Allow root to reset user password

79256399 · Skia · a033c4df · 79256399 · 79256399 · 79256399
Commit 79256399 authored Aug 13, 2016 by Skia
7 changed files
--- a/core/models.py
+++ b/core/models.py
@@ -223,6 +223,9 @@ class User(AbstractBaseUser):
            return True
        return self.groups.filter(name=group_name).exists()

+    def is_root(self):
+        return self.is_superuser or self.groups.filter(name=settings.SITH_GROUPS['root']['name']).exists()
+
    def save(self, *args, **kwargs):
        with transaction.atomic():
            if self.id:

--- a/core/templates/core/password_change.jinja
+++ b/core/templates/core/password_change.jinja
@@ -2,7 +2,10 @@

 {% block content %}

-<form method="post" action="{{ url('core:password_change') }}">
+{% if target %}
+    <p>{% trans user=target.get_display_name() %}Change password for {{ user }}{% endtrans %}</p>
+{% endif %}
+<form method="post" action="">
 {% csrf_token %}
 {{ form.as_p() }}
 <input type="submit" value="{% trans %}Change{% endtrans %}" />

--- a/core/templates/core/user_edit.jinja
+++ b/core/templates/core/user_edit.jinja
@@ -28,6 +28,8 @@
    {% endif %}
    {% if form.instance == user %}
    <p><a href="{{ url('core:password_change') }}">{% trans %}Change my password{% endtrans %}</a></p>
+    {% elif user.is_root() %}
+    <p><a href="{{ url('core:password_root_change', user_id=form.instance.id) }}">{% trans %}Change user password{% endtrans %}</a></p>
    {% endif %}
 </form>
 {% endblock %}

--- a/core/urls.py
+++ b/core/urls.py
@@ -9,6 +9,7 @@ urlpatterns = [
    url(r'^login/$', login, name='login'),
    url(r'^logout/$', logout, name='logout'),
    url(r'^password_change/$', password_change, name='password_change'),
+    url(r'^password_change/(?P<user_id>[0-9]+)$', password_root_change, name='password_root_change'),
    url(r'^password_change/done$', password_change_done, name='password_change_done'),
    url(r'^password_reset/$', password_reset, name='password_reset'),
    url(r'^password_reset/done$', password_reset_done, name='password_reset_done'),

--- a/core/views/user.py
+++ b/core/views/user.py
@@ -3,10 +3,12 @@ from django.shortcuts import render, redirect, get_object_or_404
 from django.contrib.auth import logout as auth_logout, views
 from django.core.urlresolvers import reverse
 from django.core.exceptions import PermissionDenied, ObjectDoesNotExist
+from django.http import Http404
 from django.views.generic.edit import UpdateView
 from django.views.generic import ListView, DetailView, TemplateView
 from django.forms.models import modelform_factory
 from django.forms import CheckboxSelectMultiple
+from django.template.response import TemplateResponse
 from django.conf import settings
 import logging

@@ -40,6 +42,24 @@ def password_change_done(request):
    """
    return views.password_change_done(request, template_name="core/password_change_done.jinja")

+def password_root_change(request, user_id):
+    """
+    Allows a root user to change someone's password
+    """
+    if not request.user.is_superuser and not request.user.is_in_group(settings.SITH_GROUPS['root']['name']):
+        raise PermissionDenied
+    user = User.objects.filter(id=user_id).first()
+    if not user:
+        raise Http404("User not found")
+    if request.method == "POST":
+        form = views.SetPasswordForm(user=user, data=request.POST)
+        if form.is_valid():
+            form.save()
+            return redirect("core:password_change_done")
+    else:
+        form = views.SetPasswordForm(user=user)
+    return TemplateResponse(request, "core/password_change.jinja", {'form': form, 'target': user})
+
 def password_reset(request):
    """
    Allows someone to enter an email adresse for resetting password

--- a/locale/fr/LC_MESSAGES/django.mo
+++ b/locale/fr/LC_MESSAGES/django.mo
--- a/locale/fr/LC_MESSAGES/django.po
+++ b/locale/fr/LC_MESSAGES/django.po