def edit_keys(request, key_id=None, user_id=None): if not request.is_ajax(): raise PermissionDenied if key_id: api_key = get_object_or_404(MemberAPIKey, keyid=key_id) else: api_key = None user = None if user_id: user = get_object_or_404(User, pk=user_id) if request.method == 'POST': key_id = int(request.POST.get('key_id', None).replace(' ', '')) user = get_object_or_404(User, pk=request.POST.get('user_id', None)) if user != request.user and not request.user.has_perm('API.add_keys'): raise PermissionDenied vcode = request.POST.get('vcode', None).replace(' ', '') if api_key: api_key.keyid = key_id api_key.vcode = vcode api_key.user = user api_key.validate() else: api_key = MemberAPIKey(user=user, keyid=key_id, vcode=vcode) api_key.validate() return TemplateResponse(request, "api_key_form.html", { 'key': api_key, 'member': user })