django1/django/contrib/admin/views/auth.py

from django.contrib.admin.views.decorators import staff_member_required
from django.contrib.auth.forms import UserCreationForm, AdminPasswordChangeForm
from django.contrib.auth.models import User
from django.core.exceptions import PermissionDenied
from django import oldforms, template
from django.shortcuts import render_to_response, get_object_or_404
from django.http import HttpResponseRedirect
from django.utils.html import escape

def user_add_stage(request):
    if not request.user.has_perm('auth.change_user'):
        raise PermissionDenied
    manipulator = UserCreationForm()
    if request.method == 'POST':
        new_data = request.POST.copy()
        errors = manipulator.get_validation_errors(new_data)
        if not errors:
            new_user = manipulator.save(new_data)
            msg = _('The %(name)s "%(obj)s" was added successfully.') % {'name': 'user', 'obj': new_user}
            if "_addanother" in request.POST:
                request.user.message_set.create(message=msg)
                return HttpResponseRedirect(request.path)
            else:
                request.user.message_set.create(message=msg + ' ' + _("You may edit it again below."))
                return HttpResponseRedirect('../%s/' % new_user.id)
    else:
        errors = new_data = {}
    form = oldforms.FormWrapper(manipulator, new_data, errors)
    return render_to_response('admin/auth/user/add_form.html', {
        'title': _('Add user'),
        'form': form,
        'is_popup': '_popup' in request.REQUEST,
        'add': True,
        'change': False,
        'has_delete_permission': False,
        'has_change_permission': True,
        'has_file_field': False,
        'has_absolute_url': False,
        'auto_populated_fields': (),
        'bound_field_sets': (),
        'first_form_field_id': 'id_username',
        'opts': User._meta,
        'username_help_text': User._meta.get_field('username').help_text,
    }, context_instance=template.RequestContext(request))
user_add_stage = staff_member_required(user_add_stage)

