matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added view to reset users password, disallowed editing, deleting, etc of super user or staff users, improved app navigation

Browse Source
This commit is contained in:
Roberto Rosario
2011-05-07 02:28:14 -04:00
parent 0d410b510c
commit 4bf64d42ac
4 changed files with 92 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
apps/user_management/__init__.py
View File

@@ -16,11 +16,14 @@ register_permissions('user_management', [
{'name': PERMISSION_USER_DELETE, 'label': _(u'Delete existing users')},
])
user_list = {'text': _(u'users'), 'view': 'user_list', 'famfam': 'user', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_VIEW]}}
user_list = {'text': _(u'user list'), 'view': 'user_list', 'famfam': 'user', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_VIEW]}}
user_edit = {'text': _(u'edit'), 'view': 'user_edit', 'args': 'object.id', 'famfam': 'user_edit', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_EDIT]}}
user_add = {'text': _(u'create new user'), 'view': 'user_add', 'args': 'object.id', 'famfam': 'user_add', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_CREATE]}}
user_add = {'text': _(u'create new user'), 'view': 'user_add', 'famfam': 'user_add', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_CREATE]}}
user_delete = {u'text': _('delete'), 'view': 'user_delete', 'args': 'object.id', 'famfam': 'user_delete', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_DELETE]}}
user_multiple_delete = {u'text': _('delete'), 'view': 'user_multiple_delete', 'famfam': 'user_delete', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_DELETE]}}
user_set_password = {u'text': _('reset password'), 'view': 'user_set_password', 'args': 'object.id', 'famfam': 'lock_edit', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_EDIT]}}
user_multiple_set_password = {u'text': _('reset password'), 'view': 'user_multiple_set_password', 'famfam': 'lock_edit', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_EDIT]}}
register_links(User, [user_edit])
register_links('user_list', [user_add], menu_name=u'sidebar')
register_multi_item_links(['user_list'], [user_multiple_delete])
register_links(User, [user_edit, user_set_password, user_delete])
register_links(['user_multiple_set_password', 'user_set_password', 'user_multiple_delete', 'user_delete', 'user_edit', 'user_list','user_add'], [user_add, user_list], menu_name=u'sidebar')
register_multi_item_links(['user_list'], [user_multiple_set_password, user_multiple_delete])

6
apps/user_management/forms.py
View File

@@ -1,8 +1,14 @@
from django import forms
from django.contrib.auth.models import User
from django.utils.translation import ugettext_lazy as _
class UserForm(forms.ModelForm):
class Meta:
model = User
fields = ('username', 'first_name', 'last_name', 'email', 'is_active',)
class PasswordForm(forms.Form):
new_password_1 = forms.CharField(label=_(u'New password'), widget=forms.PasswordInput())
new_password_2 = forms.CharField(label=_(u'Confirm password'), widget=forms.PasswordInput())

2
apps/user_management/urls.py
View File

@@ -6,4 +6,6 @@ urlpatterns = patterns('user_management.views',
url(r'^(?P<user_id>\d+)/edit/$', 'user_edit', (), 'user_edit'),
url(r'^(?P<user_id>\d+)/delete/$', 'user_delete', (), 'user_delete'),
url(r'^multiple/delete/$', 'user_multiple_delete', (), 'user_multiple_delete'),
url(r'^(?P<user_id>\d+)/set_password/$', 'user_set_password', (), 'user_set_password'),
url(r'^multiple/set_password/$', 'user_multiple_set_password', (), 'user_multiple_set_password'),
)

80
apps/user_management/views.py
View File

@@ -12,7 +12,7 @@ from permissions.api import check_permissions
from user_management import PERMISSION_USER_VIEW, \
PERMISSION_USER_EDIT, PERMISSION_USER_CREATE, \
PERMISSION_USER_DELETE
from user_management.forms import UserForm
from user_management.forms import UserForm, PasswordForm
def user_list(request):
@@ -20,7 +20,7 @@ def user_list(request):
return object_list(
request,
queryset=User.objects.all(),
queryset=User.objects.exclude(is_superuser=True).exclude(is_staff=True),
template_name='generic_list.html',
extra_context={
'title': _(u'users'),
@@ -31,6 +31,9 @@ def user_list(request):
'attribute': 'get_full_name'
},
{
'name': _(u'email'),
'attribute': 'email'
}, {
'name': _(u'active'),
'attribute': 'is_active'
}
@@ -45,6 +48,10 @@ def user_edit(request, user_id):
check_permissions(request.user, 'user_management', [PERMISSION_USER_EDIT])
user = get_object_or_404(User, pk=user_id)
if user.is_superuser or user.is_staff:
messages.error(request, _(u'Super user and staff user editing is not allowed, use the admin interface for these cases.'))
return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/'))
if request.method == 'POST':
form = UserForm(instance=user, data=request.POST)
if form.is_valid():
@@ -100,8 +107,11 @@ def user_delete(request, user_id=None, user_id_list=None):
if request.method == 'POST':
for user in users:
try:
user.delete()
messages.success(request, _(u'User "%s" deleted successfully.') % user)
if user.is_superuser or user.is_staff:
messages.error(request, _(u'Super user and staff user deleting is not allowed, use the admin interface for these cases.'))
else:
user.delete()
messages.success(request, _(u'User "%s" deleted successfully.') % user)
except Exception, e:
messages.error(request, _(u'Error deleting user "%(user)s": %(error)s') % {
'user': user, 'error': e
@@ -129,3 +139,65 @@ def user_multiple_delete(request):
return user_delete(
request, user_id_list=request.GET.get('id_list', [])
)
def user_set_password(request, user_id=None, user_id_list=None):
check_permissions(request.user, 'users', [PERMISSION_USER_EDIT])
post_action_redirect = None
if user_id:
users = [get_object_or_404(User, pk=user_id)]
post_action_redirect = reverse('user_list')
elif user_id_list:
users = [get_object_or_404(User, pk=user_id) for user_id in user_id_list.split(',')]
else:
messages.error(request, _(u'Must provide at least one user.'))
return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/'))
next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', '/')))
if request.method == 'POST':
form = PasswordForm(request.POST)
if form.is_valid():
password_1 = form.cleaned_data['new_password_1']
password_2 = form.cleaned_data['new_password_2']
if password_1 != password_2:
messages.error(request, _(u'Passwords do not match, try again.'))
else:
for user in users:
try:
if user.is_superuser or user.is_staff:
messages.error(request, _(u'Super user and staff user password reseting is not allowed, use the admin interface for these cases.'))
else:
user.set_password(password_1)
user.save()
messages.success(request, _(u'Successfull password reset for user: %s.') % user)
except Exception, e:
messages.error(request, _(u'Error reseting password for user "%(user)s": %(error)s') % {
'user': user, 'error': e
})
return HttpResponseRedirect(next)
else:
form = PasswordForm()
context = {
'object_name': _(u'user'),
'next': next,
'form': form,
}
if len(users) == 1:
context['object'] = users[0]
context['title'] = _(u'Reseting password for user: %s') % ', '.join([unicode(d) for d in users])
elif len(users) > 1:
context['title'] = _(u'Reseting password for users: %s') % ', '.join([unicode(d) for d in users])
return render_to_response('generic_form.html', context,
context_instance=RequestContext(request))
def user_multiple_set_password(request):
return user_set_password(
request, user_id_list=request.GET.get('id_list', [])
)