def edit(request, user_id): user = get_object_or_404(User, pk=user_id) can_delete = user_can_delete_user(request.user, user) editing_self = request.user == user for fn in hooks.get_hooks('before_edit_user'): result = fn(request, user) if hasattr(result, 'status_code'): return result if request.method == 'POST': form = get_user_edit_form()(request.POST, request.FILES, instance=user, editing_self=editing_self) if form.is_valid(): user = form.save() messages.success(request, _("User '{0}' updated.").format(user), buttons=[ messages.button(reverse('wagtailusers_users:edit', args=(user.pk,)), _('Edit')) ]) for fn in hooks.get_hooks('after_edit_user'): result = fn(request, user) if hasattr(result, 'status_code'): return result return redirect('wagtailusers_users:index') else: messages.error(request, _("The user could not be saved due to errors.")) else: form = get_user_edit_form()(instance=user, editing_self=editing_self) return render(request, 'wagtailusers/users/edit.html', { 'user': user, 'form': form, 'can_delete': can_delete, })
def delete(request, user_id): user = get_object_or_404(User, pk=user_id) if not user_can_delete_user(request.user, user): raise PermissionDenied for fn in hooks.get_hooks("before_delete_user"): result = fn(request, user) if hasattr(result, "status_code"): return result if request.method == "POST": with transaction.atomic(): log(user, "wagtail.delete") user.delete() messages.success(request, _("User '{0}' deleted.").format(user)) for fn in hooks.get_hooks("after_delete_user"): result = fn(request, user) if hasattr(result, "status_code"): return result return redirect("wagtailusers_users:index") return TemplateResponse( request, "wagtailusers/users/confirm_delete.html", { "user": user, }, )
def edit(request, user_id): user = get_object_or_404(User, pk=user_id) can_delete = user_can_delete_user(request.user, user) editing_self = request.user == user for fn in hooks.get_hooks('before_edit_user'): result = fn(request, user) if hasattr(result, 'status_code'): return result if request.method == 'POST': form = get_user_edit_form()(request.POST, request.FILES, instance=user, editing_self=editing_self) if form.is_valid(): user = form.save() messages.success(request, _("User '{0}' updated.").format(user), buttons=[ messages.button(reverse('wagtailusers_users:edit', args=(user.pk,)), _('Edit')) ]) for fn in hooks.get_hooks('after_edit_user'): result = fn(request, user) if hasattr(result, 'status_code'): return result return redirect('wagtailusers_users:index') else: messages.error(request, _("The user could not be saved due to errors.")) else: form = get_user_edit_form()(instance=user, editing_self=editing_self) return render(request, 'wagtailusers/users/edit.html', { 'user': user, 'form': form, 'can_delete': can_delete, })
def edit(request, user_id): user = get_object_or_404(User, pk=user_id) can_delete = user_can_delete_user(request.user, user) editing_self = request.user == user for fn in hooks.get_hooks('before_edit_user'): result = fn(request, user) if hasattr(result, 'status_code'): return result if request.method == 'POST': form = get_user_edit_form()(request.POST, request.FILES, instance=user, editing_self=editing_self) if form.is_valid(): user = form.save() messages.success(request, _("Your details have been updated. You've been logged out for security reasons, " "please login to continue.")) for fn in hooks.get_hooks('after_edit_user'): result = fn(request, user) if hasattr(result, 'status_code'): return result return redirect('wagtailusers_users:index') else: messages.error(request, _("The user could not be saved due to errors.")) else: form = get_user_edit_form()(instance=user, editing_self=editing_self) return render(request, 'wagtailusers/users/edit.html', { 'user': user, 'form': form, 'can_delete': can_delete, })
def user_listing_buttons(context, user): yield UserListingButton(_('Edit'), reverse('wagtailusers_users:edit', args=[user.pk]), attrs={'title': _('Edit this user')}, priority=10) if user_can_delete_user(context.request.user, user): yield UserListingButton(_('Delete'), reverse('wagtailusers_users:delete', args=[user.pk]), classes={'no'}, attrs={'title': _('Delete this user')}, priority=20)
