- # ------------------------------------------------------------------------
- # stuff copied from ModelAdmin.UserAdmin
- # ------------------------------------------------------------------------
- def get_fieldsets(self, request, obj=None):
- if not obj:\r
- return self.add_fieldsets\r
- return super(UserAdmin, self).get_fieldsets(request, obj)
-
- def get_form(self, request, obj=None, **kwargs):
- """\r
- Use special form during user creation\r
- """\r
- defaults = {}\r
- if obj is None:\r
- defaults['form'] = self.add_form\r
- defaults.update(kwargs)\r
- return super(UserAdmin, self).get_form(request, obj, **defaults)\r
-\r
- def get_urls(self):\r
- from django.conf.urls import patterns\r
- return patterns('',\r
- (r'^(\d+)/password/$',\r
- self.admin_site.admin_view(self.user_change_password))\r
- ) + super(UserAdmin, self).get_urls()\r
-\r
- def lookup_allowed(self, lookup, value):\r
- # See #20078: we don't want to allow any lookups involving passwords.\r
- if lookup.startswith('password'):\r
- return False\r
- return super(UserAdmin, self).lookup_allowed(lookup, value)\r
-\r
- @sensitive_post_parameters_m\r
- @csrf_protect_m\r
- @transaction.atomic\r
- def add_view(self, request, form_url='', extra_context=None):\r
- # It's an error for a user to have add permission but NOT change\r
- # permission for users. If we allowed such users to add users, they\r
- # could create superusers, which would mean they would essentially have\r
- # the permission to change users. To avoid the problem entirely, we\r
- # disallow users from adding users if they don't have change\r
- # permission.\r
- if not self.has_change_permission(request):\r
- if self.has_add_permission(request) and settings.DEBUG:\r
- # Raise Http404 in debug mode so that the user gets a helpful\r
- # error message.\r
- raise Http404(\r
- 'Your user does not have the "Change user" permission. In '\r
- 'order to add users, Django requires that your user '\r
- 'account have both the "Add user" and "Change user" '\r
- 'permissions set.')\r
- raise PermissionDenied\r
- if extra_context is None:\r
- extra_context = {}\r
- username_field = self.model._meta.get_field(self.model.USERNAME_FIELD)\r
- defaults = {\r
- 'auto_populated_fields': (),\r
- 'username_help_text': username_field.help_text,\r
- }\r
- extra_context.update(defaults)\r
- return super(UserAdmin, self).add_view(request, form_url,\r
- extra_context)\r
-\r
- @sensitive_post_parameters_m\r
- def user_change_password(self, request, id, form_url=''):\r
- if not self.has_change_permission(request):\r
- raise PermissionDenied\r
- user = get_object_or_404(self.get_queryset(request), pk=id)\r
- if request.method == 'POST':\r
- form = self.change_password_form(user, request.POST)\r
- if form.is_valid():\r
- form.save()\r
- change_message = self.construct_change_message(request, form, None)\r
- self.log_change(request, user, change_message)\r
- msg = ugettext('Password changed successfully.')\r
- messages.success(request, msg)\r
- update_session_auth_hash(request, form.user)\r
- return HttpResponseRedirect('..')\r
- else:\r
- form = self.change_password_form(user)\r
-\r
- fieldsets = [(None, {'fields': list(form.base_fields)})]\r
- adminForm = admin.helpers.AdminForm(form, fieldsets, {})\r
-\r
- context = {\r
- 'title': _('Change password: %s') % escape(user.get_username()),\r
- 'adminForm': adminForm,\r
- 'form_url': form_url,\r
- 'form': form,\r
- 'is_popup': (IS_POPUP_VAR in request.POST or\r
- IS_POPUP_VAR in request.GET),\r
- 'add': True,\r
- 'change': False,\r
- 'has_delete_permission': False,\r
- 'has_change_permission': True,\r
- 'has_absolute_url': False,\r
- 'opts': self.model._meta,\r
- 'original': user,\r
- 'save_as': False,\r
- 'show_save': True,\r
- }\r
- context.update(admin.site.each_context())\r
- return TemplateResponse(request,\r
- self.change_user_password_template or\r
- 'admin/auth/user/change_password.html',\r
- context, current_app=self.admin_site.name)\r
-\r
- def response_add(self, request, obj, post_url_continue=None):\r
- """\r
- Determines the HttpResponse for the add_view stage. It mostly defers to\r
- its superclass implementation but is customized because the User model\r
- has a slightly different workflow.\r
- """\r
- # We should allow further modification of the user just added i.e. the\r
- # 'Save' button should behave like the 'Save and continue editing'\r
- # button except in two scenarios:\r
- # * The user has pressed the 'Save and add another' button\r
- # * We are adding a user in a popup\r
- if '_addanother' not in request.POST and IS_POPUP_VAR not in request.POST:\r
- request.POST['_continue'] = 1\r
- return super(UserAdmin, self).response_add(request, obj,\r
- post_url_continue)
-
- # ------------------------------------------------------------------------
- # end stuff copied from ModelAdmin.UserAdmin
- # ------------------------------------------------------------------------
-