def user_change_password(request, id):
    if not request.user.has_perm('auth.change_user'):
        raise PermissionDenied
    user = get_object_or_404(User, pk=id)
    manipulator = AdminPasswordChangeForm(user)
    if request.method == 'POST':
        new_data = request.POST.copy()
        errors = manipulator.get_validation_errors(new_data)
        if not errors:
            new_user = manipulator.save(new_data)
            msg = _('Password changed successfully.')
            request.user.message_set.create(message=msg)
            return HttpResponseRedirect('..')
    else:
        errors = new_data = {}
    form = oldforms.FormWrapper(manipulator, new_data, errors)
    return render_to_response('admin/auth/user/change_password.html', {
        'title': _('Change password: %s') % escape(user.username),
        'form': form,
        'is_popup': '_popup' in request.REQUEST,
        'add': True,
        'change': False,
        'has_delete_permission': False,
        'has_change_permission': True,
        'has_absolute_url': False,
        'first_form_field_id': 'id_password1',
        'opts': User._meta,
        'original': user,
        'show_save': True,
    }, context_instance=template.RequestContext(request))
user_change_password = staff_member_required(user_change_password)
Added staff_member_required and permission check to django.contrib.admin.views.auth.user_add_stage() -- thanks, Robert Bunting git-svn-id: http://code.djangoproject.com/svn/django/trunk@3736 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-09-08 13:38:38 +08:00			`from django.contrib.admin.views.decorators import staff_member_required`
Fixed #3166 -- Added admin 'Change user password' view. Thanks for the patch, SmileyChris git-svn-id: http://code.djangoproject.com/svn/django/trunk@4266 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-12-30 15:16:25 +08:00			`from django.contrib.auth.forms import UserCreationForm, AdminPasswordChangeForm`
Fixed #61 -- No more editing hashes when creating users via the admin. Created a special-case 'Add user' admin view. The change form still displays the hash, for the moment. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3520 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-08-04 12:18:12 +08:00			`from django.contrib.auth.models import User`
Fixed #2925 -- Added missing exception import to admin.views.auth. Thanks, SmileyChris git-svn-id: http://code.djangoproject.com/svn/django/trunk@3925 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-10-25 00:46:46 +08:00			`from django.core.exceptions import PermissionDenied`
Copied django.forms to django.oldforms and changed all code to reference django.oldforms instead of django.forms. Updated docs/forms.txt to add 'Forwards-compatibility' section that says you should not be using django.oldforms for any new projects. git-svn-id: http://code.djangoproject.com/svn/django/trunk@4208 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-12-16 02:00:50 +08:00			`from django import oldforms, template`
Fixed #3166 -- Added admin 'Change user password' view. Thanks for the patch, SmileyChris git-svn-id: http://code.djangoproject.com/svn/django/trunk@4266 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-12-30 15:16:25 +08:00			`from django.shortcuts import render_to_response, get_object_or_404`
Fixed #61 -- No more editing hashes when creating users via the admin. Created a special-case 'Add user' admin view. The change form still displays the hash, for the moment. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3520 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-08-04 12:18:12 +08:00			`from django.http import HttpResponseRedirect`
Fixed #3166 -- Added admin 'Change user password' view. Thanks for the patch, SmileyChris git-svn-id: http://code.djangoproject.com/svn/django/trunk@4266 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-12-30 15:16:25 +08:00			`from django.utils.html import escape`
Fixed #61 -- No more editing hashes when creating users via the admin. Created a special-case 'Add user' admin view. The change form still displays the hash, for the moment. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3520 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-08-04 12:18:12 +08:00
			`def user_add_stage(request):`
Added staff_member_required and permission check to django.contrib.admin.views.auth.user_add_stage() -- thanks, Robert Bunting git-svn-id: http://code.djangoproject.com/svn/django/trunk@3736 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-09-08 13:38:38 +08:00			`if not request.user.has_perm('auth.change_user'):`
			`raise PermissionDenied`
Fixed #61 -- No more editing hashes when creating users via the admin. Created a special-case 'Add user' admin view. The change form still displays the hash, for the moment. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3520 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-08-04 12:18:12 +08:00			`manipulator = UserCreationForm()`
			`if request.method == 'POST':`
			`new_data = request.POST.copy()`
			`errors = manipulator.get_validation_errors(new_data)`
			`if not errors:`
			`new_user = manipulator.save(new_data)`
			`msg = _('The %(name)s "%(obj)s" was added successfully.') % {'name': 'user', 'obj': new_user}`
Fixed #4040 -- Changed uses of has_key() to "in". Slight performance improvement and forward-compatible with future Python releases. Patch from Gary Wilson. git-svn-id: http://code.djangoproject.com/svn/django/trunk@5091 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-04-26 21:30:48 +08:00			`if "_addanother" in request.POST:`
Fixed #61 -- No more editing hashes when creating users via the admin. Created a special-case 'Add user' admin view. The change form still displays the hash, for the moment. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3520 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-08-04 12:18:12 +08:00			`request.user.message_set.create(message=msg)`
			`return HttpResponseRedirect(request.path)`
			`else:`
			`request.user.message_set.create(message=msg + ' ' + _("You may edit it again below."))`
			`return HttpResponseRedirect('../%s/' % new_user.id)`
			`else:`
			`errors = new_data = {}`
Copied django.forms to django.oldforms and changed all code to reference django.oldforms instead of django.forms. Updated docs/forms.txt to add 'Forwards-compatibility' section that says you should not be using django.oldforms for any new projects. git-svn-id: http://code.djangoproject.com/svn/django/trunk@4208 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-12-16 02:00:50 +08:00			`form = oldforms.FormWrapper(manipulator, new_data, errors)`
Fixed #61 -- No more editing hashes when creating users via the admin. Created a special-case 'Add user' admin view. The change form still displays the hash, for the moment. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3520 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-08-04 12:18:12 +08:00			`return render_to_response('admin/auth/user/add_form.html', {`
			`'title': _('Add user'),`
			`'form': form,`
Fixed #4040 -- Changed uses of has_key() to "in". Slight performance improvement and forward-compatible with future Python releases. Patch from Gary Wilson. git-svn-id: http://code.djangoproject.com/svn/django/trunk@5091 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-04-26 21:30:48 +08:00			`'is_popup': '_popup' in request.REQUEST,`
Fixed #61 -- No more editing hashes when creating users via the admin. Created a special-case 'Add user' admin view. The change form still displays the hash, for the moment. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3520 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-08-04 12:18:12 +08:00			`'add': True,`
			`'change': False,`
			`'has_delete_permission': False,`
			`'has_change_permission': True,`
			`'has_file_field': False,`
			`'has_absolute_url': False,`
			`'auto_populated_fields': (),`
			`'bound_field_sets': (),`
			`'first_form_field_id': 'id_username',`
			`'opts': User._meta,`
			`'username_help_text': User._meta.get_field('username').help_text,`
			`}, context_instance=template.RequestContext(request))`
Added staff_member_required and permission check to django.contrib.admin.views.auth.user_add_stage() -- thanks, Robert Bunting git-svn-id: http://code.djangoproject.com/svn/django/trunk@3736 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-09-08 13:38:38 +08:00			`user_add_stage = staff_member_required(user_add_stage)`
Fixed #3166 -- Added admin 'Change user password' view. Thanks for the patch, SmileyChris git-svn-id: http://code.djangoproject.com/svn/django/trunk@4266 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-12-30 15:16:25 +08:00
			`def user_change_password(request, id):`
			`if not request.user.has_perm('auth.change_user'):`
			`raise PermissionDenied`
			`user = get_object_or_404(User, pk=id)`
			`manipulator = AdminPasswordChangeForm(user)`
			`if request.method == 'POST':`
			`new_data = request.POST.copy()`
			`errors = manipulator.get_validation_errors(new_data)`
			`if not errors:`
			`new_user = manipulator.save(new_data)`
			`msg = _('Password changed successfully.')`
			`request.user.message_set.create(message=msg)`
			`return HttpResponseRedirect('..')`
			`else:`
			`errors = new_data = {}`
			`form = oldforms.FormWrapper(manipulator, new_data, errors)`
			`return render_to_response('admin/auth/user/change_password.html', {`
			`'title': _('Change password: %s') % escape(user.username),`
			`'form': form,`
Fixed #4040 -- Changed uses of has_key() to "in". Slight performance improvement and forward-compatible with future Python releases. Patch from Gary Wilson. git-svn-id: http://code.djangoproject.com/svn/django/trunk@5091 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-04-26 21:30:48 +08:00			`'is_popup': '_popup' in request.REQUEST,`
Fixed #3166 -- Added admin 'Change user password' view. Thanks for the patch, SmileyChris git-svn-id: http://code.djangoproject.com/svn/django/trunk@4266 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-12-30 15:16:25 +08:00			`'add': True,`
			`'change': False,`
			`'has_delete_permission': False,`
			`'has_change_permission': True,`
			`'has_absolute_url': False,`
			`'first_form_field_id': 'id_password1',`
			`'opts': User._meta,`
			`'original': user,`
			`'show_save': True,`
			`}, context_instance=template.RequestContext(request))`
			`user_change_password = staff_member_required(user_change_password)`