]> git.openstreetmap.org Git - osqa.git/commitdiff
Fix OSQA 33, allow users to see profile just as users see their own.
authorhernani <hernani@0cfe37f9-358a-4d5e-be75-b63607b5c754>
Thu, 13 May 2010 22:10:07 +0000 (22:10 +0000)
committerhernani <hernani@0cfe37f9-358a-4d5e-be75-b63607b5c754>
Thu, 13 May 2010 22:10:07 +0000 (22:10 +0000)
git-svn-id: http://svn.osqa.net/svnroot/osqa/trunk@267 0cfe37f9-358a-4d5e-be75-b63607b5c754

forum/skins/default/templates/users/edit.html
forum/skins/default/templates/users/info.html
forum/skins/default/templates/users/tabs.html
forum/urls.py
forum/views/auth.py
forum/views/users.py

index bdd0921ecc49cc761b8c276d8008e19981fd76f3..e21bf32e3d8c51427c32a3a4f3ba8cc3338572f5 100644 (file)
 {% endblock %}\r
 {% block content %}\r
 <div id="main-bar" class="headNormal">\r
-    {{ request.user.username }} - {% trans "edit profile" %}\r
+    {{ user.username }} - {% trans "edit profile" %}\r
 </div>\r
 <div id="main-body" style="width:100%;padding-top:10px">\r
-    <form name="" action="{% url edit_user request.user.id %}" method="post">\r
+    <form name="" action="{% url edit_user user.id %}" method="post">\r
         <div id="left" style="float:left;width:180px">\r
-            {% if request.user.email %}\r
-            {% gravatar request.user 128 %}\r
+            {% if user.email %}\r
+            {% gravatar user 128 %}\r
             {% else %}\r
             <img src="{% media  "/media/images/nophoto.png" %}">\r
             {% endif %}\r
@@ -59,7 +59,7 @@
                        {% if form.username %}\r
                            {{ form.username }} <span class="form-error"></span> {{ form.username.errors }}\r
                        {% else %}\r
-                           {{ request.user.username }}\r
+                           {{ user.username }}\r
                        {% endif %}\r
                        </td>\r
                    </tr>\r
index 38cab07e64404f9b21c5bd7cbe0df52f26581bef..728e7b3ca7b8e618f5c258dd7c3cc7cf02c601d3 100644 (file)
                     </td>
                 </tr>
                 {% endif %}
-                {% ifequal request.user view_user %}
+                {% if can_view_private %}
                 <tr>
                     <td class="user-profile-tool-links" align="left" colspan="2">
                         {% joinitems using ' | ' %}
-                            <span class="user-edit-link"><a href="{% url users %}{{ view_user.id }}/{% trans "edit/" %}">{% trans "update profile" %}</a></span>
+                            <span class="user-edit-link"><a href="{% url edit_user id=view_user.id %}">{% trans "update profile" %}</a></span>
                         {% separator %}
-                            <a href="{% url user_authsettings %}">authentication settings</a>
+                            <a href="{% url user_authsettings id=view_user.id %}">authentication settings</a>
                         {% endjoinitems %}
                     </td>
                 </tr>  
-                {% endifequal %}
+                {% endif %}
                 <tr>
                     <th colspan="2" align="left"><h3>{% trans "Registered user" %}</h3></th>
                 </tr>
index 0e0bfb091fa1e6c5e5ca67fc422cb03ea41c3873..78d0c333ca7c6e324d973b41c0742b33930c45c9 100644 (file)
         <a id="reputation" {% ifequal tab_name "reputation" %}class="on"{% endifequal %}
                        title="{% trans "graph of user reputation" %}" 
                        href="{% url user_reputation id=view_user.id,slug=user_slug %}">{% trans "reputation history" %}</a>
-        {% ifequal request.user view_user %}
+        {% if can_view_private %}
         <a id="votes" {% ifequal tab_name "votes" %}class="on"{% endifequal %} 
                        title="{% trans "user vote record" %}" href="{% url user_votes id=view_user.id,slug=user_slug %}">{% trans "casted votes" %}</a>
-        {% endifequal %}
+        {% endif %}
         <a id="favorites" {% ifequal tab_name "favorites" %}class="on"{% endifequal %} 
                        title="{% trans "questions that user selected as his/her favorite" %}"
                        href="{% url user_favorites id=view_user.id,slug=user_slug %}">{% trans "favorites" %}</a>
-        {% ifequal request.user view_user %}
+        {% if can_view_private %}
         <a id="email_subscriptions" {% ifequal tab_name "subscriptions" %}class="on"{% endifequal %} 
                        title="{% trans "email subscription settings" %}" 
                        href="{% url user_subscriptions id=view_user.id,slug=user_slug %}">{% trans "subscriptions" %}</a>
-        {% endifequal %}  
+        {% endif %}  
     </div>
 </div>
 {% endwith %}
index d6f320a0dacdca87bf7a99abbdcbf6b0e64c68c8..0d471276e279774644c9c487a64f12aeab10c40a 100644 (file)
@@ -122,7 +122,7 @@ urlpatterns += patterns('',
     url(r'^%s%s(?P<user>\d+)/(?P<code>.+)/$' % (_('account/'), _('validate/')),  app.auth.validate_email, name="auth_validate_email"),
     url(r'^%s%s$' % (_('account/'), _('tempsignin/')),  app.auth.request_temp_login, name="auth_request_tempsignin"),
     url(r'^%s%s(?P<user>\d+)/(?P<code>.+)/$' % (_('account/'), _('tempsignin/')),  app.auth.temp_signin, name="auth_tempsignin"),
-    url(r'^%s%s$' % (_('account/'), _('authsettings/')), app.auth.auth_settings, name='user_authsettings'),
+    url(r'^%s(?P<id>\d+)/%s$' % (_('account/'), _('authsettings/')), app.auth.auth_settings, name='user_authsettings'),
     url(r'^%s%s(?P<id>\d+)/%s$' % (_('account/'), _('providers/'),  _('remove/')), app.auth.remove_external_provider, name='user_remove_external_provider'),
     url(r'^%s%s%s$' % (_('account/'), _('providers/'),  _('add/')), app.auth.signin_page, name='user_add_external_provider'),
 
