{% endblock %}\r
{% block content %}\r
<div id="main-bar" class="headNormal">\r
- {{ request.user.username }} - {% trans "edit profile" %}\r
+ {{ user.username }} - {% trans "edit profile" %}\r
</div>\r
<div id="main-body" style="width:100%;padding-top:10px">\r
- <form name="" action="{% url edit_user request.user.id %}" method="post">\r
+ <form name="" action="{% url edit_user user.id %}" method="post">\r
<div id="left" style="float:left;width:180px">\r
- {% if request.user.email %}\r
- {% gravatar request.user 128 %}\r
+ {% if user.email %}\r
+ {% gravatar user 128 %}\r
{% else %}\r
<img src="{% media "/media/images/nophoto.png" %}">\r
{% endif %}\r
{% if form.username %}\r
{{ form.username }} <span class="form-error"></span> {{ form.username.errors }}\r
{% else %}\r
- {{ request.user.username }}\r
+ {{ user.username }}\r
{% endif %}\r
</td>\r
</tr>\r
</td>
</tr>
{% endif %}
- {% ifequal request.user view_user %}
+ {% if can_view_private %}
<tr>
<td class="user-profile-tool-links" align="left" colspan="2">
{% joinitems using ' | ' %}
- <span class="user-edit-link"><a href="{% url users %}{{ view_user.id }}/{% trans "edit/" %}">{% trans "update profile" %}</a></span>
+ <span class="user-edit-link"><a href="{% url edit_user id=view_user.id %}">{% trans "update profile" %}</a></span>
{% separator %}
- <a href="{% url user_authsettings %}">authentication settings</a>
+ <a href="{% url user_authsettings id=view_user.id %}">authentication settings</a>
{% endjoinitems %}
</td>
</tr>
- {% endifequal %}
+ {% endif %}
<tr>
<th colspan="2" align="left"><h3>{% trans "Registered user" %}</h3></th>
</tr>
<a id="reputation" {% ifequal tab_name "reputation" %}class="on"{% endifequal %}
title="{% trans "graph of user reputation" %}"
href="{% url user_reputation id=view_user.id,slug=user_slug %}">{% trans "reputation history" %}</a>
- {% ifequal request.user view_user %}
+ {% if can_view_private %}
<a id="votes" {% ifequal tab_name "votes" %}class="on"{% endifequal %}
title="{% trans "user vote record" %}" href="{% url user_votes id=view_user.id,slug=user_slug %}">{% trans "casted votes" %}</a>
- {% endifequal %}
+ {% endif %}
<a id="favorites" {% ifequal tab_name "favorites" %}class="on"{% endifequal %}
title="{% trans "questions that user selected as his/her favorite" %}"
href="{% url user_favorites id=view_user.id,slug=user_slug %}">{% trans "favorites" %}</a>
- {% ifequal request.user view_user %}
+ {% if can_view_private %}
<a id="email_subscriptions" {% ifequal tab_name "subscriptions" %}class="on"{% endifequal %}
title="{% trans "email subscription settings" %}"
href="{% url user_subscriptions id=view_user.id,slug=user_slug %}">{% trans "subscriptions" %}</a>
- {% endifequal %}
+ {% endif %}
</div>
</div>
{% endwith %}
url(r'^%s%s(?P<user>\d+)/(?P<code>.+)/$' % (_('account/'), _('validate/')), app.auth.validate_email, name="auth_validate_email"),
url(r'^%s%s$' % (_('account/'), _('tempsignin/')), app.auth.request_temp_login, name="auth_request_tempsignin"),
url(r'^%s%s(?P<user>\d+)/(?P<code>.+)/$' % (_('account/'), _('tempsignin/')), app.auth.temp_signin, name="auth_tempsignin"),
- url(r'^%s%s$' % (_('account/'), _('authsettings/')), app.auth.auth_settings, name='user_authsettings'),
+ url(r'^%s(?P<id>\d+)/%s$' % (_('account/'), _('authsettings/')), app.auth.auth_settings, name='user_authsettings'),
url(r'^%s%s(?P<id>\d+)/%s$' % (_('account/'), _('providers/'), _('remove/')), app.auth.remove_external_provider, name='user_remove_external_provider'),
url(r'^%s%s%s$' % (_('account/'), _('providers/'), _('add/')), app.auth.signin_page, name='user_add_external_provider'),
raise Http404()
@login_required
-def auth_settings(request):
- """
- change password view.
+def auth_settings(request, id):
+ user_ = get_object_or_404(User, id=id)
+
+ if not (request.user.is_superuser or request.user == user_):
+ return HttpResponseForbidden()
- url : /changepw/
- template: authopenid/changepw.html
- """
- user_ = request.user
auth_keys = user_.auth_keys.all()
if user_.has_usable_password():
user_.set_password(form.cleaned_data['password1'])
user_.save()
- return HttpResponseRedirect(reverse('user_authsettings'))
+ return HttpResponseRedirect(reverse('user_authsettings', kwargs={'id': user_.id}))
form = FormClass(user=user_)
def remove_external_provider(request, id):
association = get_object_or_404(AuthKeyUserAssociation, id=id)
- if not association.user == request.user:
+ if not (request.user.is_superuser or request.user == association.user):
return HttpResponseForbidden()
+
request.user.message_set.create(message=_("You removed the association with %s") % association.provider)
association.delete()
- return HttpResponseRedirect(reverse('user_authsettings'))
+ return HttpResponseRedirect(reverse('user_authsettings', kwargs={'id': association.user.id}))
def newquestion_signin_action(user):
question = Question.objects.filter(author=user).order_by('-added_at')[0]
@login_required\r
def edit_user(request, id):\r
user = get_object_or_404(User, id=id)\r
- if request.user != user:\r
- raise Http404\r
+ if not (request.user.is_superuser or request.user == user):\r
+ return HttpResponseForbidden()\r
if request.method == "POST":\r
form = EditUserForm(user, request.POST)\r
if form.is_valid():\r
else:\r
form = EditUserForm(user)\r
return render_to_response('users/edit.html', {\r
+ 'user': user,\r
'form' : form,\r
'gravatar_faq_url' : reverse('faq') + '#gravatar',\r
}, context_instance=RequestContext(request))\r
def decorator(fn):\r
def decorated(request, id, slug=None):\r
user = get_object_or_404(User, id=id)\r
- if private and not user == request.user:\r
+ if private and not (user == request.user or request.user.is_superuser):\r
return HttpResponseForbidden()\r
context = fn(request, user)\r
\r
"tab_name" : tab_name,\r
"tab_description" : tab_description,\r
"page_title" : rev_page_title,\r
+ "can_view_private": (user == request.user) or request.user.is_superuser\r
})\r
return render_to_response(template, context, context_instance=RequestContext(request))\r
return decorated\r
projects / osqa.git / commitdiff