Don't allow to deactivate or delete the superuser or yourself.

Otherwise it's very danger to lock out your current (superuser) session.
This commit is contained in:
Emanuel Schuetze 2012-11-08 18:57:53 +01:00
parent e601d8a5a3
commit 533c65562d
2 changed files with 17 additions and 1 deletions

View File

@ -93,6 +93,7 @@
<a href="{% url user_edit user.id %}">
<img src="{% static 'images/icons/edit.png' %}" title="{% trans 'Edit participant' %}">
</a>
{% if user != request_user and not user.is_superuser %}
<a href="{% url user_delete user.id %}">
<img src="{% static 'images/icons/delete.png' %}" title="{% trans 'Delete participant' %}">
</a>
@ -102,6 +103,7 @@
<a class="status_link activate" href="{% url user_status_activate user.id %}" title="{% trans 'Change status to active' %}"{% if user.is_active %} style="display:none"{% endif %}>
<span></span>
</a>
{% endif %}
</span>
</td>
{% endif %}

View File

@ -127,12 +127,13 @@ class UserOverview(ListView):
# list of all existing categories
details = [p['detail'] for p in User.objects.values('detail')
.exclude(detail='').distinct()]
# list of all existing committees
committees = [p['committee'] for p in User.objects.values('committee')
.exclude(committee='').distinct()]
# context vars
context.update({
'allusers': all_users,
'request_user': self.request.user,
'percent': round(percent, 1),
'details': details,
'committees': committees,
@ -204,6 +205,13 @@ class UserDeleteView(DeleteView):
model = User
url = 'user_overview'
def pre_redirect(self, request, *args, **kwargs):
if self.get_object() == self.request.user:
messages.error(request, _("You can not delete yourself."))
elif self.get_object().is_superuser:
messages.error(request, _("You can not delete the administrator."))
else:
super(DeleteView, self).pre_redirect(request, *args, **kwargs)
class SetUserStatusView(RedirectView, SingleObjectMixin):
"""
@ -220,6 +228,12 @@ class SetUserStatusView(RedirectView, SingleObjectMixin):
if action == 'activate':
self.object.is_active = True
elif action == 'deactivate':
if self.get_object().user == self.request.user:
messages.error(request, _("You can not deactivate yourself."))
return
elif self.get_object().is_superuser:
messages.error(request, _("You can not deactivate the administrator."))
return
self.object.is_active = False
elif action == 'toggle':
self.object.is_active = not self.object.is_active