2011-07-31 10:46:29 +02:00
|
|
|
from django.contrib import messages
|
2012-07-11 09:46:15 +02:00
|
|
|
from django.contrib.auth.forms import PasswordChangeForm
|
2014-01-11 21:56:19 +01:00
|
|
|
from django.contrib.auth.hashers import make_password
|
2012-07-18 10:46:07 +02:00
|
|
|
from django.contrib.auth.views import login as django_login
|
2011-07-31 10:46:29 +02:00
|
|
|
from django.core.urlresolvers import reverse
|
2014-10-11 14:34:49 +02:00
|
|
|
from django.utils.translation import ugettext as _, ugettext_lazy, activate
|
2012-04-20 23:23:50 +02:00
|
|
|
|
2013-03-01 17:13:12 +01:00
|
|
|
from openslides.config.api import config
|
2015-01-06 00:11:22 +01:00
|
|
|
from openslides.utils import rest_api
|
2014-10-11 14:34:49 +02:00
|
|
|
from openslides.utils.utils import delete_default_permissions, html_strong
|
|
|
|
from openslides.utils.views import (
|
|
|
|
CreateView, CSVImportView, DeleteView, DetailView, FormView, ListView,
|
|
|
|
PDFView, PermissionMixin, QuestionView, RedirectView, SingleObjectMixin,
|
|
|
|
UpdateView, LoginMixin)
|
|
|
|
from openslides.utils.exceptions import OpenSlidesError
|
|
|
|
|
|
|
|
from .api import gen_password, gen_username, get_protected_perm
|
2014-03-27 20:30:15 +01:00
|
|
|
from .csv_import import import_users
|
|
|
|
from .forms import (GroupForm, UserCreateForm, UserMultipleCreateForm,
|
2014-01-11 21:56:19 +01:00
|
|
|
UsersettingsForm, UserUpdateForm)
|
2014-10-11 14:34:49 +02:00
|
|
|
from .models import Group, User
|
|
|
|
from .pdf import users_to_pdf, users_passwords_to_pdf
|
2015-01-17 14:25:05 +01:00
|
|
|
from .serializers import UserFullSerializer, UserShortSerializer
|
2011-07-31 10:46:29 +02:00
|
|
|
|
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
class UserListView(ListView):
|
2012-07-07 15:26:00 +02:00
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
Show all users.
|
2012-07-07 15:26:00 +02:00
|
|
|
"""
|
2015-01-17 14:25:05 +01:00
|
|
|
required_permission = 'users.can_see_extra_data'
|
2012-08-10 19:19:41 +02:00
|
|
|
context_object_name = 'users'
|
2012-08-10 11:51:45 +02:00
|
|
|
|
2012-08-10 19:19:41 +02:00
|
|
|
def get_queryset(self):
|
2012-08-12 12:52:38 +02:00
|
|
|
query = User.objects
|
2014-10-11 14:34:49 +02:00
|
|
|
if config['users_sort_users_by_first_name']:
|
2013-03-12 21:33:29 +01:00
|
|
|
query = query.order_by('first_name')
|
2012-08-07 22:43:57 +02:00
|
|
|
else:
|
2013-03-12 21:33:29 +01:00
|
|
|
query = query.order_by('last_name')
|
2012-08-10 19:19:41 +02:00
|
|
|
return query.all()
|
|
|
|
|
|
|
|
def get_context_data(self, **kwargs):
|
2014-10-11 14:34:49 +02:00
|
|
|
context = super().get_context_data(**kwargs)
|
2012-08-12 12:52:38 +02:00
|
|
|
all_users = User.objects.count()
|
2012-11-08 18:57:53 +01:00
|
|
|
# context vars
|
2012-08-10 11:51:45 +02:00
|
|
|
context.update({
|
|
|
|
'allusers': all_users,
|
2013-03-12 21:33:29 +01:00
|
|
|
'request_user': self.request.user})
|
2012-08-10 11:51:45 +02:00
|
|
|
return context
|
2011-07-31 10:46:29 +02:00
|
|
|
|
2012-07-07 15:26:00 +02:00
|
|
|
|
2012-10-30 00:07:25 +01:00
|
|
|
class UserDetailView(DetailView, PermissionMixin):
|
2012-10-27 18:17:22 +02:00
|
|
|
"""
|
|
|
|
Classed based view to show a specific user in the interface.
