def edit(request, id=None):
# Forbidden if user isn't an admin and is trying to edit another user
if str(request.user.id) != str(id) and id is not None:
if request.user.is_superuser is False:
return redirect("main.views.forbidden")
# Load user
if id is None:
user = request.user
title = "Edit your profile (%s)" % user
else:
user = get_object_or_404(User, pk=id)
title = "Edit user %s" % user
# Form
if request.method == "POST":
form = UserChangeForm(request.POST, instance=user)
if form.is_valid():
user = form.save(commit=False)
# change password if requested
password = request.POST.get("password", "")
if password != "":
user.set_password(password)
# prevent non-admin from self-promotion
if not request.user.is_superuser:
user.is_superuser = False
user.save()
# regenerate API key if requested
regenerate_api_key = request.POST.get("regenerate_api_key", "")
if regenerate_api_key != "":
generate_api_key(user)
# determine where to redirect to
if request.user.is_superuser:
return_view = "components.accounts.views.list"
else:
return_view = "profile"
messages.info(request, _("Saved."))
return redirect(return_view)
else:
suppress_administrator_toggle = True
if request.user.is_superuser:
suppress_administrator_toggle = False
form = UserChangeForm(
instance=user,
suppress_administrator_toggle=suppress_administrator_toggle)
return render(request, "accounts/edit.html", {
"form": form,
"user": user,
"title": title
})
def edit(request, id=None):
# Forbidden if user isn't an admin and is trying to edit another user
if str(request.user.id) != str(id) and id is not None:
if request.user.is_superuser is False:
return redirect('main.views.forbidden')
# Load user
if id is None:
user = request.user
title = 'Edit your profile (%s)' % user
else:
user = get_object_or_404(User, pk=id)
title = 'Edit user %s' % user
# Form
if request.method == 'POST':
form = UserChangeForm(request.POST, instance=user)
if form.is_valid():
user = form.save(commit=False)
# change password if requested
password = request.POST.get('password', '')
if password != '':
user.set_password(password)
# prevent non-admin from self-promotion
if not request.user.is_superuser:
user.is_superuser = False
user.save()
# regenerate API key if requested
regenerate_api_key = request.POST.get('regenerate_api_key', '')
if regenerate_api_key != '':
generate_api_key(user)
# determine where to redirect to
if request.user.is_superuser:
return_view = 'components.accounts.views.list'
else:
return_view = 'profile'
messages.info(request, _('Saved.'))
return redirect(return_view)
else:
suppress_administrator_toggle = True
if request.user.is_superuser:
suppress_administrator_toggle = False
form = UserChangeForm(
instance=user,
suppress_administrator_toggle=suppress_administrator_toggle)
return render(request, 'accounts/edit.html', {
'form': form,
'user': user,
'title': title
})
def edit(request, id=None):
# Forbidden if user isn't an admin and is trying to edit another user
if str(request.user.id) != str(id) and id != None:
if request.user.is_superuser is False:
return HttpResponseRedirect(reverse('main.views.forbidden'))
# Load user
if id is None:
user = request.user
#id = request.user.id
title = 'Edit your profile (%s)' % user
else:
try:
user = User.objects.get(pk=id)
title = 'Edit user %s' % user
except:
raise Http404
# Form
if request.method == 'POST':
form = UserChangeForm(request.POST, instance=user)
if form.is_valid():
user = form.save(commit=False)
# change password if requested
password = request.POST.get('password', '')
if password != '':
user.set_password(password)
user.save()
# regenerate API key if requested
regenerate_api_key = request.POST.get('regenerate_api_key', '')
if regenerate_api_key != '':
try:
api_key = ApiKey.objects.get(user_id=user.pk)
except ApiKey.DoesNotExist:
api_key = ApiKey.objects.create(user=user)
api_key.key = api_key.generate_key()
api_key.save()
# determine where to redirect to
if request.user.is_superuser is False:
return_view = 'components.accounts.views.edit'
else:
return_view = 'components.accounts.views.list'
return HttpResponseRedirect(reverse(return_view))
else:
form = UserChangeForm(instance=user)
# load API key for display
try:
api_key_data = ApiKey.objects.get(user_id=user.pk)
api_key = api_key_data.key
except:
api_key = '<no API key generated>'
return render(
request, 'accounts/edit.html', {
'hide_features': hidden_features(),
'form': form,
'user': user,
'api_key': api_key,
'title': title
})
def edit(request, id=None):
if get_client_config_value('kioskMode') == 'True':
return redirect('main.views.forbidden')
# Forbidden if user isn't an admin and is trying to edit another user
if str(request.user.id) != str(id) and id != None:
if request.user.is_superuser is False:
return redirect('main.views.forbidden')
# Load user
if id is None:
user = request.user
title = 'Edit your profile (%s)' % user
else:
try:
user = User.objects.get(pk=id)
title = 'Edit user %s' % user
except:
raise Http404
# Form
if request.method == 'POST':
form = UserChangeForm(request.POST, instance=user)
if form.is_valid():
user = form.save(commit=False)
# change password if requested
password = request.POST.get('password', '')
if password != '':
user.set_password(password)
# prevent non-admin from self-promotion
if not request.user.is_superuser:
user.is_superuser = False
user.save()
# regenerate API key if requested
regenerate_api_key = request.POST.get('regenerate_api_key', '')
if regenerate_api_key != '':
try:
api_key = ApiKey.objects.get(user_id=user.pk)
except ApiKey.DoesNotExist:
api_key = ApiKey.objects.create(user=user)
api_key.key = api_key.generate_key()
api_key.save()
# determine where to redirect to
if request.user.is_superuser is False:
return_view = 'components.accounts.views.edit'
else:
return_view = 'components.accounts.views.list'
messages.info(request, 'Saved.')
return redirect(return_view)
else:
suppress_administrator_toggle = True
if request.user.is_superuser:
suppress_administrator_toggle = False
form = UserChangeForm(
instance=user,
suppress_administrator_toggle=suppress_administrator_toggle)
# load API key for display
try:
api_key_data = ApiKey.objects.get(user_id=user.pk)
api_key = api_key_data.key
except:
api_key = '<no API key generated>'
return render(
request, 'accounts/edit.html', {
'hide_features': hidden_features(),
'form': form,
'user': user,
'api_key': api_key,
'title': title
})