def edit(request, id=None): # Security check if request.user.id != id: if request.user.is_superuser is False: return HttpResponseRedirect(reverse('main.views.forbidden')) # Load user if id is None: user = request.user title = 'Edit your profile (%s)' % user else: try: user = User.objects.get(pk=id) title = 'Edit user %s' % user except: raise Http404 # Form if request.method == 'POST': form = UserChangeForm(request.POST, instance=user) if form.is_valid(): user = form.save(commit=False) password = request.POST.get('password', '') user.set_password(password) user.save() return HttpResponseRedirect(reverse('components.accounts.views.list')) else: form = UserChangeForm(instance=user) return render(request, 'accounts/edit.html', {'form': form, 'user': user, 'title': title })
def edit(request, id=None): # Forbidden if user isn't an admin and is trying to edit another user if str(request.user.id) != str(id) and id is not None: if request.user.is_superuser is False: return redirect('main.views.forbidden') # Load user if id is None: user = request.user title = 'Edit your profile (%s)' % user else: user = get_object_or_404(User, pk=id) title = 'Edit user %s' % user # Form if request.method == 'POST': form = UserChangeForm(request.POST, instance=user) if form.is_valid(): user = form.save(commit=False) # change password if requested password = request.POST.get('password', '') if password != '': user.set_password(password) # prevent non-admin from self-promotion if not request.user.is_superuser: user.is_superuser = False user.save() # regenerate API key if requested regenerate_api_key = request.POST.get('regenerate_api_key', '') if regenerate_api_key != '': generate_api_key(user) # determine where to redirect to if request.user.is_superuser: return_view = 'components.accounts.views.list' else: return_view = 'profile' messages.info(request, _('Saved.')) return redirect(return_view) else: suppress_administrator_toggle = True if request.user.is_superuser: suppress_administrator_toggle = False form = UserChangeForm( instance=user, suppress_administrator_toggle=suppress_administrator_toggle) return render(request, 'accounts/edit.html', { 'form': form, 'user': user, 'title': title })
def edit(request, id=None): # Forbidden if user isn't an admin and is trying to edit another user if str(request.user.id) != str(id) and id is not None: if request.user.is_superuser is False: return redirect("main.views.forbidden") # Load user if id is None: user = request.user title = "Edit your profile (%s)" % user else: user = get_object_or_404(User, pk=id) title = "Edit user %s" % user # Form if request.method == "POST": form = UserChangeForm(request.POST, instance=user) if form.is_valid(): user = form.save(commit=False) # change password if requested password = request.POST.get("password", "") if password != "": user.set_password(password) # prevent non-admin from self-promotion if not request.user.is_superuser: user.is_superuser = False user.save() # regenerate API key if requested regenerate_api_key = request.POST.get("regenerate_api_key", "") if regenerate_api_key != "": generate_api_key(user) # determine where to redirect to if request.user.is_superuser: return_view = "components.accounts.views.list" else: return_view = "profile" messages.info(request, _("Saved.")) return redirect(return_view) else: suppress_administrator_toggle = True if request.user.is_superuser: suppress_administrator_toggle = False form = UserChangeForm( instance=user, suppress_administrator_toggle=suppress_administrator_toggle) return render(request, "accounts/edit.html", { "form": form, "user": user, "title": title })
def edit(request, id=None): # Forbidden if user isn't an admin and is trying to edit another user if str(request.user.id) != str(id) and id != None: if request.user.is_superuser is False: return HttpResponseRedirect(reverse('main.views.forbidden')) # Load user if id is None: user = request.user #id = request.user.id title = 'Edit your profile (%s)' % user else: try: user = User.objects.get(pk=id) title = 'Edit user %s' % user except: raise Http404 # Form if request.method == 'POST': form = UserChangeForm(request.POST, instance=user) if form.is_valid(): user = form.save(commit=False) # change password if requested password = request.POST.get('password', '') if password != '': user.set_password(password) user.save() # regenerate API key if requested regenerate_api_key = request.POST.get('regenerate_api_key', '') if regenerate_api_key != '': try: api_key = ApiKey.objects.get(user_id=user.pk) except ApiKey.DoesNotExist: api_key = ApiKey.objects.create(user=user) api_key.key = api_key.generate_key() api_key.save() # determine where to redirect to if request.user.is_superuser is False: return_view = 'components.accounts.views.edit' else: return_view = 'components.accounts.views.list' return HttpResponseRedirect(reverse(return_view)) else: form = UserChangeForm(instance=user) # load API key for display try: api_key_data = ApiKey.objects.get(user_id=user.pk) api_key = api_key_data.key except: api_key = '<no API key generated>' return render( request, 'accounts/edit.html', { 'hide_features': hidden_features(), 'form': form, 'user': user, 'api_key': api_key, 'title': title })
