+ # ------------------------------------------------------------------------
+ # stuff copied from ModelAdmin.UserAdmin
+ # ------------------------------------------------------------------------
+ def get_fieldsets(self, request, obj=None):
+ if not obj:\r
+ return self.add_fieldsets\r
+ return super(UserAdmin, self).get_fieldsets(request, obj)
+
+ def get_form(self, request, obj=None, **kwargs):
+ """\r
+ Use special form during user creation\r
+ """\r
+ defaults = {}\r
+ if obj is None:\r
+ defaults['form'] = self.add_form\r
+ defaults.update(kwargs)\r
+ return super(UserAdmin, self).get_form(request, obj, **defaults)\r
+\r
+ def get_urls(self):\r
+ from django.conf.urls import patterns\r
+ return patterns('',\r
+ (r'^(\d+)/password/$',\r
+ self.admin_site.admin_view(self.user_change_password))\r
+ ) + super(UserAdmin, self).get_urls()\r
+\r
+ def lookup_allowed(self, lookup, value):\r
+ # See #20078: we don't want to allow any lookups involving passwords.\r
+ if lookup.startswith('password'):\r
+ return False\r
+ return super(UserAdmin, self).lookup_allowed(lookup, value)\r
+\r
+ @sensitive_post_parameters_m\r
+ @csrf_protect_m\r
+ @transaction.atomic\r
+ def add_view(self, request, form_url='', extra_context=None):\r
+ # It's an error for a user to have add permission but NOT change\r
+ # permission for users. If we allowed such users to add users, they\r
+ # could create superusers, which would mean they would essentially have\r
+ # the permission to change users. To avoid the problem entirely, we\r
+ # disallow users from adding users if they don't have change\r
+ # permission.\r
+ if not self.has_change_permission(request):\r
+ if self.has_add_permission(request) and settings.DEBUG:\r
+ # Raise Http404 in debug mode so that the user gets a helpful\r
+ # error message.\r
+ raise Http404(\r
+ 'Your user does not have the "Change user" permission. In '\r
+ 'order to add users, Django requires that your user '\r
+ 'account have both the "Add user" and "Change user" '\r
+ 'permissions set.')\r
+ raise PermissionDenied\r
+ if extra_context is None:\r
+ extra_context = {}\r
+ username_field = self.model._meta.get_field(self.model.USERNAME_FIELD)\r
+ defaults = {\r
+ 'auto_populated_fields': (),\r
+ 'username_help_text': username_field.help_text,\r
+ }\r
+ extra_context.update(defaults)\r
+ return super(UserAdmin, self).add_view(request, form_url,\r
+ extra_context)\r
+\r
+ @sensitive_post_parameters_m\r
+ def user_change_password(self, request, id, form_url=''):\r
+ if not self.has_change_permission(request):\r
+ raise PermissionDenied\r
+ user = get_object_or_404(self.get_queryset(request), pk=id)\r
+ if request.method == 'POST':\r
+ form = self.change_password_form(user, request.POST)\r
+ if form.is_valid():\r
+ form.save()\r
+ change_message = self.construct_change_message(request, form, None)\r
+ self.log_change(request, user, change_message)\r
+ msg = ugettext('Password changed successfully.')\r
+ messages.success(request, msg)\r
+ update_session_auth_hash(request, form.user)\r
+ return HttpResponseRedirect('..')\r
+ else:\r
+ form = self.change_password_form(user)\r
+\r
+ fieldsets = [(None, {'fields': list(form.base_fields)})]\r
+ adminForm = admin.helpers.AdminForm(form, fieldsets, {})\r
+\r
+ context = {\r
+ 'title': _('Change password: %s') % escape(user.get_username()),\r
+ 'adminForm': adminForm,\r
+ 'form_url': form_url,\r
+ 'form': form,\r
+ 'is_popup': (IS_POPUP_VAR in request.POST or\r
+ IS_POPUP_VAR in request.GET),\r
+ 'add': True,\r
+ 'change': False,\r
+ 'has_delete_permission': False,\r
+ 'has_change_permission': True,\r
+ 'has_absolute_url': False,\r
+ 'opts': self.model._meta,\r
+ 'original': user,\r
+ 'save_as': False,\r
+ 'show_save': True,\r
+ }\r
+ context.update(admin.site.each_context())\r
+ return TemplateResponse(request,\r
+ self.change_user_password_template or\r
+ 'admin/auth/user/change_password.html',\r
+ context, current_app=self.admin_site.name)\r
+\r
+ def response_add(self, request, obj, post_url_continue=None):\r
+ """\r
+ Determines the HttpResponse for the add_view stage. It mostly defers to\r
+ its superclass implementation but is customized because the User model\r
+ has a slightly different workflow.\r
+ """\r
+ # We should allow further modification of the user just added i.e. the\r
+ # 'Save' button should behave like the 'Save and continue editing'\r
+ # button except in two scenarios:\r
+ # * The user has pressed the 'Save and add another' button\r
+ # * We are adding a user in a popup\r
+ if '_addanother' not in request.POST and IS_POPUP_VAR not in request.POST:\r
+ request.POST['_continue'] = 1\r
+ return super(UserAdmin, self).response_add(request, obj,\r
+ post_url_continue)
+
+ # ------------------------------------------------------------------------
+ # end stuff copied from ModelAdmin.UserAdmin
+ # ------------------------------------------------------------------------
git://git.onelab.eu / plstackapi.git / commitdiff