index e3c1e6cc99d44f1826cd346228df2349c564996f..55e7361bb529704fd55dd77f4e07d3709702cf70 100644 (file)
@@ -259,14 +259,12 @@ def validate_email(request, user, code):
         raise Http404()
 
 @login_required
-def auth_settings(request):
-    """
-    change password view.
+def auth_settings(request, id):
+    user_ = get_object_or_404(User, id=id)
+
+    if not (request.user.is_superuser or request.user == user_):
+        return HttpResponseForbidden()
 
-    url : /changepw/
-    template: authopenid/changepw.html
-    """
-    user_ = request.user
     auth_keys = user_.auth_keys.all()
 
     if user_.has_usable_password():
@@ -285,7 +283,7 @@ def auth_settings(request):
                 
             user_.set_password(form.cleaned_data['password1'])
             user_.save()
-            return HttpResponseRedirect(reverse('user_authsettings'))
+            return HttpResponseRedirect(reverse('user_authsettings', kwargs={'id': user_.id}))
     
     form = FormClass(user=user_)
 
@@ -313,11 +311,12 @@ def auth_settings(request):
 
 def remove_external_provider(request, id):
     association = get_object_or_404(AuthKeyUserAssociation, id=id)
-    if not association.user == request.user:
+    if not (request.user.is_superuser or request.user == association.user):
         return HttpResponseForbidden()
+
     request.user.message_set.create(message=_("You removed the association with %s") % association.provider)
     association.delete()
-    return HttpResponseRedirect(reverse('user_authsettings'))
+    return HttpResponseRedirect(reverse('user_authsettings', kwargs={'id': association.user.id}))
 
 def newquestion_signin_action(user):
     question = Question.objects.filter(author=user).order_by('-added_at')[0]
index fe7d7ec3534771ae0328a7740ea1cfbb232effa6..0f1c372b7d2601de2d99a5cda864c30ffd6e70a3 100644 (file)
@@ -82,8 +82,8 @@ def set_new_email(user, new_email, nomessage=False):
 @login_required\r
 def edit_user(request, id):\r
     user = get_object_or_404(User, id=id)\r
-    if request.user != user:\r
-        raise Http404\r
+    if not (request.user.is_superuser or request.user == user):\r
+        return HttpResponseForbidden()\r
     if request.method == "POST":\r
         form = EditUserForm(user, request.POST)\r
         if form.is_valid():\r
@@ -108,6 +108,7 @@ def edit_user(request, id):
     else:\r
         form = EditUserForm(user)\r
     return render_to_response('users/edit.html', {\r
+                                                'user': user,\r
                                                 'form' : form,\r
                                                 'gravatar_faq_url' : reverse('faq') + '#gravatar',\r
                                     }, context_instance=RequestContext(request))\r
@@ -118,7 +119,7 @@ def user_view(template, tab_name, tab_description, page_title, private=False):
     def decorator(fn):\r
         def decorated(request, id, slug=None):\r
             user = get_object_or_404(User, id=id)\r
-            if private and not user == request.user:\r
+            if private and not (user == request.user or request.user.is_superuser):\r
                 return HttpResponseForbidden()\r
             context = fn(request, user)\r
 \r
@@ -128,6 +129,7 @@ def user_view(template, tab_name, tab_description, page_title, private=False):
                 "tab_name" : tab_name,\r
                 "tab_description" : tab_description,\r
                 "page_title" : rev_page_title,\r
+                "can_view_private": (user == request.user) or request.user.is_superuser\r
             })\r
             return render_to_response(template, context, context_instance=RequestContext(request))\r
         return decorated\r