def test_user_can_edit_user_profile(self): """ Verifies the check for a given user being able to edit another given user's public ForumProfile. Members of the User group may only edit their own ForumProfile. """ self.assertTrue(auth.user_can_edit_user_profile( self.admin, self.admin)) self.assertTrue( auth.user_can_edit_user_profile(self.moderator, self.admin)) self.assertFalse(auth.user_can_edit_user_profile( self.user, self.admin)) self.assertTrue( auth.user_can_edit_user_profile(self.admin, self.moderator)) self.assertTrue( auth.user_can_edit_user_profile(self.moderator, self.moderator)) self.assertFalse( auth.user_can_edit_user_profile(self.user, self.moderator)) self.assertTrue(auth.user_can_edit_user_profile(self.admin, self.user)) self.assertTrue( auth.user_can_edit_user_profile(self.moderator, self.user)) self.assertTrue(auth.user_can_edit_user_profile(self.user, self.user))
def edit_user_forum_profile(request, user_id): """ Edits public information in a given User's ForumProfile. Only moderators may edit a User's title. """ user = get_object_or_404(User, pk=user_id) if not auth.user_can_edit_user_profile(request.user, user): return permission_denied(request, message='You do not have permission to edit this user\'s forum profile.') user_profile = ForumProfile.objects.get_for_user(user) can_edit_title = auth.is_moderator(request.user) if app_settings.USE_REDIS: redis.seen_user(request.user, 'Editing User Profile') if request.method == 'POST': form = forms.UserProfileForm(can_edit_title, request.POST, instance=user_profile) if form.is_valid(): form.save(commit=True) return HttpResponseRedirect(user_profile.get_absolute_url()) else: form = forms.UserProfileForm(can_edit_title, instance=user_profile) return render(request, 'forum/edit_user_forum_profile.html', { 'forum_user': user, 'forum_profile': user_profile, 'form': form, 'title': 'Edit Forum Profile', 'avatar_dimensions': get_avatar_dimensions(), })
def edit_user_forum_profile(request, user_id): """ Edits public information in a given User's ForumProfile. Only moderators may edit a User's title. """ user = get_object_or_404(User, pk=user_id) if not auth.user_can_edit_user_profile(request.user, user): return permission_denied( request, message= 'You do not have permission to edit this user\'s forum profile.') user_profile = ForumProfile.objects.get_for_user(user) can_edit_title = auth.is_moderator(request.user) if app_settings.USE_REDIS: redis.seen_user(request.user, 'Editing User Profile') if request.method == 'POST': form = forms.UserProfileForm(can_edit_title, request.POST, instance=user_profile) if form.is_valid(): form.save(commit=True) return HttpResponseRedirect(user_profile.get_absolute_url()) else: form = forms.UserProfileForm(can_edit_title, instance=user_profile) return render( request, 'forum/edit_user_forum_profile.html', { 'forum_user': user, 'forum_profile': user_profile, 'form': form, 'title': 'Edit Forum Profile', 'avatar_dimensions': get_avatar_dimensions(), })
def test_user_can_edit_user_profile(self): """ Verifies the check for a given user being able to edit another given user's public ForumProfile. Members of the User group may only edit their own ForumProfile. """ self.assertTrue(auth.user_can_edit_user_profile(self.admin, self.admin)) self.assertTrue(auth.user_can_edit_user_profile(self.moderator, self.admin)) self.assertFalse(auth.user_can_edit_user_profile(self.user, self.admin)) self.assertTrue(auth.user_can_edit_user_profile(self.admin, self.moderator)) self.assertTrue(auth.user_can_edit_user_profile(self.moderator, self.moderator)) self.assertFalse(auth.user_can_edit_user_profile(self.user, self.moderator)) self.assertTrue(auth.user_can_edit_user_profile(self.admin, self.user)) self.assertTrue(auth.user_can_edit_user_profile(self.moderator, self.user)) self.assertTrue(auth.user_can_edit_user_profile(self.user, self.user))
def can_edit_user_profile(user, user_to_edit): return user.is_authenticated() and \ auth.user_can_edit_user_profile(user, user_to_edit)