django1/django/contrib/admin/views/auth.py

from django.contrib.admin.views.decorators import staff_member_required
from django.contrib.auth.forms import UserCreationForm
from django.contrib.auth.models import User
from django.core.exceptions import PermissionDenied
from django import forms, template
from django.shortcuts import render_to_response
from django.http import HttpResponseRedirect

def user_add_stage(request):
    if not request.user.has_perm('auth.change_user'):
        raise PermissionDenied
    manipulator = UserCreationForm()
    if request.method == 'POST':
        new_data = request.POST.copy()
        errors = manipulator.get_validation_errors(new_data)
        if not errors:
            new_user = manipulator.save(new_data)
            msg = _('The %(name)s "%(obj)s" was added successfully.') % {'name': 'user', 'obj': new_user}
            if request.POST.has_key("_addanother"):
                request.user.message_set.create(message=msg)
                return HttpResponseRedirect(request.path)
            else:
                request.user.message_set.create(message=msg + ' ' + _("You may edit it again below."))
                return HttpResponseRedirect('../%s/' % new_user.id)
    else:
        errors = new_data = {}
    form = forms.FormWrapper(manipulator, new_data, errors)
    return render_to_response('admin/auth/user/add_form.html', {
        'title': _('Add user'),
        'form': form,
        'is_popup': request.REQUEST.has_key('_popup'),
        'add': True,
        'change': False,
        'has_delete_permission': False,
        'has_change_permission': True,
        'has_file_field': False,
        'has_absolute_url': False,
        'auto_populated_fields': (),
        'bound_field_sets': (),
        'first_form_field_id': 'id_username',
        'opts': User._meta,
        'username_help_text': User._meta.get_field('username').help_text,
    }, context_instance=template.RequestContext(request))
user_add_stage = staff_member_required(user_add_stage)
Added staff_member_required and permission check to django.contrib.admin.views.auth.user_add_stage() -- thanks, Robert Bunting git-svn-id: http://code.djangoproject.com/svn/django/trunk@3736 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-09-08 13:38:38 +08:00			`from django.contrib.admin.views.decorators import staff_member_required`
Fixed #61 -- No more editing hashes when creating users via the admin. Created a special-case 'Add user' admin view. The change form still displays the hash, for the moment. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3520 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-08-04 12:18:12 +08:00			`from django.contrib.auth.forms import UserCreationForm`
			`from django.contrib.auth.models import User`
Fixed #2925 -- Added missing exception import to admin.views.auth. Thanks, SmileyChris git-svn-id: http://code.djangoproject.com/svn/django/trunk@3925 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-10-25 00:46:46 +08:00			`from django.core.exceptions import PermissionDenied`
Fixed #61 -- No more editing hashes when creating users via the admin. Created a special-case 'Add user' admin view. The change form still displays the hash, for the moment. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3520 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-08-04 12:18:12 +08:00			`from django import forms, template`
			`from django.shortcuts import render_to_response`
			`from django.http import HttpResponseRedirect`

			`def user_add_stage(request):`
Added staff_member_required and permission check to django.contrib.admin.views.auth.user_add_stage() -- thanks, Robert Bunting git-svn-id: http://code.djangoproject.com/svn/django/trunk@3736 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-09-08 13:38:38 +08:00			`if not request.user.has_perm('auth.change_user'):`
			`raise PermissionDenied`
Fixed #61 -- No more editing hashes when creating users via the admin. Created a special-case 'Add user' admin view. The change form still displays the hash, for the moment. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3520 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-08-04 12:18:12 +08:00			`manipulator = UserCreationForm()`
			`if request.method == 'POST':`
			`new_data = request.POST.copy()`
			`errors = manipulator.get_validation_errors(new_data)`
			`if not errors:`
			`new_user = manipulator.save(new_data)`
			`msg = _('The %(name)s "%(obj)s" was added successfully.') % {'name': 'user', 'obj': new_user}`
			`if request.POST.has_key("_addanother"):`
			`request.user.message_set.create(message=msg)`
			`return HttpResponseRedirect(request.path)`
			`else:`
			`request.user.message_set.create(message=msg + ' ' + _("You may edit it again below."))`
			`return HttpResponseRedirect('../%s/' % new_user.id)`
			`else:`
			`errors = new_data = {}`
			`form = forms.FormWrapper(manipulator, new_data, errors)`
			`return render_to_response('admin/auth/user/add_form.html', {`
			`'title': _('Add user'),`
			`'form': form,`
			`'is_popup': request.REQUEST.has_key('_popup'),`
			`'add': True,`
			`'change': False,`
			`'has_delete_permission': False,`
			`'has_change_permission': True,`
			`'has_file_field': False,`
			`'has_absolute_url': False,`
			`'auto_populated_fields': (),`
			`'bound_field_sets': (),`
			`'first_form_field_id': 'id_username',`
			`'opts': User._meta,`
			`'username_help_text': User._meta.get_field('username').help_text,`
			`}, context_instance=template.RequestContext(request))`
Added staff_member_required and permission check to django.contrib.admin.views.auth.user_add_stage() -- thanks, Robert Bunting git-svn-id: http://code.djangoproject.com/svn/django/trunk@3736 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-09-08 13:38:38 +08:00			`user_add_stage = staff_member_required(user_add_stage)`