Make editing another profiles

7 years ago · e0c382001e
7 changed files with 73 additions and 59 deletions
--- a/accounts_app/locale/ru/LC_MESSAGES/django.po
+++ b/accounts_app/locale/ru/LC_MESSAGES/django.po
@ -376,3 +376,9 @@ msgstr "Сотрудник"

 msgid "Saved successfully"
 msgstr "Успешно сохранено"
+
+msgid "Options"
+msgstr "Настройки"
+
+msgid "Name and surname"
+msgstr "Имя и отчество"
--- a/accounts_app/templates/accounts/ext.htm
+++ b/accounts_app/templates/accounts/ext.htm
@ -26,6 +26,13 @@
                            <span class="glyphicon glyphicon-edit"></span>
                            <span class="hidden-sm hidden-md">{% trans 'Edit' %}</span>
                        </a>
+                    {% else %}
+                        {% if request.user.is_superuser %}
+                            <a href="{% url 'acc_app:edit_profile' userprofile.id %}" class="btn btn-primary">
+                                <span class="glyphicon glyphicon-edit"></span>
+                                <span class="hidden-sm hidden-md">{% trans 'Edit' %}</span>
+                            </a>
+                        {% endif %}
                    {% endif %}
                    {% if request.user.is_superuser %}
                        <a href="{% url 'acc_app:setup_perms' userprofile.pk %}" class="btn btn-default"
--- a/accounts_app/templates/accounts/index.html
+++ b/accounts_app/templates/accounts/index.html
@ -6,29 +6,29 @@
    <table class="table-striped table-bordered">
        <tbody>
        <tr>
-            <td class="col-sm-4">{% trans 'Telephone' %}</td>
-            <td><a href="tel:{{ userprofile.telephone }}">{{ userprofile.telephone }}</a></td>
+            <td class="col-sm-2">{% trans 'Telephone' %}</td>
+            <td class="col-sm-10"><a href="tel:{{ userprofile.telephone }}">{{ userprofile.telephone }}</a></td>
        </tr>
        <tr>
-            <td>{% trans 'User name' %}</td>
-            <td>{{ userprofile.username }}</td>
+            <td class="col-sm-2">{% trans 'User name' %}</td>
+            <td class="col-sm-10">{{ userprofile.username }}</td>
        </tr>
        <tr>
-            <td>{% trans 'Name and surname' %}</td>
-            <td>{{ userprofile.fio }}</td>
+            <td class="col-sm-2">{% trans 'Name and surname' %}</td>
+            <td class="col-sm-10">{{ userprofile.fio }}</td>
        </tr>
        <tr>
-            <td>{% trans 'Is enable' %}</td>
-            <td><input type="checkbox" {{ userprofile.is_active|yesno:' checked,' }}></td>
+            <td class="col-sm-2">{% trans 'Is enable' %}</td>
+            <td class="col-sm-10"><input type="checkbox" {{ userprofile.is_active|yesno:' checked,' }}></td>
        </tr>
        <tr>
-            <td>{% trans 'Last login' %}</td>
-            <td>{{ userprofile.last_login|date:"l d E Y H:i" }}</td>
+            <td class="col-sm-2">{% trans 'Last login' %}</td>
+            <td class="col-sm-10">{{ userprofile.last_login|date:"l d E Y H:i" }}</td>
        </tr>
        {% if request.user.is_superuser %}
            <tr>
-                <td>{% trans 'All permissions' %}</td>
-                <td><input type="checkbox"{{ userprofile.is_staff|yesno:' checked,' }}></td>
+                <td class="col-sm-2">{% trans 'All permissions' %}</td>
+                <td class="col-sm-10"><input type="checkbox"{{ userprofile.is_staff|yesno:' checked,' }}></td>
            </tr>
        {% endif %}
        </tbody>
--- a/accounts_app/templates/accounts/settings/userprofile_form.html
+++ b/accounts_app/templates/accounts/settings/userprofile_form.html
--- a/accounts_app/urls.py
+++ b/accounts_app/urls.py
@ -11,14 +11,15 @@ urlpatterns = [
    path('logout/', LogoutView.as_view(next_page='acc_app:login'), name='logout'),
    path('login_by_location/', views.location_login, name='llogin'),

