def view_profile(request):
user = get_object_or_404(Dojo_User, pk=request.user.id)
form = DojoUserForm(instance=user)
group_members = get_authorized_group_members_for_user(user)
user_contact = user.usercontactinfo if hasattr(user,
'usercontactinfo') else None
if user_contact is None:
contact_form = UserContactInfoForm()
else:
contact_form = UserContactInfoForm(instance=user_contact)
global_role = user.global_role if hasattr(user, 'global_role') else None
if global_role is None:
previous_global_role = None
global_role_form = GlobalRoleForm()
else:
previous_global_role = global_role.role
global_role_form = GlobalRoleForm(instance=global_role)
if request.method == 'POST':
form = DojoUserForm(request.POST, instance=user)
contact_form = UserContactInfoForm(request.POST, instance=user_contact)
global_role_form = GlobalRoleForm(request.POST, instance=global_role)
if form.is_valid() and contact_form.is_valid(
) and global_role_form.is_valid():
form.save()
contact = contact_form.save(commit=False)
contact.user = user
contact.save()
request_user = get_current_user()
global_role = global_role_form.save(commit=False)
if global_role.role != previous_global_role and not request_user.is_superuser:
global_role.role = previous_global_role
messages.add_message(
request,
messages.WARNING,
'Only superusers are allowed to change their global role.',
extra_tags='alert-warning')
global_role.user = user
global_role.save()
messages.add_message(request,
messages.SUCCESS,
'Profile updated successfully.',
extra_tags='alert-success')
add_breadcrumb(title="User Profile - " + user.get_full_name(),
top_level=True,
request=request)
return render(
request, 'dojo/profile.html', {
'name': 'Engineer Profile',
'metric': False,
'user': user,
'form': form,
'contact_form': contact_form,
'global_role_form': global_role_form,
'group_members': group_members
})
def edit_group(request, gid):
group = get_object_or_404(Dojo_Group, id=gid)
form = DojoGroupForm(instance=group)
global_role = group.global_role if hasattr(group, 'global_role') else None
if global_role is None:
previous_global_role = None
global_role_form = GlobalRoleForm()
else:
previous_global_role = global_role.role
global_role_form = GlobalRoleForm(instance=global_role)
if request.method == 'POST':
form = DojoGroupForm(request.POST, instance=group)
if global_role is None:
global_role_form = GlobalRoleForm(request.POST)
else:
global_role_form = GlobalRoleForm(request.POST,
instance=global_role)
if form.is_valid() and global_role_form.is_valid():
if global_role_form.cleaned_data[
'role'] != previous_global_role and not request.user.is_superuser:
messages.add_message(
request,
messages.WARNING,
'Only superusers are allowed to change the global role.',
extra_tags='alert-warning')
else:
form.save()
global_role = global_role_form.save(commit=False)
global_role.group = group
global_role.save()
messages.add_message(request,
messages.SUCCESS,
'Group saved successfully.',
extra_tags='alert-success')
else:
messages.add_message(request,
messages.ERROR,
'Group was not saved successfully.',
extra_tags='alert_danger')
add_breadcrumb(title="Edit Group", top_level=False, request=request)
return render(request, "dojo/add_group.html", {
'form': form,
'global_role_form': global_role_form,
})
def add_user(request):
form = AddDojoUserForm()
if not request.user.is_superuser:
form.fields['is_staff'].widget.attrs['disabled'] = True
form.fields['is_superuser'].widget.attrs['disabled'] = True
form.fields['is_active'].widget.attrs['disabled'] = True
contact_form = UserContactInfoForm()
global_role_form = GlobalRoleForm()
user = None
if request.method == 'POST':
form = AddDojoUserForm(request.POST)
contact_form = UserContactInfoForm(request.POST)
global_role_form = GlobalRoleForm(request.POST)
if form.is_valid() and contact_form.is_valid(
) and global_role_form.is_valid():
user = form.save(commit=False)
password = request.POST['password']
if password:
user.set_password(password)
else:
user.set_unusable_password()
user.active = True
user.save()
contact = contact_form.save(commit=False)
contact.user = user
contact.save()
global_role = global_role_form.save(commit=False)
