X-Git-Url: https://git.openstreetmap.org./osqa.git/blobdiff_plain/98bb9255b9a2a2b7f49d15123864ef8bc39625e8..5283989ac4276aeef30e04acfcd7d167a3710a1f:/forum/views/auth.py diff --git a/forum/views/auth.py b/forum/views/auth.py index e3c1e6c..9b41503 100644 --- a/forum/views/auth.py +++ b/forum/views/auth.py @@ -117,7 +117,7 @@ def process_provider_signin(request, provider): uassoc = AuthKeyUserAssociation(user=request.user, key=assoc_key, provider=provider) uassoc.save() request.user.message_set.create(message=_('The new credentials are now associated with your account')) - return HttpResponseRedirect(reverse('user_authsettings')) + return HttpResponseRedirect(reverse('user_authsettings', args=[request.user.id])) return HttpResponseRedirect(reverse('auth_signin')) else: @@ -147,6 +147,7 @@ def external_register(request): if User.objects.all().count() == 0: user_.is_superuser = True + user_.is_staff = True user_.save() UserJoinsAction(user=user_, ip=request.META['REMOTE_ADDR']).save() @@ -236,7 +237,7 @@ def temp_signin(request, user, code): user = get_object_or_404(User, id=user) if (ValidationHash.objects.validate(code, user, 'templogin', [user.id])): - return login_and_forward(request, user, reverse('user_authsettings'), + return login_and_forward(request, user, reverse('user_authsettings', kwargs={'id': user.id}), _("You are logged in with a temporary access key, please take the time to fix your issue with authentication.")) else: raise Http404() @@ -259,20 +260,18 @@ def validate_email(request, user, code): raise Http404() @login_required -def auth_settings(request): - """ - change password view. +def auth_settings(request, id): + user_ = get_object_or_404(User, id=id) + + if not (request.user.is_superuser or request.user == user_): + return HttpResponseForbidden() - url : /changepw/ - template: authopenid/changepw.html - """ - user_ = request.user auth_keys = user_.auth_keys.all() - if user_.has_usable_password(): - FormClass = ChangePasswordForm - else: + if request.user.is_superuser or (not user_.has_usable_password()): FormClass = SetPasswordForm + else: + FormClass = ChangePasswordForm if request.POST: form = FormClass(request.POST, user=user_) @@ -281,13 +280,14 @@ def auth_settings(request): request.user.message_set.create(message=_("Your password was changed")) else: request.user.message_set.create(message=_("New password set")) - FormClass = ChangePasswordForm + if not request.user.is_superuser: + form = ChangePasswordForm(user=user_) user_.set_password(form.cleaned_data['password1']) user_.save() - return HttpResponseRedirect(reverse('user_authsettings')) - - form = FormClass(user=user_) + return HttpResponseRedirect(reverse('user_authsettings', kwargs={'id': user_.id})) + else: + form = FormClass(user=user_) auth_keys_list = [] @@ -306,6 +306,8 @@ def auth_settings(request): }) return render_to_response('auth/auth_settings.html', { + 'view_user': user_, + "can_view_private": (user_ == request.user) or request.user.is_superuser, 'form': form, 'has_password': user_.has_usable_password(), 'auth_keys': auth_keys_list, @@ -313,11 +315,12 @@ def auth_settings(request): def remove_external_provider(request, id): association = get_object_or_404(AuthKeyUserAssociation, id=id) - if not association.user == request.user: + if not (request.user.is_superuser or request.user == association.user): return HttpResponseForbidden() + request.user.message_set.create(message=_("You removed the association with %s") % association.provider) association.delete() - return HttpResponseRedirect(reverse('user_authsettings')) + return HttpResponseRedirect(reverse('user_authsettings', kwargs={'id': association.user.id})) def newquestion_signin_action(user): question = Question.objects.filter(author=user).order_by('-added_at')[0]