|
|
|
|
"""
|
2015-01-17 14:25:05 +01:00
|
|
|
required_permission = 'users.can_see_extra_data'
|
2012-10-27 18:17:22 +02:00
|
|
|
model = User
|
2012-10-30 00:07:25 +01:00
|
|
|
context_object_name = 'shown_user'
|
2012-10-27 18:17:22 +02:00
|
|
|
|
|
|
|
|
2012-08-10 13:22:09 +02:00
|
|
|
class UserCreateView(CreateView):
|
2011-07-31 10:46:29 +02:00
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
Create a new user.
|
2011-07-31 10:46:29 +02:00
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
required_permission = 'users.can_manage'
|
2012-08-12 12:52:38 +02:00
|
|
|
model = User
|
2012-08-10 13:22:09 +02:00
|
|
|
context_object_name = 'edit_user'
|
|
|
|
form_class = UserCreateForm
|
2014-10-11 14:34:49 +02:00
|
|
|
success_url_name = 'user_list'
|
2013-10-20 21:42:17 +02:00
|
|
|
url_name_args = []
|
2012-08-10 13:22:09 +02:00
|
|
|
|
|
|
|
def manipulate_object(self, form):
|
2012-11-24 14:01:21 +01:00
|
|
|
self.object.username = gen_username(
|
|
|
|
form.cleaned_data['first_name'], form.cleaned_data['last_name'])
|
2014-10-11 14:34:49 +02:00
|
|
|
|
2012-08-13 14:37:49 +02:00
|
|
|
if not self.object.default_password:
|
|
|
|
self.object.default_password = gen_password()
|
2014-10-11 14:34:49 +02:00
|
|
|
|
2012-08-15 11:01:38 +02:00
|
|
|
self.object.set_password(self.object.default_password)
|
2012-08-10 13:22:09 +02:00
|
|
|
|
2013-05-15 23:26:24 +02:00
|
|
|
def post_save(self, form):
|
|
|
|
super(UserCreateView, self).post_save(form)
|
|
|
|
# TODO: find a better solution that makes the following lines obsolete
|
|
|
|
# Background: motion.models.use_post_save adds already the registerd group
|
|
|
|
# to new user but super(..).post_save(form) removes it and sets only the
|
|
|
|
# groups selected in the form (without 'registered')
|
|
|
|
# workaround: add registered group again manually
|
2014-10-11 14:34:49 +02:00
|
|
|
from openslides.users.api import get_registered_group # TODO: Test, if global import is possible
|
2013-05-15 23:26:24 +02:00
|
|
|
registered = get_registered_group()
|
|
|
|
self.object.groups.add(registered)
|
|
|
|
|
2012-08-10 13:22:09 +02:00
|
|
|
|
2014-01-11 21:56:19 +01:00
|
|
|
class UserMultipleCreateView(FormView):
|
|
|
|
"""
|
|
|
|
View to create multiple users at once using a big text field.
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
Sets the password with md5. It is the same password as in the
|
|
|
|
default_password field in cleartext. A stronger password hasher is used,
|
|
|
|
when the password is changed by the user.
