]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/views/users.py
OSQA-386
[osqa.git] / forum / views / users.py
index 43464d80dd5a4de035f2c107f7cdec2a3eeae562..2bda26368c419bf75cd5f64a66bcb257ed8ddef0 100644 (file)
@@ -115,10 +115,13 @@ def edit_user(request, id):
     }, context_instance=RequestContext(request))\r
 \r
 \r
-@login_required\r
+@decorate.withfn(decorators.command)\r
 def user_powers(request, id, action, status):\r
     if not request.user.is_superuser:\r
-        return HttpResponseUnauthorized(request)\r
+        raise decorators.CommandException(_("Only superusers are allowed to alter other users permissions."))\r
+\r
+    if (action == 'remove' and 'status' == 'super') and not request.user.is_siteowner():\r
+        raise decorators.CommandException(_("Only the site owner can remove the super user status from other user."))\r
 \r
     user = get_object_or_404(User, id=id)\r
     new_state = action == 'grant'\r
@@ -131,26 +134,32 @@ def user_powers(request, id, action, status):
         raise Http404()\r
 \r
     user.save()\r
-    return HttpResponseRedirect(user.get_profile_url())\r
+    return decorators.RefreshPageCommand()\r
 \r
 \r
 @decorate.withfn(decorators.command)\r
 def award_points(request, id):\r
-    if (not request.POST) and request.POST.get('points', None):\r
-        raise decorators.CommandException(_("Invalid request type"))\r
+    if not request.POST:\r
+        return render_to_response('users/karma_bonus.html')\r
 \r
     if not request.user.is_superuser:\r
         raise decorators.CommandException(_("Only superusers are allowed to award reputation points"))\r
 \r
+    try:\r
+        points = int(request.POST['points'])\r
+    except:\r
+        raise decorators.CommandException(_("Invalid number of points to award."))\r
+\r
     user = get_object_or_404(User, id=id)\r
-    points = int(request.POST['points'])\r
 \r
     extra = dict(message=request.POST.get('message', ''), awarding_user=request.user.id, value=points)\r
 \r
     BonusRepAction(user=request.user, extra=extra).save(data=dict(value=points, affected=user))\r
 \r
-    return dict(reputation=user.reputation)\r
-\r
+    return {'commands': {\r
+            'update_profile_karma': [user.reputation]\r
+        }}\r
+    \r
 \r
 @decorate.withfn(decorators.command)\r
 def suspend(request, id):\r
@@ -159,7 +168,7 @@ def suspend(request, id):
     if not request.user.is_superuser:\r
         raise decorators.CommandException(_("Only superusers can suspend other users"))\r
 \r
-    if not request.POST:\r
+    if not request.POST.get('bantype', None):\r
         if user.is_suspended():\r
             suspension = user.suspension\r
             suspension.cancel(user=request.user, ip=request.META['REMOTE_ADDR'])\r
@@ -191,11 +200,16 @@ def user_view(template, tab_name, tab_title, tab_description, private=False, tab
             user = get_object_or_404(User, id=id)\r
             if private and not (user == request.user or request.user.is_superuser):\r
                 return HttpResponseUnauthorized(request)\r
+\r
+            if render_to and (not render_to(user)):\r
+                return HttpResponseRedirect(user.get_profile_url())\r
+                \r
             context = fn(request, user)\r
 \r
             rev_page_title = user.username + " - " + tab_description\r
 \r
             context.update({\r
+            "tab": "users",\r
             "active_tab" : tab_name,\r
             "tab_description" : tab_description,\r
             "page_title" : rev_page_title,\r
@@ -287,30 +301,31 @@ def user_favorites(request, user):
 \r
 @user_view('users/subscriptions.html', 'subscriptions', _('subscription settings'), _('subscriptions'), True, tabbed=False)\r
 def user_subscriptions(request, user):\r
+    enabled = user.subscription_settings.enable_notifications\r
+\r
     if request.method == 'POST':        \r
         form = SubscriptionSettingsForm(data=request.POST, instance=user.subscription_settings)\r
 \r
         if form.is_valid():\r
-            if form.cleaned_data['user'] != user.id:\r
-                return HttpResponseUnauthorized(request)\r
+            form.save()\r
+            message = _('New subscription settings are now saved')\r
 \r
             if 'notswitch' in request.POST:\r
-                user.subscription_settings.enable_notifications = not user.subscription_settings.enable_notifications\r
-                user.subscription_settings.save()\r
+                enabled = not enabled\r
 \r
-                if user.subscription_settings.enable_notifications:\r
-                    request.user.message_set.create(message=_('Notifications are now enabled'))\r
+                if enabled:\r
+                    message = _('Notifications are now enabled')\r
                 else:\r
-                    request.user.message_set.create(message=_('Notifications are now disabled'))\r
+                    message = _('Notifications are now disabled')\r
 \r
-            form.save()\r
-            request.user.message_set.create(message=_('New subscription settings are now saved'))\r
+            user.subscription_settings.enable_notifications = enabled\r
+            user.subscription_settings.save()\r
+\r
+            request.user.message_set.create(message=message)\r
     else:\r
         form = SubscriptionSettingsForm(instance=user.subscription_settings)\r
 \r
-    notificatons_on = user.subscription_settings.enable_notifications\r
-\r
-    return {'view_user':user, 'notificatons_on': notificatons_on, 'form':form}\r
+    return {'view_user':user, 'notificatons_on': enabled, 'form':form}\r
 \r
 @login_required\r
 def account_settings(request):\r