OSQA-386

[osqa.git] / forum / views / users.py
diff --git a/forum/views/users.py b/forum/views/users.py

index bf105c964cb50c5a390bb5b2d30353d8cc13ff50..2bda26368c419bf75cd5f64a66bcb257ed8ddef0 100644 (file)
--- a/forum/views/users.py
+++ b/forum/views/users.py
@@ -115,10 +115,13 @@ def edit_user(request, id):
      }, context_instance=RequestContext(request))\r
  \r
  \r
      }, context_instance=RequestContext(request))\r
  \r
  \r
-@login_required\r
+@decorate.withfn(decorators.command)\r
  def user_powers(request, id, action, status):\r
      if not request.user.is_superuser:\r
  def user_powers(request, id, action, status):\r
      if not request.user.is_superuser:\r
-        return HttpResponseUnauthorized(request)\r
+        raise decorators.CommandException(_("Only superusers are allowed to alter other users permissions."))\r
+\r
+    if (action == 'remove' and 'status' == 'super') and not request.user.is_siteowner():\r
+        raise decorators.CommandException(_("Only the site owner can remove the super user status from other user."))\r
  \r
      user = get_object_or_404(User, id=id)\r
      new_state = action == 'grant'\r
  \r
      user = get_object_or_404(User, id=id)\r
      new_state = action == 'grant'\r
@@ -131,26 +134,32 @@ def user_powers(request, id, action, status):
          raise Http404()\r
  \r
      user.save()\r
          raise Http404()\r
  \r
      user.save()\r
-    return HttpResponseRedirect(user.get_profile_url())\r
+    return decorators.RefreshPageCommand()\r
  \r
  \r
  @decorate.withfn(decorators.command)\r
  def award_points(request, id):\r
  \r
  \r
  @decorate.withfn(decorators.command)\r
  def award_points(request, id):\r
-    if (not request.POST) and request.POST.get('points', None):\r
-        raise decorators.CommandException(_("Invalid request type"))\r
+    if not request.POST:\r
+        return render_to_response('users/karma_bonus.html')\r
  \r
      if not request.user.is_superuser:\r
          raise decorators.CommandException(_("Only superusers are allowed to award reputation points"))\r
  \r
  \r
      if not request.user.is_superuser:\r
          raise decorators.CommandException(_("Only superusers are allowed to award reputation points"))\r
  \r
+    try:\r
+        points = int(request.POST['points'])\r
+    except:\r
+        raise decorators.CommandException(_("Invalid number of points to award."))\r
+\r
      user = get_object_or_404(User, id=id)\r
      user = get_object_or_404(User, id=id)\r
-    points = int(request.POST['points'])\r
  \r
      extra = dict(message=request.POST.get('message', ''), awarding_user=request.user.id, value=points)\r
  \r
      BonusRepAction(user=request.user, extra=extra).save(data=dict(value=points, affected=user))\r
  \r
  \r
      extra = dict(message=request.POST.get('message', ''), awarding_user=request.user.id, value=points)\r
  \r
      BonusRepAction(user=request.user, extra=extra).save(data=dict(value=points, affected=user))\r
  \r
-    return dict(reputation=user.reputation)\r
-\r
+    return {'commands': {\r
+            'update_profile_karma': [user.reputation]\r
+        }}\r
+    \r
  \r
  @decorate.withfn(decorators.command)\r
  def suspend(request, id):\r
  \r
  @decorate.withfn(decorators.command)\r
  def suspend(request, id):\r
@@ -159,7 +168,7 @@ def suspend(request, id):
      if not request.user.is_superuser:\r
          raise decorators.CommandException(_("Only superusers can suspend other users"))\r
  \r
      if not request.user.is_superuser:\r
          raise decorators.CommandException(_("Only superusers can suspend other users"))\r
  \r
-    if not request.POST:\r
+    if not request.POST.get('bantype', None):\r
          if user.is_suspended():\r
              suspension = user.suspension\r
              suspension.cancel(user=request.user, ip=request.META['REMOTE_ADDR'])\r
          if user.is_suspended():\r
              suspension = user.suspension\r
              suspension.cancel(user=request.user, ip=request.META['REMOTE_ADDR'])\r