|
2014-01-11 21:56:19 +01:00
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
required_permission = 'users.can_manage'
|
|
|
|
template_name = 'users/user_form_multiple.html'
|
2014-01-11 21:56:19 +01:00
|
|
|
form_class = UserMultipleCreateForm
|
2014-10-11 14:34:49 +02:00
|
|
|
success_url_name = 'user_list'
|
2014-01-11 21:56:19 +01:00
|
|
|
|
|
|
|
def form_valid(self, form):
|
2014-10-11 14:34:49 +02:00
|
|
|
# TODO: Use bulk_create
|
|
|
|
for number, line in enumerate(form.cleaned_data['users_block'].splitlines()):
|
2014-01-11 21:56:19 +01:00
|
|
|
names_list = line.split()
|
|
|
|
first_name = ' '.join(names_list[:-1])
|
|
|
|
last_name = names_list[-1]
|
|
|
|
username = gen_username(first_name, last_name)
|
|
|
|
default_password = gen_password()
|
|
|
|
User.objects.create(
|
|
|
|
username=username,
|
|
|
|
first_name=first_name,
|
|
|
|
last_name=last_name,
|
|
|
|
default_password=default_password,
|
|
|
|
password=make_password(default_password, '', 'md5'))
|
2014-10-11 14:34:49 +02:00
|
|
|
messages.success(self.request, _('%(number)d users successfully created.') % {'number': number + 1})
|
2014-01-11 21:56:19 +01:00
|
|
|
return super(UserMultipleCreateView, self).form_valid(form)
|
|
|
|
|
|
|
|
|
2012-08-10 13:22:09 +02:00
|
|
|
class UserUpdateView(UpdateView):
|
2012-08-10 13:29:46 +02:00
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
Update an existing users.
|
2012-08-10 13:29:46 +02:00
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
required_permission = 'users.can_manage'
|
2012-08-12 12:52:38 +02:00
|
|
|
model = User
|
2012-08-10 13:22:09 +02:00
|
|
|
context_object_name = 'edit_user'
|
|
|
|
form_class = UserUpdateForm
|
2014-10-11 14:34:49 +02:00
|
|
|
success_url_name = 'user_list'
|
2013-10-20 21:42:17 +02:00
|
|
|
url_name_args = []
|
2011-07-31 10:46:29 +02:00
|
|
|
|
2013-04-13 19:18:51 +02:00
|
|
|
def get_form_kwargs(self, *args, **kwargs):
|
|
|
|
form_kwargs = super(UserUpdateView, self).get_form_kwargs(*args, **kwargs)
|
|
|
|
form_kwargs.update({'request': self.request})
|
|
|
|
return form_kwargs
|
|
|
|
|
2013-05-28 20:31:01 +02:00
|
|
|
def post_save(self, form):
|
|
|
|
super(UserUpdateView, self).post_save(form)
|
2014-10-11 14:34:49 +02:00
|
|
|
# TODO: Find a better solution that makes the following lines obsolete
|
2013-05-28 20:31:01 +02:00
|
|
|
# Background: motion.models.use_post_save adds already the registerd group
|
|
|
|
# to new user but super(..).post_save(form) removes it and sets only the
|
|
|
|
# groups selected in the form (without 'registered')
|
|
|
|
# workaround: add registered group again manually
|
2014-10-11 14:34:49 +02:00
|
|
|
from openslides.users.api import get_registered_group # TODO: Test, if global import is possible
|
2013-05-28 20:31:01 +02:00
|
|
|
registered = get_registered_group()
|
|
|
|
self.object.groups.add(registered)
|
|
|
|
|
2012-07-07 15:26:00 +02:00
|
|
|
|
2012-08-10 13:29:46 +02:00
|
|
|
class UserDeleteView(DeleteView):
|
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
Delete a user.
|
2012-08-10 13:29:46 +02:00
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
required_permission = 'users.can_manage'
|
2012-08-12 12:52:38 +02:00
|
|
|
model = User
|
2014-10-11 14:34:49 +02:00
|
|
|
success_url_name = 'user_list'
|
2013-09-25 12:53:44 +02:00
|
|
|
url_name_args = []
|
2012-08-10 13:29:46 +02:00
|
|
|
|
2012-11-08 18:57:53 +01:00
|
|
|
def pre_redirect(self, request, *args, **kwargs):
|
2014-12-22 18:09:05 +01:00
|
|
|
if self.get_object() == self.request.user:
|
2012-11-08 18:57:53 +01:00
|
|
|
messages.error(request, _("You can not delete yourself."))
|
|
|
|
else:
|
2014-10-11 14:34:49 +02:00
|
|
|
super().pre_redirect(request, *args, **kwargs)
|
2012-08-10 13:29:46 +02:00
|
|
|
|
2013-06-03 20:13:06 +02:00
|
|
|
def pre_post_redirect(self, request, *args, **kwargs):
|
2014-12-22 18:09:05 +01:00
|
|
|
if self.get_object() == self.request.user:
|
2013-06-03 20:13:06 +02:00
|
|
|
messages.error(self.request, _("You can not delete yourself."))