-    path('me/', views.profile_show, name='profile'),
+    path('me/', views.UpdateSelfAccount.as_view(), name='profile'),

    path('add/', views.create_profile, name='create_profile'),

    path('settings/', views.UpdateSelfAccount.as_view(), name='setup_info'),
    path('settings/change_ava/', views.AvatarUpdateView.as_view(), name='setup_avatar'),

-    path('<int:uid>/', views.profile_show, name='other_profile'),
+    path('<int:uid>/', views.ProfileShowDetailView.as_view(), name='other_profile'),
+    path('<int:uid>/edit/', views.UpdateAccount.as_view(), name='edit_profile'),
    path('<int:uid>/perms/', views.PermsUpdateView.as_view(), name='setup_perms'),
    path('<int:uid>/perms/object/', views.perms_object, name='setup_perms_object'),

--- a/accounts_app/views.py
+++ b/accounts_app/views.py
@ -1,6 +1,6 @@
 from django.apps import apps
 from django.contrib.auth.decorators import login_required
-from django.contrib.auth import logout, login, authenticate
+from django.contrib.auth import login, authenticate
 from django.contrib.auth.forms import AuthenticationForm
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.views import LoginView
@ -11,22 +11,19 @@ from django.contrib import messages
 from django.urls import NoReverseMatch
 from django.utils.decorators import method_decorator
 from django.utils.translation import ugettext as _
-from django.views.generic import ListView, UpdateView
+from django.views.generic import ListView, UpdateView, DetailView
 from django.conf import settings

 from group_app.models import Group

 from .models import UserProfile, UserProfileLog
 from .forms import AvatarChangeForm, UserPermissionsForm, MyUserObjectPermissionsForm, UserProfileForm
-from djing import lib
 from djing.lib.decorators import only_admins
+from djing.lib.mixins import OnlyAdminsMixin, LoginAdminPermissionMixin, OnlySuperUserMixin
 from guardian.decorators import permission_required_or_403 as permission_required
 from guardian.shortcuts import get_objects_for_user, assign_perm, remove_perm


-login_decs = login_required, only_admins
-
-
 class CustomLoginView(LoginView):
    template_name = 'accounts/login.html'

@ -63,34 +60,27 @@ def location_login(request):
        return redirect('client_side:home')


-@login_required
-@only_admins
-def profile_show(request, uid=0):
-    uid = lib.safe_int(uid)
+class ProfileShowDetailView(LoginRequiredMixin, OnlyAdminsMixin, DetailView):
+    model = UserProfile
+    pk_url_kwarg = 'uid'
+    template_name = 'accounts/index.html'
+    context_object_name = 'userprofile'

+    def get_context_data(self, **kwargs):
+        context = {
+            'uid': self.kwargs.get('uid')
+        }
+        context.update(kwargs)
+        return super(ProfileShowDetailView, self).get_context_data(**context)
+
+    def dispatch(self, request, *args, **kwargs):
+        uid = self.kwargs.get('uid')
        if uid == 0:
            return redirect('acc_app:other_profile', uid=request.user.id)
+        return super(ProfileShowDetailView, self).dispatch(request, *args, **kwargs)

-    usr = get_object_or_404(UserProfile, id=uid)
-    if request.user != usr and not request.user.has_perm('accounts_app.view_userprofile', usr):
-        raise PermissionDenied
-    if request.method == 'POST':
-        usr.username = request.POST.get('username')
-        usr.fio = request.POST.get('fio')
-        usr.telephone = request.POST.get('telephone')
-        usr.is_active = request.POST.get('stat')
-        usr.is_admin = request.POST.get('is_admin')
-        usr.save()
-        return redirect('acc_app:other_profile', uid=uid)
-
-    return render(request, 'accounts/index.html', {
-        'uid': uid,
-        'userprofile': usr
-    })

