From 4bf64d42ac5d11c1513add2c8767c9fcf5ab6412 Mon Sep 17 00:00:00 2001
From: Roberto Rosario <Roberto.Rosario.Gonzalez@gmail.com>
Date: Sat, 7 May 2011 02:28:14 -0400
Subject: [PATCH] Added view to reset users password, disallowed editing,
 deleting, etc of super user or staff users, improved app navigation

---
 apps/user_management/__init__.py | 13 ++++--
 apps/user_management/forms.py    |  6 +++
 apps/user_management/urls.py     |  2 +
 apps/user_management/views.py    | 80 ++++++++++++++++++++++++++++++--
 4 files changed, 92 insertions(+), 9 deletions(-)

diff --git a/apps/user_management/__init__.py b/apps/user_management/__init__.py
index f2f08e3d42..7a50c07ba4 100644
--- a/apps/user_management/__init__.py
+++ b/apps/user_management/__init__.py
@@ -16,11 +16,14 @@ register_permissions('user_management', [
     {'name': PERMISSION_USER_DELETE, 'label': _(u'Delete existing users')},
 ])
 
-user_list = {'text': _(u'users'), 'view': 'user_list', 'famfam': 'user', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_VIEW]}}
+user_list = {'text': _(u'user list'), 'view': 'user_list', 'famfam': 'user', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_VIEW]}}
 user_edit = {'text': _(u'edit'), 'view': 'user_edit', 'args': 'object.id', 'famfam': 'user_edit', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_EDIT]}}
-user_add = {'text': _(u'create new user'), 'view': 'user_add', 'args': 'object.id', 'famfam': 'user_add', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_CREATE]}}
+user_add = {'text': _(u'create new user'), 'view': 'user_add', 'famfam': 'user_add', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_CREATE]}}
+user_delete = {u'text': _('delete'), 'view': 'user_delete', 'args': 'object.id', 'famfam': 'user_delete', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_DELETE]}}
 user_multiple_delete = {u'text': _('delete'), 'view': 'user_multiple_delete', 'famfam': 'user_delete', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_DELETE]}}
+user_set_password = {u'text': _('reset password'), 'view': 'user_set_password', 'args': 'object.id', 'famfam': 'lock_edit', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_EDIT]}}
+user_multiple_set_password = {u'text': _('reset password'), 'view': 'user_multiple_set_password', 'famfam': 'lock_edit', 'permissions': {'namespace': 'user_management', 'permissions': [PERMISSION_USER_EDIT]}}
 
-register_links(User, [user_edit])
-register_links('user_list', [user_add], menu_name=u'sidebar')
-register_multi_item_links(['user_list'], [user_multiple_delete])
+register_links(User, [user_edit, user_set_password, user_delete])
+register_links(['user_multiple_set_password', 'user_set_password', 'user_multiple_delete', 'user_delete', 'user_edit', 'user_list','user_add'], [user_add, user_list], menu_name=u'sidebar')
+register_multi_item_links(['user_list'], [user_multiple_set_password, user_multiple_delete])
diff --git a/apps/user_management/forms.py b/apps/user_management/forms.py
index 02da2437f8..6027d2bd51 100644
--- a/apps/user_management/forms.py
+++ b/apps/user_management/forms.py
@@ -1,8 +1,14 @@
 from django import forms
 from django.contrib.auth.models import User
+from django.utils.translation import ugettext_lazy as _
 
 
 class UserForm(forms.ModelForm):
     class Meta:
         model = User
         fields = ('username', 'first_name', 'last_name', 'email', 'is_active',)
+
+
+class PasswordForm(forms.Form):
+    new_password_1 = forms.CharField(label=_(u'New password'), widget=forms.PasswordInput())
+    new_password_2 = forms.CharField(label=_(u'Confirm password'), widget=forms.PasswordInput())
diff --git a/apps/user_management/urls.py b/apps/user_management/urls.py
index 66876b4ed0..d46ce1cbe3 100644
--- a/apps/user_management/urls.py
+++ b/apps/user_management/urls.py
@@ -6,4 +6,6 @@ urlpatterns = patterns('user_management.views',
     url(r'^(?P<user_id>\d+)/edit/$', 'user_edit', (), 'user_edit'),
     url(r'^(?P<user_id>\d+)/delete/$', 'user_delete', (), 'user_delete'),
     url(r'^multiple/delete/$', 'user_multiple_delete', (), 'user_multiple_delete'),
+    url(r'^(?P<user_id>\d+)/set_password/$', 'user_set_password', (), 'user_set_password'),
+    url(r'^multiple/set_password/$', 'user_multiple_set_password', (), 'user_multiple_set_password'),
 )
diff --git a/apps/user_management/views.py b/apps/user_management/views.py
index b0b536f984..c8b539c7f8 100644
--- a/apps/user_management/views.py
+++ b/apps/user_management/views.py
@@ -12,7 +12,7 @@ from permissions.api import check_permissions
 from user_management import PERMISSION_USER_VIEW, \
     PERMISSION_USER_EDIT, PERMISSION_USER_CREATE, \
     PERMISSION_USER_DELETE
-from user_management.forms import UserForm
+from user_management.forms import UserForm, PasswordForm
 