global_role.user = user
global_role.save()
messages.add_message(request,
messages.SUCCESS,
'User added successfully.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('view_user', args=(user.id, )))
else:
messages.add_message(request,
messages.ERROR,
'User was not added successfully.',
extra_tags='alert-danger')
add_breadcrumb(title="Add User", top_level=False, request=request)
return render(
request, "dojo/add_user.html", {
'name': 'Add User',
'form': form,
'contact_form': contact_form,
'global_role_form': global_role_form,
'to_add': True
})
def add_group(request):
form = DojoGroupForm
global_role_form = GlobalRoleForm()
group = None
if request.method == 'POST':
form = DojoGroupForm(request.POST)
global_role_form = GlobalRoleForm(request.POST)
if form.is_valid() and global_role_form.is_valid():
if global_role_form.cleaned_data[
'role'] is not None and not request.user.is_superuser:
messages.add_message(
request,
messages.ERROR,
'Only superusers are allowed to set global role.',
extra_tags='alert-warning')
else:
group = form.save(commit=False)
group.save()
global_role = global_role_form.save(commit=False)
global_role.group = group
global_role.save()
member = Dojo_Group_Member()
member.user = request.user
member.group = group
member.role = Role.objects.get(is_owner=True)
member.save()
messages.add_message(request,
messages.SUCCESS,
'Group was added successfully.',
extra_tags='alert-success')
return HttpResponseRedirect(
reverse('view_group', args=(group.id, )))
else:
messages.add_message(request,
messages.ERROR,
'Group was not added successfully.',
extra_tags='alert-danger')
add_breadcrumb(title="Add Group", top_level=False, request=request)
return render(request, "dojo/add_group.html", {
'form': form,
'global_role_form': global_role_form,
})
def edit_user(request, uid):
user = get_object_or_404(Dojo_User, id=uid)
form = EditDojoUserForm(instance=user)
if not request.user.is_superuser:
form.fields['is_staff'].widget.attrs['disabled'] = True
form.fields['is_superuser'].widget.attrs['disabled'] = True
form.fields['is_active'].widget.attrs['disabled'] = True
user_contact = user.usercontactinfo if hasattr(user,
'usercontactinfo') else None
if user_contact is None:
contact_form = UserContactInfoForm()
else:
contact_form = UserContactInfoForm(instance=user_contact)
global_role = user.global_role if hasattr(user, 'global_role') else None
if global_role is None:
global_role_form = GlobalRoleForm()
else:
global_role_form = GlobalRoleForm(instance=global_role)
if request.method == 'POST':
form = EditDojoUserForm(request.POST, instance=user)
if user_contact is None:
contact_form = UserContactInfoForm(request.POST)
else:
contact_form = UserContactInfoForm(request.POST,
instance=user_contact)
if global_role is None:
global_role_form = GlobalRoleForm(request.POST)
else:
global_role_form = GlobalRoleForm(request.POST,
instance=global_role)
if form.is_valid() and contact_form.is_valid(
) and global_role_form.is_valid():
form.save()
contact = contact_form.save(commit=False)
contact.user = user
contact.save()
global_role = global_role_form.save(commit=False)
global_role.user = user
global_role.save()
messages.add_message(request,
messages.SUCCESS,
'User saved successfully.',
extra_tags='alert-success')
else:
messages.add_message(request,
messages.ERROR,
'User was not saved successfully.',
extra_tags='alert-danger')
add_breadcrumb(title="Edit User", top_level=False, request=request)
return render(
request, "dojo/add_user.html", {
'name': 'Edit User',
'form': form,
'contact_form': contact_form,
'global_role_form': global_role_form,
'to_edit': user
})
def edit_user(request, uid):
user = get_object_or_404(Dojo_User, id=uid)
authed_products = Product.objects.filter(authorized_users__in=[user])
authed_product_types = Product_Type.objects.filter(
authorized_users__in=[user])
form = EditDojoUserForm(instance=user,
initial={
'authorized_products': authed_products,
'authorized_product_types':
authed_product_types
})
if not request.user.is_superuser:
form.fields['is_staff'].widget.attrs['disabled'] = True
form.fields['is_superuser'].widget.attrs['disabled'] = True