-
-@method_decorator(login_decs, name='dispatch')
-class AvatarUpdateView(UpdateView):
+class AvatarUpdateView(LoginRequiredMixin, OnlyAdminsMixin, UpdateView):
    form_class = AvatarChangeForm
    template_name = 'accounts/settings/ch_info.html'

@ -101,20 +91,26 @@ class AvatarUpdateView(UpdateView):
        return resolve_url('acc_app:other_profile', uid=self.request.user.id)


-class UpdateSelfAccount(LoginRequiredMixin, UpdateView):
+class UpdateAccount(LoginRequiredMixin, OnlySuperUserMixin, UpdateView):
    form_class = UserProfileForm
-    model = UserProfile
-    template_name = 'accounts/userprofile_form.html'
+    pk_url_kwarg = 'uid'

-    def get_object(self, queryset=None):
-        return self.request.user
+    model = UserProfile
+    template_name = 'accounts/settings/userprofile_form.html'

    def form_valid(self, form):
-        r = super(UpdateSelfAccount, self).form_valid(form)
+        r = super(UpdateAccount, self).form_valid(form)
        messages.success(self.request, _('Saved successfully'))
        return r


+class UpdateSelfAccount(UpdateAccount):
+    form_class = UserProfileForm
+
+    def get_object(self, queryset=None):
+        return self.request.user
+
+
@login_required
@only_admins
@permission_required('accounts_app.add_userprofile')
@ -165,8 +161,7 @@ def delete_profile(request, uid: int):
    return redirect('acc_app:accounts_list')


-@method_decorator(login_decs, name='dispatch')
-class AccountsListView(ListView):
+class AccountsListView(LoginRequiredMixin, OnlyAdminsMixin, ListView):
    http_method_names = 'get',
    paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10)
    template_name = 'accounts/acc_list.html'
@ -227,8 +222,7 @@ class PermsUpdateView(UpdateView):
        return super(PermsUpdateView, self).form_valid(form)


-@method_decorator(login_decs, name='dispatch')
-class PermissionClassListView(ListView):
+class PermissionClassListView(LoginRequiredMixin, OnlyAdminsMixin, ListView):
    http_method_names = 'get',
    paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10)
    template_name = 'accounts/perms/object/objects_of_type.html'
@ -308,8 +302,7 @@ def set_abon_groups_permission(request, uid: int):
    })


-@method_decorator(login_decs, name='dispatch')
-class ManageResponsibilityGroups(ListView):
+class ManageResponsibilityGroups(LoginRequiredMixin, OnlyAdminsMixin, ListView):
    http_method_names = ('get', 'post')
    template_name = 'accounts/manage_responsibility_groups.html'
    context_object_name = 'groups'
@ -339,11 +332,10 @@ class ManageResponsibilityGroups(ListView):
        return HttpResponseRedirect(self.get_success_url())


-@method_decorator(login_decs, name='dispatch')
-@method_decorator(permission_required('accounts_app.view_userprofilelog'), name='dispatch')
-class ActionListView(ListView):
+class ActionListView(LoginAdminPermissionMixin, ListView):
    paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10)
    template_name = 'accounts/action_log.html'
+    permission_required = 'accounts_app.view_userprofilelog'
    model = UserProfileLog

    def get_queryset(self):
--- a/djing/lib/mixins.py
+++ b/djing/lib/mixins.py
@ -2,6 +2,14 @@ from django.contrib.auth.mixins import AccessMixin, LoginRequiredMixin
 from guardian.mixins import PermissionRequiredMixin


+class OnlySuperUserMixin(AccessMixin):
+    """Verify that the current user is superuser."""
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_superuser:
+            return self.handle_no_permission()
+        return super().dispatch(request, *args, **kwargs)
+
+
 class OnlyAdminsMixin(AccessMixin):
    """Verify that the current user is admin."""
    def dispatch(self, request, *args, **kwargs):