@login_required\r
def edit_user(request, id):\r
user = get_object_or_404(User, id=id)\r
- if request.user != user:\r
- raise Http404\r
+ if not (request.user.is_superuser or request.user == user):\r
+ return HttpResponseForbidden()\r
if request.method == "POST":\r
form = EditUserForm(user, request.POST)\r
if form.is_valid():\r
else:\r
form = EditUserForm(user)\r
return render_to_response('users/edit.html', {\r
+ 'user': user,\r
'form' : form,\r
'gravatar_faq_url' : reverse('faq') + '#gravatar',\r
}, context_instance=RequestContext(request))\r
\r
\r
+@login_required\r
+def user_powers(request, id, action, status):\r
+ if not request.user.is_superuser:\r
+ return HttpResponseForbidden()\r
+\r
+ user = get_object_or_404(User, id=id)\r
+ new_state = action == 'grant'\r
+\r
+ if status == 'super':\r
+ user.is_superuser = new_state\r
+ elif status == 'staff':\r
+ user.is_staff = new_state\r
+ else:\r
+ raise Http404()\r
+\r
+ user.save() \r
+ return HttpResponseRedirect(user.get_profile_url())\r
+\r
\r
def user_view(template, tab_name, tab_description, page_title, private=False):\r
def decorator(fn):\r
def decorated(request, id, slug=None):\r
user = get_object_or_404(User, id=id)\r
- if private and not user == request.user:\r
+ if private and not (user == request.user or request.user.is_superuser):\r
return HttpResponseForbidden()\r
context = fn(request, user)\r
\r
"tab_name" : tab_name,\r
"tab_description" : tab_description,\r
"page_title" : rev_page_title,\r
+ "can_view_private": (user == request.user) or request.user.is_superuser\r
})\r
return render_to_response(template, context, context_instance=RequestContext(request))\r
return decorated\r
projects / osqa.git / blobdiff