Fixed #61 -- No more editing hashes when creating users via the admin. Created a special-case 'Add user' admin view. The change form still displays the hash, for the moment.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3520 bcc190cf-cafb-0310-a4f2-bffc1f526a37

django/contrib/admin/templates/admin/auth/user/add_form.html

@@ -0,0 +1,28 @@
+{% extends "admin/change_form.html" %}
+{% load i18n %}
+
+{% block after_field_sets %}
+
+<p>{% trans "First, enter a username and password. Then, you'll be able to edit more user options." %}</p>
+
+<fieldset class="module aligned">
+
+<div class="form-row">
+  {{ form.username.html_error_list }}
+  <label for="id_username" class="required">{% trans 'Username' %}:</label> {{ form.username }}
+  <p class="help">{{ username_help_text }}</p>
+</div>
+
+<div class="form-row">
+  {{ form.password1.html_error_list }}
+  <label for="id_password1" class="required">{% trans 'Password' %}:</label> {{ form.password1 }}
+</div>
+
+<div class="form-row">
+  {{ form.password2.html_error_list }}
+  <label for="id_password2" class="required">{% trans 'Password (again)' %}:</label> {{ form.password2 }}
+  <p class="help">{% trans 'Enter the same password as above, for verification.' %}</p>
+</div>
+
+</fieldset>
+{% endblock %}

django/contrib/admin/urls.py

@@ -28,6 +28,9 @@ urlpatterns = patterns('',
 #    ('^doc/templates/$', 'django.views.admin.doc.template_index'),
     ('^doc/templates/(?P<template>.*)/$', 'django.contrib.admin.views.doc.template_detail'),
 
+    # "Add user" -- a special-case view
+    ('^auth/user/add/$', 'django.contrib.admin.views.auth.user_add_stage'),
+
     # Add/change/delete/history
     ('^([^/]+)/([^/]+)/$', 'django.contrib.admin.views.main.change_list'),
     ('^([^/]+)/([^/]+)/add/$', 'django.contrib.admin.views.main.add_stage'),

django/contrib/admin/views/auth.py

@@ -0,0 +1,39 @@
+from django.contrib.auth.forms import UserCreationForm
+from django.contrib.auth.models import User
+from django import forms, template
+from django.shortcuts import render_to_response
+from django.http import HttpResponseRedirect
+
+def user_add_stage(request):
+    manipulator = UserCreationForm()
+    if request.method == 'POST':
+        new_data = request.POST.copy()
+        errors = manipulator.get_validation_errors(new_data)
+        if not errors:
+            new_user = manipulator.save(new_data)
+            msg = _('The %(name)s "%(obj)s" was added successfully.') % {'name': 'user', 'obj': new_user}
+            if request.POST.has_key("_addanother"):
+                request.user.message_set.create(message=msg)
+                return HttpResponseRedirect(request.path)
+            else:
+                request.user.message_set.create(message=msg + ' ' + _("You may edit it again below."))
+                return HttpResponseRedirect('../%s/' % new_user.id)
+    else:
+        errors = new_data = {}
+    form = forms.FormWrapper(manipulator, new_data, errors)
+    return render_to_response('admin/auth/user/add_form.html', {
+        'title': _('Add user'),
+        'form': form,
+        'is_popup': request.REQUEST.has_key('_popup'),
+        'add': True,
+        'change': False,
+        'has_delete_permission': False,
+        'has_change_permission': True,
+        'has_file_field': False,
+        'has_absolute_url': False,
+        'auto_populated_fields': (),
+        'bound_field_sets': (),
+        'first_form_field_id': 'id_username',
+        'opts': User._meta,
+        'username_help_text': User._meta.get_field('username').help_text,
+    }, context_instance=template.RequestContext(request))

django/contrib/auth/forms.py

@@ -5,6 +5,28 @@ from django.template import Context, loader
 from django.core import validators
 from django import forms
 
+class UserCreationForm(forms.Manipulator):
+    "A form that creates a user, with no privileges, from the given username and password."
+    def __init__(self):
+        self.fields = (
+            forms.TextField(field_name='username', length=30, maxlength=30, is_required=True,
+                validator_list=[validators.isAlphaNumeric, self.isValidUsername]),
+            forms.PasswordField(field_name='password1', length=30, maxlength=60, is_required=True),
+            forms.PasswordField(field_name='password2', length=30, maxlength=60, is_required=True,
+                validator_list=[validators.AlwaysMatchesOtherField('password1', "The two password fields didn't match.")]),
+        )
+
+    def isValidUsername(self, field_data, all_data):
+        try:
+            User.objects.get(username=field_data)
+        except User.DoesNotExist:
+            return
+        raise validators.ValidationError, 'A user with that username already exists.'
+
+    def save(self, new_data):
+        "Creates the user."
+        return User.objects.create_user(new_data['username'], '', new_data['password1'])
+
 class AuthenticationForm(forms.Manipulator):
     """
     Base class for authenticating users. Extend this to get a form that accepts