|
|
|
|
else:
|
2014-10-11 14:34:49 +02:00
|
|
|
super().pre_post_redirect(request, *args, **kwargs)
|
2013-06-03 20:13:06 +02:00
|
|
|
|
2012-11-24 14:01:21 +01:00
|
|
|
|
2014-03-30 10:54:09 +02:00
|
|
|
class SetUserStatusView(SingleObjectMixin, RedirectView):
|
2012-07-07 15:26:00 +02:00
|
|
|
"""
|
2012-08-10 19:19:41 +02:00
|
|
|
Activate or deactivate an user.
|
2012-07-07 15:26:00 +02:00
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
required_permission = 'users.can_manage'
|
2012-08-10 19:19:41 +02:00
|
|
|
allow_ajax = True
|
2014-10-11 14:34:49 +02:00
|
|
|
url_name = 'user_list'
|
2014-03-30 10:54:09 +02:00
|
|
|
url_name_args = []
|
2012-08-12 12:52:38 +02:00
|
|
|
model = User
|
2012-04-02 08:35:10 +02:00
|
|
|
|
2012-08-10 19:19:41 +02:00
|
|
|
def pre_redirect(self, request, *args, **kwargs):
|
|
|
|
action = kwargs['action']
|
|
|
|
if action == 'activate':
|
2014-12-22 18:09:05 +01:00
|
|
|
self.get_object().is_active = True
|
2012-08-10 19:19:41 +02:00
|
|
|
elif action == 'deactivate':
|
2014-12-22 18:09:05 +01:00
|
|
|
if self.get_object().user == self.request.user:
|
2012-11-08 18:57:53 +01:00
|
|
|
messages.error(request, _("You can not deactivate yourself."))
|
2014-03-30 10:54:09 +02:00
|
|
|
else:
|
2014-12-22 18:09:05 +01:00
|
|
|
self.get_object().is_active = False
|
|
|
|
self.get_object().save()
|
2012-08-10 19:19:41 +02:00
|
|
|
return super(SetUserStatusView, self).pre_redirect(request, *args, **kwargs)
|
|
|
|
|
|
|
|
def get_ajax_context(self, **kwargs):
|
|
|
|
context = super(SetUserStatusView, self).get_ajax_context(**kwargs)
|
2014-12-22 18:09:05 +01:00
|
|
|
context['active'] = self.get_object().is_active
|
2012-08-10 19:19:41 +02:00
|
|
|
return context
|
2011-07-31 10:46:29 +02:00
|
|
|
|
2012-07-07 15:26:00 +02:00
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
class UsersListPDF(PDFView):
|
2012-07-07 15:26:00 +02:00
|
|
|
"""
|
2012-08-10 19:19:41 +02:00
|
|
|
Generate the userliste as PDF.
|
2012-07-07 15:26:00 +02:00
|
|
|
"""
|
2015-01-17 14:25:05 +01:00
|
|
|
required_permission = 'users.can_see_extra_data'
|
2014-10-11 14:34:49 +02:00
|
|
|
filename = ugettext_lazy("user-list")
|
|
|
|
document_title = ugettext_lazy('List of Users')
|
2011-07-31 10:46:29 +02:00
|
|
|
|
2013-11-15 20:15:21 +01:00
|
|
|
def append_to_pdf(self, pdf):
|
|
|
|
"""
|
|
|
|
Append PDF objects.
|
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
users_to_pdf(pdf)
|
2012-07-07 15:26:00 +02:00
|
|
|
|
2012-08-10 19:19:41 +02:00
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
class UsersPasswordsPDF(PDFView):
|
2012-07-07 15:26:00 +02:00
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
Generate the access data welcome paper for all users as PDF.
