def get(self, request, *args, **kwargs): user = request.user target = self.get_obj() target = user_permissions(request, target) form = self.form_class(pk=target.id) context = dict(form=form, target=target) return render(request, self.template_name, context)
def get_object(self): obj = super(UserDetails, self).get_object() obj = auth.user_permissions(request=self.request, target=obj) return obj
def post(self, request, *args, **kwargs): user = request.user target = self.get_obj() target = user_permissions(request, target) profile = target.profile # The response after the action response = HttpResponseRedirect(target.get_absolute_url()) if target.is_administrator: messages.warning(request, "Cannot moderate an administrator") return response if user == target: messages.warning(request, "Cannot moderate yourself") return response if not user.is_moderator: messages.warning(request, "Only moderators have this permission") return response if not target.is_editable: messages.warning(request, "Target not editable by this user") return response form = self.form_class(request.POST, pk=target.id) if not form.is_valid(): messages.error(request, "Invalid user modification action") return response action = int(form.cleaned_data['action']) if action == User.BANNED and not user.is_administrator: messages.error(request, "Only administrators may ban users") return response if action == User.BANNED and user.is_administrator: # Remove data by user profile.clear_data() # Lets make sure we don't ban people that have been around a while # These can still be removed but via the admin interface # We do this to limit damage that a hacked admin account could do. if target.score > 3: messages.error(request, "Target user has a high score and can only be banned via the admin interface") return response # Remove badges that may have been earned by this user. Award.objects.filter(user=target).delete() # Delete all votes by this user. Vote.objects.filter(author=target).delete() # Mark all posts as deleted. Post.objects.filter(author=target).update(status=Post.DELETED) # Destroy posts with no votes. query = Post.objects.filter(author=target, vote_count__lt=2) count = query.count() query.delete() messages.success(request, "User banned, %s posts removed" % count) # Apply the new status User.objects.filter(pk=target.id).update(status=action) messages.success(request, 'Moderation completed') return response