def change_password(request, user_id):
"""
Change the password of the user with the given user_id. Checks for
permission to change users.
"""
if not can_edit_user(request.user, user_id):
raise PermissionDenied
if request.user.id == int(user_id):
Form = PasswordChangeForm
else:
Form = SetPasswordForm
user = User.objects.get(id=user_id)
if request.POST:
form = Form(user, request.POST)
if form.is_valid():
form.save()
messages.success(request, _("Password changed successfully."))
return HttpResponseRedirect(
reverse("profiles.profile_edit", args=[user_id]))
else:
form = Form(request.user)
return render(request, "registration/password_change_form.html", {
'form': form,
'change_user': user,
})
def change_password(request, user_id):
"""
Change the password of the user with the given user_id. Checks for
permission to change users.
"""
if not can_edit_user(request.user, user_id):
raise PermissionDenied
if request.user.id == int(user_id):
Form = PasswordChangeForm
else:
Form = SetPasswordForm
user = User.objects.get(id=user_id)
if request.POST:
form = Form(user, request.POST)
if form.is_valid():
form.save()
messages.success(request, _("Password changed successfully."))
return HttpResponseRedirect(reverse("profiles.profile_edit", args=[user_id]))
else:
form = Form(request.user)
return render(request, "registration/password_change_form.html", {
'form': form,
'change_user': user,
})
def delete(request, user_id):
try:
user_id = int(user_id)
except ValueError:
raise Http404
if request.user.id != user_id and not (
request.user.has_perm("auth.delete_user") and \
can_edit_user(request.user, user_id)):
raise PermissionDenied
to_delete = User.objects.get(id=user_id)
if request.method != 'POST':
return render(request, "profiles/confirm_delete_self.html",
{'site_email' : settings.DEFAULT_FROM_EMAIL})
# POST
delete_comments = request.POST.get('delete_comments', False)
if delete_comments:
from comments.models import Comment, Favorite
Comment.objects.filter(user=request.user).delete()
Favorite.objects.filter(user=request.user).delete()
u = to_delete
u.username = "******" % u.pk
u.is_active = False
u.is_staff = False
u.is_superuser = False
u.first_name = ""
u.last_name = ""
u.password = ""
u.groups.clear()
u.save()
p = u.profile
p.display_name = "(withdrawn)"
p.blog_name = ""
p.mailing_address = ""
p.special_mail_handling = ""
p.show_adult_content = False
p.save()
for scan in Scan.objects.filter(author=u):
scan.full_delete()
deleter = "self" if request.user == u else request.user.username
Note.objects.create(
text="User account deleted by %s." % deleter,
user=p.user,
resolved=datetime.datetime.now(),
creator=request.user,
important=True,
)
if request.user == u:
logout(request)
messages.add_message(request, messages.INFO, "User account successfully deleted.")
return redirect("home")
def delete(request, user_id):
try:
user_id = int(user_id)
except ValueError:
raise Http404
if request.user.id != user_id and not (
request.user.has_perm("auth.delete_user") and \
can_edit_user(request.user, user_id)):
raise PermissionDenied
to_delete = User.objects.get(id=user_id)
if request.method != 'POST':
return render(request, "profiles/confirm_delete_self.html")
# POST
delete_comments = request.POST.get('delete_comments', False)
if delete_comments:
from comments.models import Comment, Favorite
Comment.objects.filter(user=request.user).delete()
Favorite.objects.filter(user=request.user).delete()
u = to_delete
u.username = "******" % u.pk
u.is_active = False
u.is_staff = False
u.is_superuser = False
u.first_name = ""
u.last_name = ""
u.password = ""
u.groups.clear()
u.save()
p = u.profile
p.display_name = "(withdrawn)"
p.blog_name = ""
p.comments_disabled = False
p.mailing_address = ""
p.special_mail_handling = ""
p.show_adult_content = False
p.save()
for scan in Scan.objects.filter(author=u):
scan.full_delete()
deleter = "self" if request.user == u else request.user.username
Note.objects.create(
text="User account deleted by %s." % deleter,
user=p.user,
resolved=datetime.datetime.now(),
creator=request.user,
important=True,
)
if request.user == u:
logout(request)
messages.add_message(request, messages.INFO, "User account successfully deleted.")
