def view_user(request, username):
context = {}
user = get_user(username=username)
if not user:
return HttpResponseRedirect("/members")
context["user"] = user
context["CAN_EDIT"] = (True if
((user and user == request.user)
or is_mediacms_manager(request.user)) else False)
context["CAN_DELETE"] = True if is_mediacms_manager(
request.user) else False
context["SHOW_CONTACT_FORM"] = (True if (
user.allow_contact or is_mediacms_editor(request.user)) else False)
return render(request, "cms/user.html", context)
def __init__(self, user, *args, **kwargs):
super(UserForm, self).__init__(*args, **kwargs)
self.fields.pop("is_featured")
if not is_mediacms_manager(user):
self.fields.pop("advancedUser")
self.fields.pop("is_manager")
self.fields.pop("is_editor")
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
if request.user.is_superuser:
return True
if is_mediacms_manager(request.user):
return True
return obj.user == request.user
def view_channel(request, friendly_token):
context = {}
channel = Channel.objects.filter(friendly_token=friendly_token).first()
if not channel:
user = None
else:
user = channel.user
context["user"] = user
context["CAN_EDIT"] = (True if
((user and user == request.user)
or is_mediacms_manager(request.user)) else False)
return render(request, "cms/channel.html", context)
def edit_user(request, username):
user = get_user(username=username)
if not user or (user != request.user
and not is_mediacms_manager(request.user)):
return HttpResponseRedirect("/")
if request.method == "POST":
form = UserForm(request.user,
request.POST,
request.FILES,
instance=user)
if form.is_valid():
user = form.save(commit=False)
user.save()
return HttpResponseRedirect(user.get_absolute_url())
else:
form = UserForm(request.user, instance=user)
return render(request, "cms/user_edit.html", {"form": form})