2008-12-25 14:17:42 +08:00
from django import template
from django . conf import settings
from django . contrib import admin
from django . contrib . auth . forms import UserCreationForm , UserChangeForm , AdminPasswordChangeForm
2008-07-19 07:54:34 +08:00
from django . contrib . auth . models import User , Group
from django . core . exceptions import PermissionDenied
2008-12-25 14:17:42 +08:00
from django . http import HttpResponseRedirect , Http404
2008-08-10 17:43:48 +08:00
from django . shortcuts import render_to_response , get_object_or_404
from django . template import RequestContext
from django . utils . html import escape
2008-07-19 07:54:34 +08:00
from django . utils . translation import ugettext , ugettext_lazy as _
class GroupAdmin ( admin . ModelAdmin ) :
search_fields = ( ' name ' , )
ordering = ( ' name ' , )
filter_horizontal = ( ' permissions ' , )
class UserAdmin ( admin . ModelAdmin ) :
fieldsets = (
( None , { ' fields ' : ( ' username ' , ' password ' ) } ) ,
( _ ( ' Personal info ' ) , { ' fields ' : ( ' first_name ' , ' last_name ' , ' email ' ) } ) ,
( _ ( ' Permissions ' ) , { ' fields ' : ( ' is_staff ' , ' is_active ' , ' is_superuser ' , ' user_permissions ' ) } ) ,
( _ ( ' Important dates ' ) , { ' fields ' : ( ' last_login ' , ' date_joined ' ) } ) ,
( _ ( ' Groups ' ) , { ' fields ' : ( ' groups ' , ) } ) ,
)
2008-08-26 01:10:20 +08:00
form = UserChangeForm
2008-08-10 12:22:21 +08:00
add_form = UserCreationForm
2008-08-10 17:43:48 +08:00
change_password_form = AdminPasswordChangeForm
2008-07-19 07:54:34 +08:00
list_display = ( ' username ' , ' email ' , ' first_name ' , ' last_name ' , ' is_staff ' )
list_filter = ( ' is_staff ' , ' is_superuser ' )
search_fields = ( ' username ' , ' first_name ' , ' last_name ' , ' email ' )
ordering = ( ' username ' , )
filter_horizontal = ( ' user_permissions ' , )
2008-08-24 05:45:36 +08:00
2008-08-10 17:43:48 +08:00
def __call__ ( self , request , url ) :
# this should not be here, but must be due to the way __call__ routes
# in ModelAdmin.
if url is None :
return self . changelist_view ( request )
if url . endswith ( ' password ' ) :
return self . user_change_password ( request , url . split ( ' / ' ) [ 0 ] )
return super ( UserAdmin , self ) . __call__ ( request , url )
2008-08-24 05:45:36 +08:00
2008-07-19 07:54:34 +08:00
def add_view ( self , request ) :
2008-12-25 14:04:11 +08:00
# It's an error for a user to have add permission but NOT change
# permission for users. If we allowed such users to add users, they
# could create superusers, which would mean they would essentially have
# the permission to change users. To avoid the problem entirely, we
# disallow users from adding users if they don't have change
# permission.
2008-07-19 07:54:34 +08:00
if not self . has_change_permission ( request ) :
2008-12-25 14:17:42 +08:00
if self . has_add_permission ( request ) and settings . DEBUG :
# Raise Http404 in debug mode so that the user gets a helpful
# error message.
raise Http404 ( ' Your user does not have the " Change user " permission. In order to add users, Django requires that your user account have both the " Add user " and " Change user " permissions set. ' )
2008-07-19 07:54:34 +08:00
raise PermissionDenied
if request . method == ' POST ' :
2008-08-10 12:22:21 +08:00
form = self . add_form ( request . POST )
2008-07-19 07:54:34 +08:00
if form . is_valid ( ) :
new_user = form . save ( )
msg = _ ( ' The %(name)s " %(obj)s " was added successfully. ' ) % { ' name ' : ' user ' , ' obj ' : new_user }
2008-08-24 05:45:36 +08:00
self . log_addition ( request , new_user )
2008-07-19 07:54:34 +08:00
if " _addanother " in request . POST :
request . user . message_set . create ( message = msg )
return HttpResponseRedirect ( request . path )
2008-09-01 05:24:33 +08:00
elif ' _popup ' in request . REQUEST :
return self . response_add ( request , new_user )
2008-07-19 07:54:34 +08:00
else :
request . user . message_set . create ( message = msg + ' ' + ugettext ( " You may edit it again below. " ) )
return HttpResponseRedirect ( ' ../ %s / ' % new_user . id )
else :
2008-08-10 12:22:21 +08:00
form = self . add_form ( )
2008-07-19 07:54:34 +08:00
return render_to_response ( ' admin/auth/user/add_form.html ' , {
' title ' : _ ( ' Add user ' ) ,
' form ' : form ,
' is_popup ' : ' _popup ' in request . REQUEST ,
' add ' : True ,
' change ' : False ,
' has_add_permission ' : True ,
' has_delete_permission ' : False ,
' has_change_permission ' : True ,
' has_file_field ' : False ,
' has_absolute_url ' : False ,
' auto_populated_fields ' : ( ) ,
2008-08-10 12:22:21 +08:00
' opts ' : self . model . _meta ,
2008-07-19 07:54:34 +08:00
' save_as ' : False ,
2008-08-10 12:22:21 +08:00
' username_help_text ' : self . model . _meta . get_field ( ' username ' ) . help_text ,
2008-07-19 07:54:34 +08:00
' root_path ' : self . admin_site . root_path ,
2008-08-24 14:46:53 +08:00
' app_label ' : self . model . _meta . app_label ,
2008-07-19 07:54:34 +08:00
} , context_instance = template . RequestContext ( request ) )
2008-08-24 05:45:36 +08:00
2008-08-10 17:43:48 +08:00
def user_change_password ( self , request , id ) :
if not request . user . has_perm ( ' auth.change_user ' ) :
raise PermissionDenied
user = get_object_or_404 ( self . model , pk = id )
if request . method == ' POST ' :
form = self . change_password_form ( user , request . POST )
if form . is_valid ( ) :
new_user = form . save ( )
msg = ugettext ( ' Password changed successfully. ' )
request . user . message_set . create ( message = msg )
return HttpResponseRedirect ( ' .. ' )
else :
form = self . change_password_form ( user )
return render_to_response ( ' admin/auth/user/change_password.html ' , {
' title ' : _ ( ' Change password: %s ' ) % escape ( user . username ) ,
' form ' : form ,
' is_popup ' : ' _popup ' in request . REQUEST ,
' add ' : True ,
' change ' : False ,
' has_delete_permission ' : False ,
' has_change_permission ' : True ,
' has_absolute_url ' : False ,
' opts ' : self . model . _meta ,
' original ' : user ,
' save_as ' : False ,
' show_save ' : True ,
' root_path ' : self . admin_site . root_path ,
} , context_instance = RequestContext ( request ) )
2008-07-19 07:54:34 +08:00
admin . site . register ( Group , GroupAdmin )
admin . site . register ( User , UserAdmin )