X-Git-Url: https://git.openstreetmap.org./osqa.git/blobdiff_plain/485b15b2138e19fc32b0d48a654c56d18b1f0af6..898b3bf90abe226ed3f1326c4b4ddf7fba1d430d:/forum/views/users.py

diff --git a/forum/views/users.py b/forum/views/users.py
index fe7d7ec..3e624ea 100644
--- a/forum/views/users.py
+++ b/forum/views/users.py
@@ -82,8 +82,8 @@ def set_new_email(user, new_email, nomessage=False):
 @login_required
 def edit_user(request, id):
     user = get_object_or_404(User, id=id)
-    if request.user != user:
-        raise Http404
+    if not (request.user.is_superuser or request.user == user):
+        return HttpResponseForbidden()
     if request.method == "POST":
         form = EditUserForm(user, request.POST)
         if form.is_valid():
@@ -108,17 +108,36 @@ def edit_user(request, id):
     else:
         form = EditUserForm(user)
     return render_to_response('users/edit.html', {
+                                                'user': user,
                                                 'form' : form,
                                                 'gravatar_faq_url' : reverse('faq') + '#gravatar',
                                     }, context_instance=RequestContext(request))
 
 
+@login_required
+def user_powers(request, id, action, status):
+    if not request.user.is_superuser:
+        return HttpResponseForbidden()
+
+    user = get_object_or_404(User, id=id)
+    new_state = action == 'grant'
+
+    if status == 'super':
+        user.is_superuser = new_state
+    elif status == 'staff':
+        user.is_staff = new_state
+    else:
+        raise Http404()
+
+    user.save()    
+    return HttpResponseRedirect(user.get_profile_url())
+
 
 def user_view(template, tab_name, tab_description, page_title, private=False):
     def decorator(fn):
         def decorated(request, id, slug=None):
             user = get_object_or_404(User, id=id)
-            if private and not user == request.user:
+            if private and not (user == request.user or request.user.is_superuser):
                 return HttpResponseForbidden()
             context = fn(request, user)
 
@@ -128,6 +147,7 @@ def user_view(template, tab_name, tab_description, page_title, private=False):
                 "tab_name" : tab_name,
                 "tab_description" : tab_description,
                 "page_title" : rev_page_title,
+                "can_view_private": (user == request.user) or request.user.is_superuser
             })
             return render_to_response(template, context, context_instance=RequestContext(request))
         return decorated