 
 def user_list(request):
@@ -20,7 +20,7 @@ def user_list(request):
 
     return object_list(
         request,
-        queryset=User.objects.all(),
+        queryset=User.objects.exclude(is_superuser=True).exclude(is_staff=True),
         template_name='generic_list.html',
         extra_context={
             'title': _(u'users'),
@@ -31,6 +31,9 @@ def user_list(request):
                     'attribute': 'get_full_name'
                 },
                 {
+                    'name': _(u'email'),
+                    'attribute': 'email'
+                },                {
                     'name': _(u'active'),
                     'attribute': 'is_active'
                 }
@@ -45,6 +48,10 @@ def user_edit(request, user_id):
     check_permissions(request.user, 'user_management', [PERMISSION_USER_EDIT])
     user = get_object_or_404(User, pk=user_id)
 
+    if user.is_superuser or user.is_staff:
+        messages.error(request, _(u'Super user and staff user editing is not allowed, use the admin interface for these cases.'))
+        return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/'))
+        
     if request.method == 'POST':
         form = UserForm(instance=user, data=request.POST)
         if form.is_valid():
@@ -100,8 +107,11 @@ def user_delete(request, user_id=None, user_id_list=None):
     if request.method == 'POST':
         for user in users:
             try:
-                user.delete()
-                messages.success(request, _(u'User "%s" deleted successfully.') % user)
+                if user.is_superuser or user.is_staff:
+                    messages.error(request, _(u'Super user and staff user deleting is not allowed, use the admin interface for these cases.'))
+                else:
+                    user.delete()
+                    messages.success(request, _(u'User "%s" deleted successfully.') % user)
             except Exception, e:
                 messages.error(request, _(u'Error deleting user "%(user)s": %(error)s') % {
                     'user': user, 'error': e
@@ -129,3 +139,65 @@ def user_multiple_delete(request):
     return user_delete(
         request, user_id_list=request.GET.get('id_list', [])
     )
+    
+    
+def user_set_password(request, user_id=None, user_id_list=None):
+    check_permissions(request.user, 'users', [PERMISSION_USER_EDIT])
+    post_action_redirect = None
+
+    if user_id:
+        users = [get_object_or_404(User, pk=user_id)]
+        post_action_redirect = reverse('user_list')
+    elif user_id_list:
+        users = [get_object_or_404(User, pk=user_id) for user_id in user_id_list.split(',')]
+    else:
+        messages.error(request, _(u'Must provide at least one user.'))
+        return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/'))
+
+    next = request.POST.get('next', request.GET.get('next', post_action_redirect if post_action_redirect else request.META.get('HTTP_REFERER', '/')))
+
+    if request.method == 'POST':
+        form = PasswordForm(request.POST)
+        if form.is_valid():
+            password_1 = form.cleaned_data['new_password_1']
+            password_2 = form.cleaned_data['new_password_2']
+            if password_1 != password_2:
+                messages.error(request, _(u'Passwords do not match, try again.'))
+            else:
+                for user in users:
+                    try:
+                        if user.is_superuser or user.is_staff:
+                            messages.error(request, _(u'Super user and staff user password reseting is not allowed, use the admin interface for these cases.'))
+                        else:
+                            user.set_password(password_1)
+                            user.save()
+                            messages.success(request, _(u'Successfull password reset for user: %s.') % user)
+                    except Exception, e:
+                        messages.error(request, _(u'Error reseting password for user "%(user)s": %(error)s') % {
+                            'user': user, 'error': e
+                        })                
+
+                return HttpResponseRedirect(next)
+    else:
+        form = PasswordForm()
+
+    context = {
+        'object_name': _(u'user'),
+        'next': next,
+        'form': form,
+    }
+
+    if len(users) == 1:
+        context['object'] = users[0]
+        context['title'] = _(u'Reseting password for user: %s') % ', '.join([unicode(d) for d in users])
+    elif len(users) > 1:
+        context['title'] = _(u'Reseting password for users: %s') % ', '.join([unicode(d) for d in users])
+        
+    return render_to_response('generic_form.html', context,
+        context_instance=RequestContext(request))
+
+
+def user_multiple_set_password(request):
+    return user_set_password(
+        request, user_id_list=request.GET.get('id_list', [])
+    )