@@ -191,11 +200,16 @@ def user_view(template, tab_name, tab_title, tab_description, private=False, tab
              user = get_object_or_404(User, id=id)\r
              if private and not (user == request.user or request.user.is_superuser):\r
                  return HttpResponseUnauthorized(request)\r
              user = get_object_or_404(User, id=id)\r
              if private and not (user == request.user or request.user.is_superuser):\r
                  return HttpResponseUnauthorized(request)\r
+\r
+            if render_to and (not render_to(user)):\r
+                return HttpResponseRedirect(user.get_profile_url())\r
+                \r
              context = fn(request, user)\r
  \r
              rev_page_title = user.username + " - " + tab_description\r
  \r
              context.update({\r
              context = fn(request, user)\r
  \r
              rev_page_title = user.username + " - " + tab_description\r
  \r
              context.update({\r
+            "tab": "users",\r
              "active_tab" : tab_name,\r
              "tab_description" : tab_description,\r
              "page_title" : rev_page_title,\r
              "active_tab" : tab_name,\r
              "tab_description" : tab_description,\r
              "page_title" : rev_page_title,\r
@@ -287,32 +301,31 @@ def user_favorites(request, user):
  \r
  @user_view('users/subscriptions.html', 'subscriptions', _('subscription settings'), _('subscriptions'), True, tabbed=False)\r
  def user_subscriptions(request, user):\r
  \r
  @user_view('users/subscriptions.html', 'subscriptions', _('subscription settings'), _('subscriptions'), True, tabbed=False)\r
  def user_subscriptions(request, user):\r
+    enabled = user.subscription_settings.enable_notifications\r
+\r
      if request.method == 'POST':        \r
          form = SubscriptionSettingsForm(data=request.POST, instance=user.subscription_settings)\r
  \r
          if form.is_valid():\r
      if request.method == 'POST':        \r
          form = SubscriptionSettingsForm(data=request.POST, instance=user.subscription_settings)\r
  \r
          if form.is_valid():\r
-            if form.cleaned_data['user'] != user.id:\r
-                return HttpResponseUnauthorized(request)\r
+            form.save()\r
+            message = _('New subscription settings are now saved')\r
  \r
              if 'notswitch' in request.POST:\r
  \r
              if 'notswitch' in request.POST:\r
-                user.subscription_settings.enable_notifications = not user.subscription_settings.enable_notifications\r
-                user.subscription_settings.save()\r
+                enabled = not enabled\r
  \r
  \r
-                if user.subscription_settings.enable_notifications:\r
-                    request.user.message_set.create(message=_('Notifications are now enabled'))\r
+                if enabled:\r
+                    message = _('Notifications are now enabled')\r
                  else:\r
                  else:\r
-                    request.user.message_set.create(message=_('Notifications are now disabled'))\r
+                    message = _('Notifications are now disabled')\r
  \r
  \r
-            form.save()\r
-            request.user.message_set.create(message=_('New subscription settings are now saved'))\r
-        else:\r
-            print form.errors\r
+            user.subscription_settings.enable_notifications = enabled\r
+            user.subscription_settings.save()\r
+\r
+            request.user.message_set.create(message=message)\r
      else:\r
          form = SubscriptionSettingsForm(instance=user.subscription_settings)\r
  \r
      else:\r
          form = SubscriptionSettingsForm(instance=user.subscription_settings)\r
  \r
-    notificatons_on = user.subscription_settings.enable_notifications\r
-\r
-    return {'view_user':user, 'notificatons_on': notificatons_on, 'form':form}\r
+    return {'view_user':user, 'notificatons_on': enabled, 'form':form}\r
  \r
  @login_required\r
  def account_settings(request):\r
  \r
  @login_required\r
  def account_settings(request):\r