|
2012-07-07 15:26:00 +02:00
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
required_permission = 'users.can_manage'
|
|
|
|
filename = ugettext_lazy("User-access-data")
|
2012-08-10 19:19:41 +02:00
|
|
|
top_space = 0
|
2011-11-14 16:37:12 +01:00
|
|
|
|
2012-08-10 19:19:41 +02:00
|
|
|
def build_document(self, pdf_document, story):
|
|
|
|
pdf_document.build(story)
|
2011-07-31 10:46:29 +02:00
|
|
|
|
2013-11-15 20:15:21 +01:00
|
|
|
def append_to_pdf(self, pdf):
|
|
|
|
"""
|
|
|
|
Append PDF objects.
|
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
users_passwords_to_pdf(pdf)
|
2011-07-31 10:46:29 +02:00
|
|
|
|
2012-07-07 15:26:00 +02:00
|
|
|
|
2014-03-27 20:30:15 +01:00
|
|
|
class UserCSVImportView(CSVImportView):
|
2012-08-10 19:49:46 +02:00
|
|
|
"""
|
2014-03-27 20:30:15 +01:00
|
|
|
Import users via CSV.
|
2012-08-10 19:49:46 +02:00
|
|
|
"""
|
2014-03-27 20:30:15 +01:00
|
|
|
import_function = staticmethod(import_users)
|
2014-10-11 14:34:49 +02:00
|
|
|
required_permission = 'users.can_manage'
|
|
|
|
success_url_name = 'user_list'
|
|
|
|
template_name = 'users/user_form_csv_import.html'
|
2012-08-10 19:49:46 +02:00
|
|
|
|
|
|
|
|
2013-09-25 12:53:44 +02:00
|
|
|
class ResetPasswordView(SingleObjectMixin, QuestionView):
|
2012-08-10 19:49:46 +02:00
|
|
|
"""
|
2012-09-11 19:30:12 +02:00
|
|
|
Set the Passwort for a user to his default password.
|
2012-08-10 19:49:46 +02:00
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
required_permission = 'users.can_manage'
|
2012-08-12 12:52:38 +02:00
|
|
|
model = User
|
2012-08-10 21:24:26 +02:00
|
|
|
allow_ajax = True
|
2013-09-25 12:53:44 +02:00
|
|
|
question_message = ugettext_lazy('Do you really want to reset the password?')
|
2012-08-10 21:24:26 +02:00
|
|
|
|
|
|
|
def get_redirect_url(self, **kwargs):
|
2015-01-22 18:29:12 +01:00
|
|
|
return self.get_object().get_absolute_url('update')
|
2012-08-10 21:24:26 +02:00
|
|
|
|
2013-09-25 12:53:44 +02:00
|
|
|
def on_clicked_yes(self):
|
2014-12-22 18:09:05 +01:00
|
|
|
self.get_object().reset_password()
|
2015-01-05 23:23:57 +01:00
|
|
|
self.get_object().save()
|
2012-08-10 21:24:26 +02:00
|
|
|
|
2013-09-25 12:53:44 +02:00
|
|
|
def get_final_message(self):
|
2014-12-22 18:09:05 +01:00
|
|
|
return _('The Password for %s was successfully reset.') % html_strong(self.get_object())
|
2012-08-10 19:49:46 +02:00
|
|
|
|
|
|
|
|
2015-01-06 00:11:22 +01:00
|
|
|
class UserViewSet(rest_api.viewsets.ModelViewSet):
|
|
|
|
"""
|
2015-01-17 14:25:05 +01:00
|
|
|
API endpoint to create, view, edit and delete users.
|
2015-01-06 00:11:22 +01:00
|
|
|
"""
|
|
|
|
model = User
|
|
|
|
queryset = User.objects.all()
|
|
|
|
|
|
|
|
def check_permissions(self, request):
|
|
|
|
"""
|
2015-01-17 14:25:05 +01:00
|
|
|
Calls self.permission_denied() if the requesting user has not all
|
|
|
|
permissions to see users.
