only superuser can set the superuser flag
This commit is contained in:
Élie Bouttier
parent
b6705084b7
commit
f26483b41a
2 changed files with 13 additions and 13 deletions
|
|
@ -4,17 +4,11 @@ from django.forms.widgets import PasswordInput
|
||||||
from accounts.models import *
|
from accounts.models import *
|
||||||
|
|
||||||
|
|
||||||
__all__ = ['UserForm', 'UserFormWithoutUsername', 'ProfileForm', 'GroupForm', 'TeamForm']
|
__all__ = ['ProfileForm', 'GroupForm', 'TeamForm']
|
||||||
|
|
||||||
|
|
||||||
user_fields=['first_name', 'last_name', 'email', 'notifications']
|
|
||||||
|
|
||||||
UserForm = modelform_factory(User,
|
|
||||||
fields=['username']+user_fields+['is_superuser'])
|
|
||||||
UserFormWithoutUsername = modelform_factory(User,
|
|
||||||
fields=user_fields+['is_superuser'])
|
|
||||||
ProfileForm = modelform_factory(User,
|
ProfileForm = modelform_factory(User,
|
||||||
fields=user_fields)
|
fields=['first_name', 'last_name', 'email', 'notifications'])
|
||||||
GroupForm = modelform_factory(Group,
|
GroupForm = modelform_factory(Group,
|
||||||
fields=['name'])
|
fields=['name'])
|
||||||
TeamForm = modelform_factory(Team,
|
TeamForm = modelform_factory(Team,
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ from django.db.models import Q
|
||||||
from django.core.exceptions import ObjectDoesNotExist
|
from django.core.exceptions import ObjectDoesNotExist
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib.auth.forms import PasswordChangeForm
|
from django.contrib.auth.forms import PasswordChangeForm
|
||||||
|
from django.forms.models import modelform_factory
|
||||||
from django import VERSION
|
from django import VERSION
|
||||||
|
|
||||||
from django.http import Http404, HttpResponse
|
from django.http import Http404, HttpResponse
|
||||||
|
|
@ -82,14 +83,19 @@ def user_details(request, user):
|
||||||
@project_perm_required('manage_accounts')
|
@project_perm_required('manage_accounts')
|
||||||
def user_edit(request, user=None):
|
def user_edit(request, user=None):
|
||||||
|
|
||||||
|
fields = []
|
||||||
if user:
|
if user:
|
||||||
user = get_object_or_404(User, id=user)
|
user = get_object_or_404(User, id=user)
|
||||||
if settings.EXTERNAL_AUTH:
|
if not settings.EXTERNAL_AUTH:
|
||||||
form = UserFormWithoutUsername(request.POST or None, instance=user)
|
fields += ['username']
|
||||||
else:
|
|
||||||
form = UserForm(request.POST or None, instance=user)
|
|
||||||
else:
|
else:
|
||||||
form = UserForm(request.POST or None)
|
fields += ['username']
|
||||||
|
fields += ['first_name', 'last_name', 'email', 'notifications']
|
||||||
|
if request.user.is_superuser:
|
||||||
|
fields += ['is_superuser']
|
||||||
|
|
||||||
|
UserForm = modelform_factory(User, fields=fields)
|
||||||
|
form = UserForm(request.POST or None, instance=user)
|
||||||
|
|
||||||
if request.method == 'POST' and form.is_valid():
|
if request.method == 'POST' and form.is_valid():
|
||||||
newuser = form.save()
|
newuser = form.save()
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue