From e42cedcb2caf20b1118db570a9650348958d7590 Mon Sep 17 00:00:00 2001
From: Tony Mack <tmack@tux.cs.princeton.edu>
Date: Sun, 25 Jan 2015 21:58:30 -0500
Subject: [PATCH] user's can't set/unset is_admin, is_active and is_readonly
 values in Login Details without the proper authorization.

---
 planetstack/core/admin.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/planetstack/core/admin.py b/planetstack/core/admin.py
index 577719c..6e9be06 100644
--- a/planetstack/core/admin.py
+++ b/planetstack/core/admin.py
@@ -1254,7 +1254,7 @@ class UserAdmin(PermissionCheckingAdminMixin, UserAdmin):
     add_fieldsets = (
         (None, {
             'classes': ('wide',),
-            'fields': ('site', 'email', 'firstname', 'lastname', 'is_readonly', 'phone', 'public_key','password1', 'password2')},
+            'fields': ('site', 'email', 'firstname', 'lastname', 'is_admin','is_admin', 'is_readonly', 'phone', 'public_key','password1', 'password2')},
         ),
     )
     readonly_fields = ('backend_status_text', )
@@ -1290,6 +1290,14 @@ class UserAdmin(PermissionCheckingAdminMixin, UserAdmin):
     def queryset(self, request):
         return User.select_by_user(request.user)
 
+    def get_form(self, request, obj=None, **kwargs):
+        if not request.user.is_admin:
+            self.fieldsets = (
+                ('Login Details', {'fields': ['backend_status_text', 'email', 'site','password','public_key'], 'classes':['suit-tab suit-tab-general']}),
+                ('Contact Information', {'fields': ('firstname','lastname','phone', 'timezone'), 'classes':['suit-tab suit-tab-contact']}),
+            )
+        return super(UserAdmin, self).get_form(request, obj, **kwargs)     
+
 class ControllerDashboardViewInline(PlStackTabularInline):
     model = ControllerDashboardView
     extra = 0
-- 
2.43.0