|
2015-01-06 00:11:22 +01:00
|
|
|
"""
|
2015-01-17 14:25:05 +01:00
|
|
|
if (not request.user.has_perm('users.can_see_name') or
|
|
|
|
(self.action in ('create', 'update', 'destroy') and not
|
|
|
|
(request.user.has_perm('users.can_manage') and
|
|
|
|
request.user.has_perm('users.can_see_extra_data')))):
|
2015-01-06 00:11:22 +01:00
|
|
|
self.permission_denied(request)
|
|
|
|
|
2015-01-17 14:25:05 +01:00
|
|
|
def get_serializer_class(self):
|
|
|
|
"""
|
|
|
|
Returns different serializer classes with respect to users permissions.
|
|
|
|
"""
|
|
|
|
if self.request.user.has_perm('users.can_see_extra_data'):
|
|
|
|
serializer_class = UserFullSerializer
|
|
|
|
else:
|
|
|
|
serializer_class = UserShortSerializer
|
|
|
|
return serializer_class
|
|
|
|
|
2015-01-06 00:11:22 +01:00
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
class GroupListView(ListView):
|
2012-08-11 10:09:54 +02:00
|
|
|
"""
|
|
|
|
Overview over all groups.
|
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
required_permission = 'users.can_manage'
|
|
|
|
template_name = 'users/group_list.html'
|
2012-08-11 10:09:54 +02:00
|
|
|
context_object_name = 'groups'
|
2012-08-12 12:52:38 +02:00
|
|
|
model = Group
|
2012-08-11 10:09:54 +02:00
|
|
|
|
|
|
|
|
2013-04-09 19:53:18 +02:00
|
|
|
class GroupDetailView(DetailView, PermissionMixin):
|
|
|
|
"""
|
|
|
|
Classed based view to show a specific group in the interface.
|
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
required_permission = 'users.can_manage'
|
2013-04-09 19:53:18 +02:00
|
|
|
model = Group
|
2014-10-11 14:34:49 +02:00
|
|
|
template_name = 'users/group_detail.html'
|
2013-04-09 19:53:18 +02:00
|
|
|
context_object_name = 'group'
|
|
|
|
|
2013-04-13 18:13:11 +02:00
|
|
|
def get_context_data(self, *args, **kwargs):
|
|
|
|
context = super(GroupDetailView, self).get_context_data(*args, **kwargs)
|
|
|
|
query = User.objects
|
2014-10-11 14:34:49 +02:00
|
|
|
if config['users_sort_users_by_first_name']:
|
2013-04-13 18:13:11 +02:00
|
|
|
query = query.order_by('first_name')
|
|
|
|
else:
|
|
|
|
query = query.order_by('last_name')
|
2014-10-11 14:34:49 +02:00
|
|
|
context['group_members'] = query.filter(groups__in=[context['group']])
|
2013-04-13 18:13:11 +02:00
|
|
|
return context
|
|
|
|
|
2013-04-09 19:53:18 +02:00
|
|
|
|
2012-08-11 11:36:55 +02:00
|
|
|
class GroupCreateView(CreateView):
|
2012-08-11 10:09:54 +02:00
|
|
|
"""
|
|
|
|
Create a new group.
|
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
required_permission = 'users.can_manage'
|
|
|
|
template_name = 'users/group_form.html'
|
2012-08-11 10:09:54 +02:00
|
|
|
context_object_name = 'group'
|
2012-08-12 12:52:38 +02:00
|
|
|
model = Group
|
2012-08-11 10:09:54 +02:00
|
|
|
form_class = GroupForm
|
2014-10-11 14:34:49 +02:00
|
|
|
success_url_name = 'group_list'
|
2013-10-20 21:42:17 +02:00
|
|
|
url_name_args = []
|
2012-08-11 10:09:54 +02:00
|
|
|
|
2012-08-11 11:36:55 +02:00
|
|
|
def get(self, request, *args, **kwargs):
|
|
|
|
delete_default_permissions()
|
|
|
|
return super(GroupCreateView, self).get(request, *args, **kwargs)
|
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
def get_apply_url(self):
|
|
|
|
"""
|
|
|
|
Returns the url when the user clicks on 'apply'.
|
|
|
|
"""
|
|
|
|
return self.get_url('group_update', args=[self.object.pk])
|
|
|
|
|
2012-08-11 10:09:54 +02:00
|
|
|
|
2012-08-11 11:36:55 +02:00
|
|
|
class GroupUpdateView(UpdateView):
|
2012-08-11 10:09:54 +02:00
|
|
|
"""
|
|
|
|
Update an existing group.
|
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
required_permission = 'users.can_manage'
|
|
|
|
template_name = 'users/group_form.html'
|
2012-08-12 12:52:38 +02:00
|
|
|
model = Group
|
2012-08-11 10:09:54 +02:00
|
|
|
context_object_name = 'group'
|
|
|
|
form_class = GroupForm
|
2013-10-20 21:42:17 +02:00
|
|
|
url_name_args = []
|
2014-10-11 14:34:49 +02:00
|
|
|
success_url_name = 'group_list'
|
2012-08-11 10:09:54 +02:00
|
|
|
|
2012-08-11 11:36:55 +02:00
|
|
|
def get(self, request, *args, **kwargs):
|
|
|
|
delete_default_permissions()
|
2014-10-11 14:34:49 +02:00
|
|
|
return super().get(request, *args, **kwargs)
|
2012-08-11 11:36:55 +02:00
|
|
|
|
2013-06-03 20:13:06 +02:00
|
|
|
def get_form_kwargs(self, *args, **kwargs):
|
2014-10-11 14:34:49 +02:00
|
|
|
form_kwargs = super().get_form_kwargs(*args, **kwargs)
|
2013-06-03 20:13:06 +02:00
|
|
|
form_kwargs.update({'request': self.request})
|
|
|
|
return form_kwargs
|
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
def get_apply_url(self):
|
|
|
|
"""
|
|
|
|
Returns the url when the user clicks on 'apply'.
|
|
|
|
"""
|
|
|
|
return self.get_url('group_update', args=[self.object.pk])
|
|
|
|
|
2012-08-11 10:09:54 +02:00
|
|
|
|
|
|
|
class GroupDeleteView(DeleteView):
|
|
|
|
"""
|
2013-06-03 20:13:06 +02:00
|
|
|
Delete a group.
|
2012-08-11 10:09:54 +02:00
|
|
|
"""
|
2014-10-11 14:34:49 +02:00
|
|
|
required_permission = 'users.can_manage'
|
2012-08-12 12:52:38 +02:00
|
|
|
model = Group
|
2014-10-11 14:34:49 +02:00
|
|
|
success_url_name = 'group_list'
|
|
|
|
question_url_name = 'group_detail'
|
2013-09-25 12:53:44 +02:00
|
|
|
url_name_args = []
|
2012-08-11 10:09:54 +02:00
|
|
|
|
2012-11-22 17:29:49 +01:00
|
|
|
def pre_redirect(self, request, *args, **kwargs):
|
2013-06-03 20:13:06 +02:00
|
|
|
if not self.is_protected_from_deleting():
|
2014-10-11 14:34:49 +02:00
|
|
|
super().pre_redirect(request, *args, **kwargs)
|
2012-11-22 17:29:49 +01:00
|
|
|
|
2013-06-03 20:13:06 +02:00
|
|
|
def pre_post_redirect(self, request, *args, **kwargs):
|
|
|
|
if not self.is_protected_from_deleting():
|
2014-10-11 14:34:49 +02:00
|
|
|
super().pre_post_redirect(request, *args, **kwargs)
|
2013-06-03 20:13:06 +02:00
|
|
|
|
|
|
|
def is_protected_from_deleting(self):
|
|
|
|
"""
|
|
|
|
Checks whether the group is protected.
|
|
|
|
"""
|
2014-12-22 18:09:05 +01:00
|
|
|
if self.get_object().pk in [1, 2]:
|
2013-09-25 10:01:01 +02:00
|
|
|
messages.error(self.request, _('You can not delete this group.'))
|
2013-06-03 20:13:06 +02:00
|
|
|
return True
|
|
|
|
if (not self.request.user.is_superuser and
|
2014-12-22 18:09:05 +01:00
|
|
|
get_protected_perm() in self.get_object().permissions.all() and
|
|
|
|
not Group.objects.exclude(pk=self.get_object().pk).filter(
|
2013-06-03 20:13:06 +02:00
|
|
|
permissions__in=[get_protected_perm()],
|
|
|
|
user__pk=self.request.user.pk).exists()):
|
|
|
|
messages.error(
|
|
|
|
self.request,
|
|
|
|
_('You can not delete the last group containing the permission '
|
2014-10-11 14:34:49 +02:00
|
|
|
'to manage users you are in.'))