form.fields['is_active'].widget.attrs['disabled'] = True
user_contact = user.usercontactinfo if hasattr(user,
'usercontactinfo') else None
if user_contact is None:
contact_form = UserContactInfoForm()
else:
contact_form = UserContactInfoForm(instance=user_contact)
global_role = user.global_role if hasattr(user, 'global_role') else None
if global_role is None:
global_role_form = GlobalRoleForm()
else:
global_role_form = GlobalRoleForm(instance=global_role)
if request.method == 'POST':
form = EditDojoUserForm(request.POST, instance=user)
if user_contact is None:
contact_form = UserContactInfoForm(request.POST)
else:
contact_form = UserContactInfoForm(request.POST,
instance=user_contact)
if global_role is None:
global_role_form = GlobalRoleForm(request.POST)
else:
global_role_form = GlobalRoleForm(request.POST,
instance=global_role)
if form.is_valid() and contact_form.is_valid(
) and global_role_form.is_valid():
form.save()
if not settings.FEATURE_AUTHORIZATION_V2:
for init_auth_prods in authed_products:
init_auth_prods.authorized_users.remove(user)
init_auth_prods.save()
for init_auth_prod_types in authed_product_types:
init_auth_prod_types.authorized_users.remove(user)
init_auth_prod_types.save()
if 'authorized_products' in form.cleaned_data and len(
form.cleaned_data['authorized_products']) > 0:
for p in form.cleaned_data['authorized_products']:
p.authorized_users.add(user)
p.save()
if 'authorized_product_types' in form.cleaned_data and len(
form.cleaned_data['authorized_product_types']) > 0:
for pt in form.cleaned_data['authorized_product_types']:
pt.authorized_users.add(user)
pt.save()
contact = contact_form.save(commit=False)
contact.user = user
contact.save()
global_role = global_role_form.save(commit=False)
global_role.user = user
global_role.save()
messages.add_message(request,
messages.SUCCESS,
'User saved successfully.',
extra_tags='alert-success')
else:
messages.add_message(request,
messages.ERROR,
'User was not saved successfully.',
extra_tags='alert-danger')
add_breadcrumb(title="Edit User", top_level=False, request=request)
return render(
request, "dojo/add_user.html", {
'name': 'Edit User',
'form': form,
'contact_form': contact_form,
'global_role_form': global_role_form,
'to_edit': user
})
def add_user(request):
form = AddDojoUserForm()
if not request.user.is_superuser:
form.fields['is_staff'].widget.attrs['disabled'] = True
form.fields['is_superuser'].widget.attrs['disabled'] = True
form.fields['is_active'].widget.attrs['disabled'] = True
contact_form = UserContactInfoForm()
global_role_form = GlobalRoleForm()
user = None
if request.method == 'POST':
form = AddDojoUserForm(request.POST)
contact_form = UserContactInfoForm(request.POST)
global_role_form = GlobalRoleForm(request.POST)
if form.is_valid() and contact_form.is_valid(
) and global_role_form.is_valid():
user = form.save(commit=False)
password = request.POST['password']
if password:
user.set_password(password)
else:
user.set_unusable_password()
user.active = True
user.save()
contact = contact_form.save(commit=False)
contact.user = user
contact.save()
global_role = global_role_form.save(commit=False)
global_role.user = user
global_role.save()
if not settings.FEATURE_AUTHORIZATION_V2:
if 'authorized_products' in form.cleaned_data and len(
form.cleaned_data['authorized_products']) > 0:
for p in form.cleaned_data['authorized_products']:
p.authorized_users.add(user)
p.save()
if 'authorized_product_types' in form.cleaned_data and len(
form.cleaned_data['authorized_product_types']) > 0:
for pt in form.cleaned_data['authorized_product_types']:
pt.authorized_users.add(user)
pt.save()
messages.add_message(
request,
messages.SUCCESS,
'User added successfully, you may edit if necessary.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('edit_user', args=(user.id, )))
else:
messages.add_message(request,
messages.ERROR,
'User was not added successfully.',
extra_tags='alert-danger')
add_breadcrumb(title="Add User", top_level=False, request=request)
return render(
request, "dojo/add_user.html", {
'name': 'Add User',
'form': form,
'contact_form': contact_form,
'global_role_form': global_role_form,
'to_add': True
})