def user_account(request, param_username): page_vars = { "page_title": "Account: " + request.user.username } if current_user(request) and param_username == request.user.username: try: requested_user = User.objects.get(username=param_username) except User.DoesNotExist: raise Http404 if request.method == "GET": user_profile = Profile.objects.get(user = request.user) init_values = {'time_zone': user_profile.time_zone, 'email': request.user.email} page_vars['form'] = UserProfileForm(initial=init_values) csrfContext = RequestContext(request, page_vars) return render(request, 'auth/user_account.html', csrfContext) elif request.method == "POST": if current_user(request): completed_form = UserProfileForm(request.POST) if completed_form.is_valid(): user_profile = Profile.objects.get(user=request.user) user_obj = User.objects.get(username=request.user.username) # Updating User and Profile Objects with form data user_profile.time_zone = completed_form.cleaned_data['time_zone'] request.session['user_timezone'] = completed_form.cleaned_data['time_zone'] user_obj.email = completed_form.cleaned_data['email'] # Only update the user's password if it's not empty if completed_form.cleaned_data['password'] != '': user_obj.set_password(completed_form.cleaned_data['password']) # Commiting the edited objects to the database user_profile.save() user_obj.save() messages.add_message(request, messages.SUCCESS, 'Success: Your Account Has Been Updated') return HttpResponseRedirect('/' + request.user.username + '/account') else: generate_form_errors(request, completed_form) return HttpResponseRedirect('/' + request.user.username + '/account') else: raise Http404 else: raise Http404
def edit_user(request, param_user_pk): # If current user is authenticated and it staff. if current_staff(request): page_vars = {"page_title": 'Alter User'} # Getting Requested User object from database. try: requested_user = User.objects.get(pk=param_user_pk) except User.DoesNotExist: raise Http404 # User is requesting the form, build it! if request.method == "GET": # Get profile object from database. try: user_profile = Profile.objects.get(user=requested_user) except Profile.DoesNotExist: raise Http404 # Build initial values for form. init_values = {'time_zone': user_profile.time_zone, 'email': requested_user.email} # Create Form object with initial values. page_vars['form'] = UserProfileForm(initial=init_values) # Getting requested_user so we can create the post link via pk. page_vars['requested_user'] = requested_user # Generating the CSRF context. csrfContext = RequestContext(request, page_vars) # Render page with form. return render(request, 'administrative/edit_user.html', csrfContext) # Okay so the user is submitting changes, apply them! elif request.method == "POST": # Build form obj from POST data. completed_form = UserProfileForm(request.POST) if completed_form.is_valid(): # We need to get the profile obj out of the db. try: user_profile = Profile.objects.get(user=requested_user) except Profile.DoesNotExist: raise Http404 # Update User and Profile objs in db with validated form-data. user_profile.time_zone = completed_form.cleaned_data['time_zone'] requested_user.email = completed_form.cleaned_data['email'] # Only update the password if it's not empty. if completed_form.cleaned_data['password'] != '': requested_user.set_password(completed_form.cleaned_data['password']) # Save the changes to the database. user_profile.save() requested_user.save() # Generate message for the user messages.add_message(request, messages.SUCCESS, 'Success: Changes Applied to User') # Redirect back to user-edit page. return HttpResponseRedirect('/admin/edit_user/{0}'.format(requested_user.pk)) # Form data is NOT valid. Generate messages. else: # Generate error messages from form generate_form_errors(request, completed_form) # Update page_vars page_vars['form'] = completed_form # Generate CSRF Context. csrfContext = RequestContext(request, page_vars) # Render page with errors, old form. return render(request, 'administrative/edit_user.html', csrfContext) else: raise Http404