Don't allow to deactivate or delete the superuser or yourself.
Otherwise it's very danger to lock out your current (superuser) session.
This commit is contained in:
parent
e601d8a5a3
commit
533c65562d
@ -93,6 +93,7 @@
|
||||
<a href="{% url user_edit user.id %}">
|
||||
<img src="{% static 'images/icons/edit.png' %}" title="{% trans 'Edit participant' %}">
|
||||
</a>
|
||||
{% if user != request_user and not user.is_superuser %}
|
||||
<a href="{% url user_delete user.id %}">
|
||||
<img src="{% static 'images/icons/delete.png' %}" title="{% trans 'Delete participant' %}">
|
||||
</a>
|
||||
@ -102,6 +103,7 @@
|
||||
<a class="status_link activate" href="{% url user_status_activate user.id %}" title="{% trans 'Change status to active' %}"{% if user.is_active %} style="display:none"{% endif %}>
|
||||
<span></span>
|
||||
</a>
|
||||
{% endif %}
|
||||
</span>
|
||||
</td>
|
||||
{% endif %}
|
||||
|
@ -127,12 +127,13 @@ class UserOverview(ListView):
|
||||
# list of all existing categories
|
||||
details = [p['detail'] for p in User.objects.values('detail')
|
||||
.exclude(detail='').distinct()]
|
||||
|
||||
# list of all existing committees
|
||||
committees = [p['committee'] for p in User.objects.values('committee')
|
||||
.exclude(committee='').distinct()]
|
||||
# context vars
|
||||
context.update({
|
||||
'allusers': all_users,
|
||||
'request_user': self.request.user,
|
||||
'percent': round(percent, 1),
|
||||
'details': details,
|
||||
'committees': committees,
|
||||
@ -204,6 +205,13 @@ class UserDeleteView(DeleteView):
|
||||
model = User
|
||||
url = 'user_overview'
|
||||
|
||||
def pre_redirect(self, request, *args, **kwargs):
|
||||
if self.get_object() == self.request.user:
|
||||
messages.error(request, _("You can not delete yourself."))
|
||||
elif self.get_object().is_superuser:
|
||||
messages.error(request, _("You can not delete the administrator."))
|
||||
else:
|
||||
super(DeleteView, self).pre_redirect(request, *args, **kwargs)
|
||||
|
||||
class SetUserStatusView(RedirectView, SingleObjectMixin):
|
||||
"""
|
||||
@ -220,6 +228,12 @@ class SetUserStatusView(RedirectView, SingleObjectMixin):
|
||||
if action == 'activate':
|
||||
self.object.is_active = True
|
||||
elif action == 'deactivate':
|
||||
if self.get_object().user == self.request.user:
|
||||
messages.error(request, _("You can not deactivate yourself."))
|
||||
return
|
||||
elif self.get_object().is_superuser:
|
||||
messages.error(request, _("You can not deactivate the administrator."))
|
||||
return
|
||||
self.object.is_active = False
|
||||
elif action == 'toggle':
|
||||
self.object.is_active = not self.object.is_active
|
||||
|
Loading…
Reference in New Issue
Block a user