return redirect("home")
def edit_profile(request, user_id=None):
edit_profile = can_edit_profile(request.user, user_id)
edit_user = can_edit_user(request.user, user_id)
if not edit_profile and not edit_user:
raise PermissionDenied
user = get_object_or_404(User, pk=user_id)
try:
document = Document.objects.filter(type="profile", status="published",
author=user).order_by('-modified')[0]
except IndexError:
document = None
# XXX Could probably simplify the permissions backflips by assuming that an
# editor using this interface either has permissions to edit both
# profile/user, or neither.
user_form = None
profile_form = None
scan_upload_form = None
ProfileForm = get_profile_form(request.user)
if request.method == 'POST':
if edit_profile:
profile_form = ProfileForm(request.POST, instance=user.profile)
scan_upload_form = ProfileUploadForm(request.POST, request.FILES)
if edit_user:
user_form = UserFormNoEmail(request.POST, instance=user)
if (not profile_form or profile_form.is_valid()) and \
(not user_form or user_form.is_valid()) and \
(not scan_upload_form or scan_upload_form.is_valid()):
if profile_form:
profile_form.save()
if user_form:
user_form.save()
if scan_upload_form and 'file' in request.FILES:
pdf = move_scan_file(uploaded_file=request.FILES['file'])
scan = Scan.objects.create(
uploader=user,
author=user,
pdf=pdf
)
task_id = process_scan_to_profile.delay(
scan.pk,
reverse('profiles.profile_show', args=[user_id]),
)
return redirect('moderation.wait_for_processing', task_id=task_id)
messages.success(request, _("Changes saved."))
return redirect('profiles.profile_show', user_id)
else:
if edit_profile:
profile_form = ProfileForm(instance=user.profile)
scan_upload_form = ProfileUploadForm()
if edit_user:
user_form = UserFormNoEmail(instance=user)
return render(request, "profiles/profile_edit.html", {
'document': document,
'profile_form': profile_form,
'user_form': user_form,
'scan_upload_form': scan_upload_form,
'profile': user.profile,
'can_edit_profile': edit_profile,
'can_edit_user': edit_user,
})
def edit_profile(request, user_id=None):
#FIXME: org permission here
edit_profile = can_edit_profile(request.user, user_id)
edit_user = can_edit_user(request.user, user_id)
if not edit_profile and not edit_user:
raise PermissionDenied
user = get_object_or_404(User, pk=user_id)
try:
document = Document.objects.filter(
type="profile", status="published",
author=user).order_by('-modified')[0]
except IndexError:
document = None
# XXX Could probably simplify the permissions backflips by assuming that an
# editor using this interface either has permissions to edit both
# profile/user, or neither.
user_form = None
profile_form = None
scan_upload_form = None
ProfileForm = get_profile_form(request.user)
if request.method == 'POST':
if edit_profile:
profile_form = ProfileForm(request.POST, instance=user.profile)
scan_upload_form = ProfileUploadForm(request.POST, request.FILES)
if edit_user:
user_form = UserFormNoEmail(request.POST, instance=user)
if (not profile_form or profile_form.is_valid()) and \
(not user_form or user_form.is_valid()) and \
(not scan_upload_form or scan_upload_form.is_valid()):
if profile_form:
profile_form.save()
if user_form:
user_form.save()
if scan_upload_form and 'file' in request.FILES:
pdf = move_scan_file(uploaded_file=request.FILES['file'])
scan = Scan.objects.create(uploader=user, author=user, pdf=pdf)
task_id = process_scan_to_profile.delay(
scan.pk,
reverse('profiles.profile_show', args=[user_id]),
)
return redirect('moderation.wait_for_processing',
task_id=task_id)
messages.success(request, _("Changes saved."))
return redirect('profiles.profile_show', user_id)
else:
if edit_profile:
profile_form = ProfileForm(instance=user.profile)
scan_upload_form = ProfileUploadForm()
if edit_user:
user_form = UserFormNoEmail(instance=user)
return render(
request, "profiles/profile_edit.html", {
'document': document,
'profile_form': profile_form,
'user_form': user_form,
'scan_upload_form': scan_upload_form,
'profile': user.profile,
'can_edit_profile': edit_profile,
'can_edit_user': edit_user,
})
