1
0
Fork 0
mirror of https://github.com/retspen/webvirtcloud synced 2024-12-24 15:15:22 +00:00

add change other user password ability to superusers

This commit is contained in:
catborise 2020-07-23 13:16:39 +03:00
parent fb3ef6be98
commit de63d9746d
4 changed files with 41 additions and 2 deletions

View file

@ -18,7 +18,7 @@
<div class="col-lg-12">
<h3 class="page-header">{% trans "Edit Profile" %}</h3>
{% if perms.accounts.change_password %}
<a href="{% url 'change_password' %}" class="btn btn-primary">{% icon 'lock' %} {% trans "Change Password" %}</a>
<a href="{% url 'change_password' %}" class="ml-3 btn btn-primary">{% icon 'lock' %} {% trans "Change Password" %}</a>
{% endif %}
<form method="post" action="" role="form" aria-label="Edit user info form">{% csrf_token %}
<div class="form-group">

View file

@ -1,5 +1,8 @@
from django import forms
from django.contrib.auth.models import Group, User
from django.contrib.auth.forms import ReadOnlyPasswordHashField
from django.urls import reverse_lazy
from django.utils.text import format_lazy
from django.utils.translation import ugettext_lazy as _
from accounts.models import UserAttributes
@ -68,6 +71,16 @@ class UserForm(forms.ModelForm):
'is_superuser',
]
def __init__(self, *args, **kwargs):
super(UserForm, self).__init__(*args, **kwargs)
password = ReadOnlyPasswordHashField(label=_("Password"),
help_text=format_lazy(_("""Raw passwords are not stored, so there is no way to see
this user's password, but you can change the password
using <a href='{}'>this form</a>."""),
reverse_lazy('admin:user_update_password', args=[self.instance.id,]))
)
self.fields['Password'] = password
class UserCreateForm(UserForm):
password = forms.CharField(widget=forms.PasswordInput)

View file

@ -1,5 +1,4 @@
from django.urls import path
from django.contrib.auth.views import PasswordChangeView, PasswordChangeDoneView
from . import views
@ -10,6 +9,7 @@ urlpatterns = [
path('groups/<int:pk>/delete/', views.group_delete, name='group_delete'),
path('users/', views.user_list, name='user_list'),
path('users/create/', views.user_create, name='user_create'),
path('users/<int:pk>/update_password/', views.user_update_password, name='user_update_password'),
path('users/<int:pk>/update/', views.user_update, name='user_update'),
path('users/<int:pk>/delete/', views.user_delete, name='user_delete'),
path('users/<int:pk>/block/', views.user_block, name='user_block'),

View file

@ -1,4 +1,7 @@
from django.conf import settings
from django.contrib import messages
from django.contrib.auth import update_session_auth_hash
from django.contrib.auth.forms import AdminPasswordChangeForm
from django.contrib.auth.models import Group, User
from django.core.paginator import Paginator
from django.shortcuts import get_object_or_404, redirect, render
@ -133,6 +136,29 @@ def user_update(request, pk):
},
)
@superuser_only
def user_update_password(request, pk):
user = get_object_or_404(User, pk=pk)
if request.method == 'POST':
form = AdminPasswordChangeForm(user, request.POST)
if form.is_valid():
user = form.save()
update_session_auth_hash(request, user) # Important!
messages.success(request, _('User password changed: {}'.format(user.username)))
return redirect('admin:user_list')
else:
messages.error(request, _('Wrong Data Provided'))
else:
form = AdminPasswordChangeForm(user)
return render(
request,
'accounts/change_password_form.html',
{
'form': form,
'user': user.username
}
)
@superuser_only
def user_delete(request, pk):