+@login_required\r
+def user_powers(request, id, action, status):\r
+ if not request.user.is_superuser:\r
+ return HttpResponseForbidden()\r
+\r
+ user = get_object_or_404(User, id=id)\r
+ new_state = action == 'grant'\r
+\r
+ if status == 'super':\r
+ user.is_superuser = new_state\r
+ elif status == 'staff':\r
+ user.is_staff = new_state\r
+ else:\r
+ raise Http404()\r
+\r
+ user.save() \r
+ return HttpResponseRedirect(user.get_profile_url())\r
+\r
+\r
+@decorators.command\r
+def award_points(request, id):\r
+ if (not request.POST) and request.POST.get('points', None):\r
+ raise decorators.CommandException(_("Invalid request type"))\r
+\r
+ if not request.user.is_superuser:\r
+ raise decorators.CommandException(_("Only superusers are allowed to award reputation points"))\r
+\r
+ user = get_object_or_404(User, id=id)\r
+ points = int(request.POST['points'])\r
+\r
+ extra = dict(message=request.POST.get('message', ''), awarding_user=request.user.id, value=points)\r
+\r
+ BonusRepAction(user=user, extra=extra).save(data=dict(value=points))\r
+\r
+ return dict(reputation=user.reputation)\r
+\r