|
2013-06-03 20:13:06 +02:00
|
|
|
return True
|
|
|
|
return False
|
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
def get_url_name_args(self):
|
|
|
|
try:
|
|
|
|
answer = self.get_answer()
|
|
|
|
except OpenSlidesError:
|
|
|
|
answer = 'no'
|
|
|
|
|
|
|
|
if self.request.method == 'POST' and answer != 'no':
|
|
|
|
return []
|
|
|
|
else:
|
|
|
|
return [self.object.pk]
|
|
|
|
|
2012-08-11 10:09:54 +02:00
|
|
|
|
2012-08-13 19:16:42 +02:00
|
|
|
def login(request):
|
|
|
|
extra_content = {}
|
|
|
|
try:
|
|
|
|
admin = User.objects.get(pk=1)
|
2013-01-04 12:39:42 +01:00
|
|
|
if admin.check_password(admin.default_password):
|
2013-09-25 12:53:44 +02:00
|
|
|
user_data = {
|
|
|
|
'user': html_strong(admin.username),
|
|
|
|
'password': html_strong(admin.default_password)}
|
|
|
|
|
2012-08-13 19:16:42 +02:00
|
|
|
extra_content['first_time_message'] = _(
|
|
|
|
"Installation was successfully! Use %(user)s "
|
|
|
|
"(password: %(password)s) for first login.<br>"
|
|
|
|
"<strong>Important:</strong> Please change the password after "
|
|
|
|
"first login! Otherwise this message still appears for "
|
2013-09-25 12:53:44 +02:00
|
|
|
"everyone and could be a security risk.") % user_data
|
|
|
|
|
2012-08-13 19:16:42 +02:00
|
|
|
extra_content['next'] = reverse('password_change')
|
|
|
|
except User.DoesNotExist:
|
|
|
|
pass
|
2014-10-11 14:34:49 +02:00
|
|
|
return django_login(request, template_name='users/login.html', extra_context=extra_content)
|
2012-08-13 19:16:42 +02:00
|
|
|
|
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
class UserSettingsView(LoginMixin, UpdateView):
|
|
|
|
model = User
|
|
|
|
form_class = UsersettingsForm
|
|
|
|
success_url_name = 'user_settings'
|
|
|
|
url_name_args = []
|
|
|
|
template_name = 'users/settings.html'
|
2011-07-31 10:46:29 +02:00
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
def get_initial(self):
|
|
|
|
initial = super().get_initial()
|
|
|
|
initial['language'] = self.request.session.get('django_language', self.request.LANGUAGE_CODE)
|
|
|
|
return initial
|
2011-07-31 10:46:29 +02:00
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
def form_valid(self, form):
|
|
|
|
self.request.LANGUAGE_CODE = self.request.session['django_language'] = form.cleaned_data['language']
|
|
|
|
activate(self.request.LANGUAGE_CODE)
|
|
|
|
return super().form_valid(form)
|
2012-07-07 15:26:00 +02:00
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
def get_object(self):
|
|
|
|
return self.request.user
|
2012-07-11 09:46:15 +02:00
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
class UserPasswordSettingsView(LoginMixin, FormView):
|
|
|
|
form_class = PasswordChangeForm
|
|
|
|
success_url_name = 'core_dashboard'
|
|
|
|
template_name = 'users/password_change.html'
|
|
|
|
|
|
|
|
def form_valid(self, form):
|
|
|
|
form.save()
|
|
|
|
messages.success(self.request, _('Password successfully changed.'))
|
|
|
|
return super().form_valid(form)
|
|
|
|
|
|
|
|
def get_form_kwargs(self):
|
|
|
|
kwargs = super().get_form_kwargs()
|
|
|
|
kwargs['user'] = self.request.user
|
|
|
|
return kwargs
|