def edit(request, user_id): user = get_object_or_404(User, pk=user_id) can_delete = user_can_delete_user(request.user, user) editing_self = request.user == user previous_groups = user.groups.all() previous_subunion = user.subunions for fn in hooks.get_hooks('before_edit_user'): result = fn(request, user) if hasattr(result, 'status_code'): return result if request.method == 'POST': form = get_user_edit_form()(request.POST, request.FILES, instance=user, editing_self=editing_self) if form.is_valid(): user = form.save() if 'wagtailadmin.union_admin' in request.user.get_all_permissions( ): user.subunions = previous_subunion if previous_groups: for item in previous_groups: user.groups.add(item) user.save() if user == request.user and 'password1' in form.changed_data: # User is changing their own password; need to update their session hash update_session_auth_hash(request, user) messages.success(request, _("User '{0}' updated.").format(user), buttons=[ messages.button( reverse('wagtailusers_users:edit', args=(user.pk, )), _('Edit')) ]) for fn in hooks.get_hooks('after_edit_user'): result = fn(request, user) if hasattr(result, 'status_code'): return result return redirect('wagtailusers_users:index') else: messages.error(request, _("The user could not be saved due to errors.")) else: form = get_user_edit_form()(instance=user, editing_self=editing_self) return render( request, 'wagtailusers/users/edit.html', { 'user': user, 'form': form, 'can_delete': can_delete, 'superuser': request.user.is_superuser })
def edit(request, user_id): user = get_object_or_404(User, pk=user_id) can_delete = user_can_delete_user(request.user, user) editing_self = request.user == user for fn in hooks.get_hooks("before_edit_user"): result = fn(request, user) if hasattr(result, "status_code"): return result if request.method == "POST": form = get_user_edit_form()(request.POST, request.FILES, instance=user, editing_self=editing_self) if form.is_valid(): with transaction.atomic(): user = form.save() log(user, "wagtail.edit") if user == request.user and "password1" in form.changed_data: # User is changing their own password; need to update their session hash update_session_auth_hash(request, user) messages.success( request, _("User '{0}' updated.").format(user), buttons=[ messages.button( reverse("wagtailusers_users:edit", args=(user.pk, )), _("Edit")) ], ) for fn in hooks.get_hooks("after_edit_user"): result = fn(request, user) if hasattr(result, "status_code"): return result return redirect("wagtailusers_users:index") else: messages.error(request, _("The user could not be saved due to errors.")) else: form = get_user_edit_form()(instance=user, editing_self=editing_self) return TemplateResponse( request, "wagtailusers/users/edit.html", { "user": user, "form": form, "can_delete": can_delete, }, )
def user_listing_buttons(context, user): yield UserListingButton( _("Edit"), reverse("wagtailusers_users:edit", args=[user.pk]), attrs={"title": _("Edit this user")}, priority=10, ) if user_can_delete_user(context.request.user, user): yield UserListingButton( _("Delete"), reverse("wagtailusers_users:delete", args=[user.pk]), classes={"no"}, attrs={"title": _("Delete this user")}, priority=20, )
def delete(request, user_id): user = get_object_or_404(User, pk=user_id) if not user_can_delete_user(request.user, user): return permission_denied(request) for fn in hooks.get_hooks('before_delete_user'): result = fn(request, user) if hasattr(result, 'status_code'): return result if request.method == 'POST': user.delete() messages.success(request, _("User '{0}' deleted.").format(user)) for fn in hooks.get_hooks('after_delete_user'): result = fn(request, user) if hasattr(result, 'status_code'): return result return redirect('wagtailusers_users:index') return render(request, "wagtailusers/users/confirm_delete.html", { 'user': user, })
def delete(request, user_id): user = get_object_or_404(User, pk=user_id) if not user_can_delete_user(request.user, user): return permission_denied(request) for fn in hooks.get_hooks('before_delete_user'): result = fn(request, user) if hasattr(result, 'status_code'): return result if request.method == 'POST': user.delete() messages.success(request, _("User '{0}' deleted.").format(user)) for fn in hooks.get_hooks('after_delete_user'): result = fn(request, user) if hasattr(result, 'status_code'): return result return redirect('wagtailusers_users:index') return render(request, "wagtailusers/users/confirm_delete.html", { 'user': user, })
def get_context_data(self, **kwargs): ctx = super().get_context_data(**kwargs) can_delete = user_can_delete_user(self.request.user, self.object) ctx.update(can_delete=can_delete) return ctx
def user_listing_buttons(context, user): yield UserListingButton(_('Edit'), reverse('wagtailusers_users:edit', args=[user.pk]), attrs={'title': _('Edit this user')}, priority=10) if user_can_delete_user(context.request.user, user): yield UserListingButton(_('Delete'), reverse('wagtailusers_users:delete', args=[user.pk]), classes={'no'}, attrs={'title': _('Delete this user')}, priority=20)
def check_perm(self, obj): return user_can_delete_user(self.request.user, obj)