← Back to branch summary

~ubuntu-branches/ubuntu/quantal/python-django/quantal-security

« back to all changes in this revision

Viewing changes to django/contrib/auth/admin.py

  • Committer: Bazaar Package Importer
  • Author(s): Chris Lamb
  • Date: 2010-05-21 07:52:55 UTC
  • mfrom: (1.3.6 upstream)
  • mto: This revision was merged to the branch mainline in revision 28.
  • Revision ID: james.westby@ubuntu.com-20100521075255-ii78v1dyfmyu3uzx
Tags: upstream-1.2
ImportĀ upstreamĀ versionĀ 1.2

Show diffs side-by-side

added added

removed removed

Lines of Context:
django/contrib/auth/admin.py
1
1
from django import template
 
2
from django.db import transaction
2
3
from django.conf import settings
3
4
from django.contrib import admin
4
5
from django.contrib.auth.forms import UserCreationForm, UserChangeForm, AdminPasswordChangeForm
5
6
from django.contrib.auth.models import User, Group
 
7
from django.contrib import messages
6
8
from django.core.exceptions import PermissionDenied
7
9
from django.http import HttpResponseRedirect, Http404
8
10
from django.shortcuts import render_to_response, get_object_or_404
9
11
from django.template import RequestContext
10
12
from django.utils.html import escape
 
13
from django.utils.decorators import method_decorator
11
14
from django.utils.translation import ugettext, ugettext_lazy as _
 
15
from django.views.decorators.csrf import csrf_protect
 
16
 
 
17
csrf_protect_m = method_decorator(csrf_protect)
12
18
 
13
19
class GroupAdmin(admin.ModelAdmin):
14
20
    search_fields = ('name',)
16
22
    filter_horizontal = ('permissions',)
17
23
 
18
24
class UserAdmin(admin.ModelAdmin):
 
25
    add_form_template = 'admin/auth/user/add_form.html'
 
26
    change_user_password_template = None
19
27
    fieldsets = (
20
28
        (None, {'fields': ('username', 'password')}),
21
29
        (_('Personal info'), {'fields': ('first_name', 'last_name', 'email')}),
22
 
        (_('Permissions'), {'fields': ('is_staff', 'is_active', 'is_superuser', 'user_permissions')}),
 
30
        (_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser', 'user_permissions')}),
23
31
        (_('Important dates'), {'fields': ('last_login', 'date_joined')}),
24
32
        (_('Groups'), {'fields': ('groups',)}),
25
33
    )
 
34
    add_fieldsets = (
 
35
        (None, {
 
36
            'classes': ('wide',),
 
37
            'fields': ('username', 'password1', 'password2')}
 
38
        ),
 
39
    )
26
40
    form = UserChangeForm
27
41
    add_form = UserCreationForm
28
42
    change_password_form = AdminPasswordChangeForm
40
54
        if url.endswith('password'):
41
55
            return self.user_change_password(request, url.split('/')[0])
42
56
        return super(UserAdmin, self).__call__(request, url)
43
 
    
 
57
 
 
58
    def get_fieldsets(self, request, obj=None):
 
59
        if not obj:
 
60
            return self.add_fieldsets
 
61
        return super(UserAdmin, self).get_fieldsets(request, obj)
 
62
 
 
63
    def get_form(self, request, obj=None, **kwargs):
 
64
        """
 
65
        Use special form during user creation
 
66
        """
 
67
        defaults = {}
 
68
        if obj is None:
 
69
            defaults.update({
 
70
                'form': self.add_form,
 
71
                'fields': admin.util.flatten_fieldsets(self.add_fieldsets),
 
72
            })
 
73
        defaults.update(kwargs)
 
74
        return super(UserAdmin, self).get_form(request, obj, **defaults)
 
75
 
44
76
    def get_urls(self):
45
77
        from django.conf.urls.defaults import patterns
46
78
        return patterns('',
47
79
            (r'^(\d+)/password/$', self.admin_site.admin_view(self.user_change_password))
48
80
        ) + super(UserAdmin, self).get_urls()
49
81
 
50
 
    def add_view(self, request):
 
82
    @csrf_protect_m
 
83
    @transaction.commit_on_success
 
84
    def add_view(self, request, form_url='', extra_context=None):
51
85
        # It's an error for a user to have add permission but NOT change
52
86
        # permission for users. If we allowed such users to add users, they
53
87
        # could create superusers, which would mean they would essentially have
60
94
                # error message.
61
95
                raise Http404('Your user does not have the "Change user" permission. In order to add users, Django requires that your user account have both the "Add user" and "Change user" permissions set.')
62
96
            raise PermissionDenied
63
 
        if request.method == 'POST':
64
 
            form = self.add_form(request.POST)
65
 
            if form.is_valid():
66
 
                new_user = form.save()
67
 
                msg = _('The %(name)s "%(obj)s" was added successfully.') % {'name': 'user', 'obj': new_user}
68
 
                self.log_addition(request, new_user)
69
 
                if "_addanother" in request.POST:
70
 
                    request.user.message_set.create(message=msg)
71
 
                    return HttpResponseRedirect(request.path)
72
 
                elif '_popup' in request.REQUEST:
73
 
                    return self.response_add(request, new_user)
74
 
                else:
75
 
                    request.user.message_set.create(message=msg + ' ' + ugettext("You may edit it again below."))
76
 
                    return HttpResponseRedirect('../%s/' % new_user.id)
77
 
        else:
78
 
            form = self.add_form()
79
 
        return render_to_response('admin/auth/user/add_form.html', {
80
 
            'title': _('Add user'),
81
 
            'form': form,
82
 
            'is_popup': '_popup' in request.REQUEST,
83
 
            'add': True,
84
 
            'change': False,
85
 
            'has_add_permission': True,
86
 
            'has_delete_permission': False,
87
 
            'has_change_permission': True,
88
 
            'has_file_field': False,
89
 
            'has_absolute_url': False,
 
97
        if extra_context is None:
 
98
            extra_context = {}
 
99
        defaults = {
90
100
            'auto_populated_fields': (),
91
 
            'opts': self.model._meta,
92
 
            'save_as': False,
93
101
            'username_help_text': self.model._meta.get_field('username').help_text,
94
 
            'root_path': self.admin_site.root_path,
95
 
            'app_label': self.model._meta.app_label,            
96
 
        }, context_instance=template.RequestContext(request))
 
102
        }
 
103
        extra_context.update(defaults)
 
104
        return super(UserAdmin, self).add_view(request, form_url, extra_context)
97
105
 
98
106
    def user_change_password(self, request, id):
99
107
        if not self.has_change_permission(request):
104
112
            if form.is_valid():
105
113
                new_user = form.save()
106
114
                msg = ugettext('Password changed successfully.')
107
 
                request.user.message_set.create(message=msg)
 
115
                messages.success(request, msg)
108
116
                return HttpResponseRedirect('..')
109
117
        else:
110
118
            form = self.change_password_form(user)
111
 
        return render_to_response('admin/auth/user/change_password.html', {
 
119
 
 
120
        fieldsets = [(None, {'fields': form.base_fields.keys()})]
 
121
        adminForm = admin.helpers.AdminForm(form, fieldsets, {})
 
122
 
 
123
        return render_to_response(self.change_user_password_template or 'admin/auth/user/change_password.html', {
112
124
            'title': _('Change password: %s') % escape(user.username),
 
125
            'adminForm': adminForm,
113
126
            'form': form,
114
127
            'is_popup': '_popup' in request.REQUEST,
115
128
            'add': True,