def edit(request, id=None): # Forbidden if user isn't an admin and is trying to edit another user if str(request.user.id) != str(id) and id != None: if request.user.is_superuser is False: return HttpResponseRedirect(reverse('main.views.forbidden')) # Load user if id is None: user = request.user #id = request.user.id title = 'Edit your profile (%s)' % user else: try: user = User.objects.get(pk=id) title = 'Edit user %s' % user except: raise Http404 # Form if request.method == 'POST': form = UserChangeForm(request.POST, instance=user) if form.is_valid(): user = form.save(commit=False) # change password if requested password = request.POST.get('password', '') if password != '': user.set_password(password) user.save() # regenerate API key if requested regenerate_api_key = request.POST.get('regenerate_api_key', '') if regenerate_api_key != '': try: api_key = ApiKey.objects.get(user_id=user.pk) except ApiKey.DoesNotExist: api_key = ApiKey.objects.create(user=user) api_key.key = api_key.generate_key() api_key.save() # determine where to redirect to if request.user.is_superuser is False: return_view = 'components.accounts.views.edit' else: return_view = 'components.accounts.views.list' return HttpResponseRedirect(reverse(return_view)) else: form = UserChangeForm(instance=user) # load API key for display try: api_key_data = ApiKey.objects.get(user_id=user.pk) api_key = api_key_data.key except: api_key = '<no API key generated>' return render(request, 'accounts/edit.html', { 'form': form, 'user': user, 'api_key': api_key, 'title': title })
def edit(request, id=None): # Forbidden if user isn't an admin and is trying to edit another user if str(request.user.id) != str(id) and id != None: if request.user.is_superuser is False: return HttpResponseRedirect(reverse("main.views.forbidden")) # Load user if id is None: user = request.user # id = request.user.id title = "Edit your profile (%s)" % user else: try: user = User.objects.get(pk=id) title = "Edit user %s" % user except: raise Http404 # Form if request.method == "POST": form = UserChangeForm(request.POST, instance=user) if form.is_valid(): user = form.save(commit=False) # change password if requested password = request.POST.get("password", "") if password != "": user.set_password(password) user.save() # regenerate API key if requested regenerate_api_key = request.POST.get("regenerate_api_key", "") if regenerate_api_key != "": try: api_key = ApiKey.objects.get(user_id=user.pk) except ApiKey.DoesNotExist: api_key = ApiKey.objects.create(user=user) api_key.key = api_key.generate_key() api_key.save() # determine where to redirect to if request.user.is_superuser is False: return_view = "components.accounts.views.edit" else: return_view = "components.accounts.views.list" return HttpResponseRedirect(reverse(return_view)) else: form = UserChangeForm(instance=user) # load API key for display try: api_key_data = ApiKey.objects.get(user_id=user.pk) api_key = api_key_data.key except: api_key = "<no API key generated>" return render( request, "accounts/edit.html", {"hide_features": hidden_features(), "form": form, "user": user, "api_key": api_key, "title": title}, )
def edit(request, id=None): if get_client_config_value('kioskMode') == 'True': return redirect('main.views.forbidden') # Forbidden if user isn't an admin and is trying to edit another user if str(request.user.id) != str(id) and id != None: if request.user.is_superuser is False: return redirect('main.views.forbidden') # Load user if id is None: user = request.user title = 'Edit your profile (%s)' % user else: try: user = User.objects.get(pk=id) title = 'Edit user %s' % user except: raise Http404 # Form if request.method == 'POST': form = UserChangeForm(request.POST, instance=user) if form.is_valid(): user = form.save(commit=False) # change password if requested password = request.POST.get('password', '') if password != '': user.set_password(password) # prevent non-admin from self-promotion if not request.user.is_superuser: user.is_superuser = False user.save() # regenerate API key if requested regenerate_api_key = request.POST.get('regenerate_api_key', '') if regenerate_api_key != '': try: api_key = ApiKey.objects.get(user_id=user.pk) except ApiKey.DoesNotExist: api_key = ApiKey.objects.create(user=user) api_key.key = api_key.generate_key() api_key.save() # determine where to redirect to if request.user.is_superuser is False: return_view = 'components.accounts.views.edit' else: return_view = 'components.accounts.views.list' messages.info(request, 'Saved.') return redirect(return_view) else: suppress_administrator_toggle = True if request.user.is_superuser: suppress_administrator_toggle = False form = UserChangeForm( instance=user, suppress_administrator_toggle=suppress_administrator_toggle) # load API key for display try: api_key_data = ApiKey.objects.get(user_id=user.pk) api_key = api_key_data.key except: api_key = '<no API key generated>' return render( request, 'accounts/edit.html', { 'hide_features': hidden_features(), 'form': form, 'user': user, 'api_key': api_key, 'title': title })