mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-22 14:13:21 +00:00
Allow root to reset user password
This commit is contained in:
parent
a033c4dfd2
commit
792563999b
@ -223,6 +223,9 @@ class User(AbstractBaseUser):
|
|||||||
return True
|
return True
|
||||||
return self.groups.filter(name=group_name).exists()
|
return self.groups.filter(name=group_name).exists()
|
||||||
|
|
||||||
|
def is_root(self):
|
||||||
|
return self.is_superuser or self.groups.filter(name=settings.SITH_GROUPS['root']['name']).exists()
|
||||||
|
|
||||||
def save(self, *args, **kwargs):
|
def save(self, *args, **kwargs):
|
||||||
with transaction.atomic():
|
with transaction.atomic():
|
||||||
if self.id:
|
if self.id:
|
||||||
|
@ -2,7 +2,10 @@
|
|||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
|
|
||||||
<form method="post" action="{{ url('core:password_change') }}">
|
{% if target %}
|
||||||
|
<p>{% trans user=target.get_display_name() %}Change password for {{ user }}{% endtrans %}</p>
|
||||||
|
{% endif %}
|
||||||
|
<form method="post" action="">
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
{{ form.as_p() }}
|
{{ form.as_p() }}
|
||||||
<input type="submit" value="{% trans %}Change{% endtrans %}" />
|
<input type="submit" value="{% trans %}Change{% endtrans %}" />
|
||||||
|
@ -28,6 +28,8 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
{% if form.instance == user %}
|
{% if form.instance == user %}
|
||||||
<p><a href="{{ url('core:password_change') }}">{% trans %}Change my password{% endtrans %}</a></p>
|
<p><a href="{{ url('core:password_change') }}">{% trans %}Change my password{% endtrans %}</a></p>
|
||||||
|
{% elif user.is_root() %}
|
||||||
|
<p><a href="{{ url('core:password_root_change', user_id=form.instance.id) }}">{% trans %}Change user password{% endtrans %}</a></p>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</form>
|
</form>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
@ -9,6 +9,7 @@ urlpatterns = [
|
|||||||
url(r'^login/$', login, name='login'),
|
url(r'^login/$', login, name='login'),
|
||||||
url(r'^logout/$', logout, name='logout'),
|
url(r'^logout/$', logout, name='logout'),
|
||||||
url(r'^password_change/$', password_change, name='password_change'),
|
url(r'^password_change/$', password_change, name='password_change'),
|
||||||
|
url(r'^password_change/(?P<user_id>[0-9]+)$', password_root_change, name='password_root_change'),
|
||||||
url(r'^password_change/done$', password_change_done, name='password_change_done'),
|
url(r'^password_change/done$', password_change_done, name='password_change_done'),
|
||||||
url(r'^password_reset/$', password_reset, name='password_reset'),
|
url(r'^password_reset/$', password_reset, name='password_reset'),
|
||||||
url(r'^password_reset/done$', password_reset_done, name='password_reset_done'),
|
url(r'^password_reset/done$', password_reset_done, name='password_reset_done'),
|
||||||
|
@ -3,10 +3,12 @@ from django.shortcuts import render, redirect, get_object_or_404
|
|||||||
from django.contrib.auth import logout as auth_logout, views
|
from django.contrib.auth import logout as auth_logout, views
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django.core.exceptions import PermissionDenied, ObjectDoesNotExist
|
from django.core.exceptions import PermissionDenied, ObjectDoesNotExist
|
||||||
|
from django.http import Http404
|
||||||
from django.views.generic.edit import UpdateView
|
from django.views.generic.edit import UpdateView
|
||||||
from django.views.generic import ListView, DetailView, TemplateView
|
from django.views.generic import ListView, DetailView, TemplateView
|
||||||
from django.forms.models import modelform_factory
|
from django.forms.models import modelform_factory
|
||||||
from django.forms import CheckboxSelectMultiple
|
from django.forms import CheckboxSelectMultiple
|
||||||
|
from django.template.response import TemplateResponse
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
@ -40,6 +42,24 @@ def password_change_done(request):
|
|||||||
"""
|
"""
|
||||||
return views.password_change_done(request, template_name="core/password_change_done.jinja")
|
return views.password_change_done(request, template_name="core/password_change_done.jinja")
|
||||||
|
|
||||||
|
def password_root_change(request, user_id):
|
||||||
|
"""
|
||||||
|
Allows a root user to change someone's password
|
||||||
|
"""
|
||||||
|
if not request.user.is_superuser and not request.user.is_in_group(settings.SITH_GROUPS['root']['name']):
|
||||||
|
raise PermissionDenied
|
||||||
|
user = User.objects.filter(id=user_id).first()
|
||||||
|
if not user:
|
||||||
|
raise Http404("User not found")
|
||||||
|
if request.method == "POST":
|
||||||
|
form = views.SetPasswordForm(user=user, data=request.POST)
|
||||||
|
if form.is_valid():
|
||||||
|
form.save()
|
||||||
|
return redirect("core:password_change_done")
|
||||||
|
else:
|
||||||
|
form = views.SetPasswordForm(user=user)
|
||||||
|
return TemplateResponse(request, "core/password_change.jinja", {'form': form, 'target': user})
|
||||||
|
|
||||||
def password_reset(request):
|
def password_reset(request):
|
||||||
"""
|
"""
|
||||||
Allows someone to enter an email adresse for resetting password
|
Allows someone to enter an email adresse for resetting password
|
||||||
|
Binary file not shown.
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user