From c917b62b3f5772efe422bea6bad19af33b1528f6 Mon Sep 17 00:00:00 2001
From: hernani <hernani@0cfe37f9-358a-4d5e-be75-b63607b5c754>
Date: Fri, 28 May 2010 17:05:02 +0000
Subject: [PATCH] Fixes OSQA 275, Password changing is not reliable. Makes
 superusers able to change any password without having to type the old one.
 Makes old passwords to be check against the db in every circunstancies.

git-svn-id: http://svn.osqa.net/svnroot/osqa/trunk@339 0cfe37f9-358a-4d5e-be75-b63607b5c754
---
 forum/models/comment.py |  2 +-
 forum/models/node.py    |  4 ++--
 forum/models/user.py    |  5 +++++
 forum/views/auth.py     | 13 +++++++------
 4 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/forum/models/comment.py b/forum/models/comment.py
index a70d474..793a1f7 100644
--- a/forum/models/comment.py
+++ b/forum/models/comment.py
@@ -51,7 +51,7 @@ class Comment(Node):
         return False
 
     def get_absolute_url(self):
-        return self.absolute_parent.get_absolute_url() + "#%d" % self.id
+        return self.abs_parent.get_absolute_url() + "#%d" % self.id
 
     def __unicode__(self):
         return self.body
diff --git a/forum/models/node.py b/forum/models/node.py
index 2299663..b375ec4 100644
--- a/forum/models/node.py
+++ b/forum/models/node.py
@@ -244,9 +244,9 @@ class Node(BaseModel, NodeContent):
     @property    
     def absolute_parent(self):
         if not self.abs_parent_id:
-            return self.leaf
+            return self
 
-        return self.abs_parent.leaf
+        return self.abs_parent
 
     @property
     def summary(self):
diff --git a/forum/models/user.py b/forum/models/user.py
index 6f7613a..31f4e19 100644
--- a/forum/models/user.py
+++ b/forum/models/user.py
@@ -255,6 +255,11 @@ class User(BaseModel, DjangoUser):
     def can_upload_files(self):
         return self.reputation >= int(settings.REP_TO_UPLOAD)
 
+    def check_password(self, old_passwd):
+        self.__dict__.update(self.__class__.objects.filter(id=self.id).values('password')[0])
+        return DjangoUser.check_password(self, old_passwd)
+
+
     class Meta:
         app_label = 'forum'
 
diff --git a/forum/views/auth.py b/forum/views/auth.py
index 26ce783..9b41503 100644
--- a/forum/views/auth.py
+++ b/forum/views/auth.py
@@ -268,10 +268,10 @@ def auth_settings(request, id):
 
     auth_keys = user_.auth_keys.all()
 
-    if user_.has_usable_password():
-        FormClass = ChangePasswordForm
-    else:
+    if request.user.is_superuser or (not user_.has_usable_password()):
         FormClass = SetPasswordForm
+    else:
+        FormClass = ChangePasswordForm
 
     if request.POST:
         form = FormClass(request.POST, user=user_)
@@ -280,13 +280,14 @@ def auth_settings(request, id):
                 request.user.message_set.create(message=_("Your password was changed"))
             else:
                 request.user.message_set.create(message=_("New password set"))
-                FormClass = ChangePasswordForm
+                if not request.user.is_superuser:
+                    form = ChangePasswordForm(user=user_)
                 
             user_.set_password(form.cleaned_data['password1'])
             user_.save()
             return HttpResponseRedirect(reverse('user_authsettings', kwargs={'id': user_.id}))
-    
-    form = FormClass(user=user_)
+    else:
+        form = FormClass(user=user_)
 
     auth_keys_list = []
 
-- 
2.39.5