(request.POST, pk=target.id) if not form.is_valid(): messages.error(request, "Invalid user modification action") return response action = int(form.cleaned_data['action']) if action == User.BANNED and not user.is_administrator: messages.info(request, "Only administrators can ban users") return response if action == User.BANNED and user.is_administrator: query = Post.objects.filter(author=target, type__in=Post.TOP_LEVEL, vote_count=0) count = query.count() query.delete() messages.success(request, "User banned, %s posts removed" % count) return response # Apply the new status User.objects.filter(pk=target.id).update(status=action) messages.success(request, 'Moderation completed') return response
def post(self, request, *args, **kwargs): user = request.user target = self.get_obj() target = user_permissions(request, target) # The response after the action response = HttpResponseRedirect(target.get_absolute_url()) if not user.is_moderator or not target.is_editable: messages.warning(request, "Current user does not have sufficient moderator privileges") return response if target.is_administrator: messages.warning(request, "Cannot moderate an administrator") return response if user == target: messages.warning(request, "Cannot moderate yourself") return response form = self.form_class(request.POST, pk=target.id) if not form.is_valid(): messages.error(request, "Invalid user modification action") return response action = int(form.cleaned_data["action"]) if action == User.BANNED and not user.is_administrator: messages.info(request, "Only administrators can ban users") return response if action == User.BANNED and user.is_administrator: query = Post.objects.filter(author=target, type__in=Post.TOP_LEVEL, vote_count=0) count = query.count() query.delete() messages.success(request, "User banned, %s posts removed" % count) return response # Apply the new status User.objects.filter(pk=target.id).update(status=action) messages.success(request, "Moderation completed") return response
def get(self, request, *args, **kwargs): target = User.objects.get(pk=self.kwargs['pk']) target = auth.user_permissions(request=request, target=target) profile = target.profile if not target.has_ownership: messages.error(request, "Only owners may edit their profiles") return HttpResponseRedirect(reverse("home")) initial = {} for field in self.user_fields: initial[field] = getattr(target, field) for field in self.prof_fields: initial[field] = getattr(target.profile, field) form = self.form_class(profile, initial=initial) return render(request, self.template_name, {'form': form})
def get_object(self): obj = super(UserDetails, self).get_object() obj = auth.user_permissions(request=self.request, target=obj) return obj
def post(self, request, *args, **kwargs): user = request.user target = self.get_obj() target = user_permissions(request, target) profile = target.profile # The response after the action response = HttpResponseRedirect(target.get_absolute_url()) if target.is_administrator: messages.warning(request, "Cannot moderate an administrator") return response if user == target: messages.warning(request, "Cannot moderate yourself") return response if not user.is_moderator: messages.warning(request, "Only moderators have this permission") return response if not target.is_editable: messages.warning(request, "Target not editable by this user") return response form = self.form_class(request.POST, pk=target.id) if not form.is_valid(): messages.error(request, "Invalid user modification action") return response action = int(form.cleaned_data['action']) if action == User.BANNED and not user.is_administrator: messages.error(request, "Only administrators may ban users") return response if action == User.BANNED and user.is_administrator: # Remove data by user profile.clear_data() # Lets make sure we don't ban people that have been around a while # These can still be removed but via the admin interface # We do this to limit damage that a hacked admin account could do. if target.score > 3: messages.error(request, "Target user has a high score and can only be banned via the admin interface") return response # Remove badges that may have been earned by this user. Award.objects.filter(user=target).delete() # Delete all votes by this user. Vote.objects.filter(author=target).delete() # Mark all posts as deleted. Post.objects.filter(author=target).update(status=Post.DELETED) # Destroy posts with no votes. query = Post.objects.filter(author=target, vote_count__lt=2) count = query.count() query.delete() messages.success(request, "User banned, %s posts removed" % count) # Apply the new status User.objects.filter(pk=target.id).update(status=action) messages.success(request, 'Moderation completed') return response
def post(self, request, *args, **kwargs): target = self.get_obj() target = user_permissions(request, target) profile = target.profile # The response after the action response = HttpResponseRedirect(target.get_absolute_url()) if target.is_administrator: logger.warning("Cannot moderate an administrator (Request: %s)", request) return response # if user == target: # logger.warning("Cannot moderate yourself (Request: %s)", request) # return response # if not user.is_moderator: # logger.warning("Only moderators have this permission (Request: %s)", request) # return response if not target.is_editable: logger.warning("Target not editable by this user (Request: %s)", request) return response form = self.form_class(request.POST, pk=target.id) if not form.is_valid(): logger.error("Invalid user modification action (Request: %s)", request) return response action = int(form.cleaned_data['action']) # if action == User.BANNED and not user.is_administrator: # logger.error("Only administrators may ban users (Request: %s)", request) # return response # if action == User.BANNED and user.is_administrator: # # Remove data by user # profile.clear_data() # # Lets make sure we don't ban people that have been around a while # # These can still be removed but via the admin interface # # We do this to limit damage that a hacked admin account could do. # if target.score > 3: # logger.error("Target user has a high score and can only be banned via the admin interface (Request: %s)", request) # return response # # Remove badges that may have been earned by this user. # Award.objects.filter(user=target).delete() # # Delete all votes by this user. # Vote.objects.filter(author=target).delete() # # Mark all posts as deleted. # Post.objects.filter(author=target).update(status=Post.DELETED) # # Destroy posts with no votes. # query = Post.objects.filter(author=target, vote_count__lt=2) # count = query.count() # query.delete() # logger.info("User banned, %s posts removed (Request: %s)", count, request) # Apply the new status User.objects.filter(pk=target.id).update(status=action) logger.info('Moderation completed (Request: %s)', request) return response
def post(self, request, *args, **kwargs): user = request.user target = self.get_obj() target = user_permissions(request, target) profile = target.profile # The response after the action response = HttpResponseRedirect(target.get_absolute_url()) if target.is_administrator: messages.warning(request, "No puedes moderar a un administrador") return response if user == target: messages.warning(request, "No puedes moderarte a ti mismo") return response if not user.is_moderator: messages.warning(request, "Sólo los moderadores tienen este permiso") return response if not target.is_editable: messages.warning(request, "No es editable por este usuario") return response form = self.form_class(request.POST, pk=target.id) if not form.is_valid(): messages.error(request, "Acción inválida") return response action = int(form.cleaned_data['action']) if action == User.BANNED and not user.is_administrator: messages.error(request, "Sólo administradores pueden banear usuarios") return response if action == User.BANNED and user.is_administrator: # Remove data by user profile.clear_data() # Lets make sure we don't ban people that have been around a while # These can still be removed but via the admin interface # We do this to limit damage that a hacked admin account could do. if target.score > 3: messages.error(request, "El usuario tienen un score alto y sólo puede ser baneado mediante la interface de administrador") return response # Remove badges that may have been earned by this user. Award.objects.filter(user=target).delete() # Delete all votes by this user. Vote.objects.filter(author=target).delete() # Mark all posts as deleted. Post.objects.filter(author=target).update(status=Post.DELETED) # Destroy posts with no votes. query = Post.objects.filter(author=target, vote_count__lt=2) count = query.count() query.delete() messages.success(request, "Usuario baneado, %s post removidos" % count) # Apply the new status User.objects.filter(pk=target.id).update(status=action) messages.success(request, 'Moderación completa') return response