示例#1
0
    def get(self, request, *args, **kwargs):
        user = request.user
        target = self.get_obj()
        target = user_permissions(request, target)

        form = self.form_class(pk=target.id)
        context = dict(form=form, target=target)
        return render(request, self.template_name, context)
示例#2
0
 def get_object(self):
     obj = super(UserDetails, self).get_object()
     obj = auth.user_permissions(request=self.request, target=obj)
     return obj
示例#3
0
    def post(self, request, *args, **kwargs):
        user = request.user

        target = self.get_obj()
        target = user_permissions(request, target)
        profile = target.profile

        # The response after the action
        response = HttpResponseRedirect(target.get_absolute_url())

        if target.is_administrator:
            messages.warning(request, "Cannot moderate an administrator")
            return response

        if user == target:
            messages.warning(request, "Cannot moderate yourself")
            return response

        if not user.is_moderator:
            messages.warning(request, "Only moderators have this permission")
            return response

        if not target.is_editable:
            messages.warning(request, "Target not editable by this user")
            return response

        form = self.form_class(request.POST, pk=target.id)
        if not form.is_valid():
            messages.error(request, "Invalid user modification action")
            return response

        action = int(form.cleaned_data['action'])

        if action == User.BANNED and not user.is_administrator:
            messages.error(request, "Only administrators may ban users")
            return response

        if action == User.BANNED and user.is_administrator:
            # Remove data by user
            profile.clear_data()

            # Lets make sure we don't ban people that have been around a while
            # These can still be removed but via the admin interface
            # We do this to limit damage that a hacked admin account could do.
            if target.score > 3:
                messages.error(request, "Target user has a high score and can only be banned via the admin interface")
                return response

            # Remove badges that may have been earned by this user.
            Award.objects.filter(user=target).delete()

            # Delete all votes by this user.
            Vote.objects.filter(author=target).delete()

            # Mark all posts as deleted.
            Post.objects.filter(author=target).update(status=Post.DELETED)

            # Destroy posts with no votes.
            query = Post.objects.filter(author=target, vote_count__lt=2)
            count = query.count()
            query.delete()

            messages.success(request, "User banned, %s posts removed" % count)


        # Apply the new status
        User.objects.filter(pk=target.id).update(status=action)

        messages.success(request, 'Moderation completed')
        return response