ag-admin/OpenSlides
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Don't allow to deactivate or delete the superuser or yourself.

Browse Source 
Otherwise it's very danger to lock out your current (superuser) session.
This commit is contained in:
Emanuel Schuetze 2012-11-08 18:57:53 +01:00
parent e601d8a5a3
commit 533c65562d
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openslides/participant/templates/participant/overview.html
View File

@ -93,6 +93,7 @@
<a href="{% url user_edit user.id %}"> <a href="{% url user_edit user.id %}">
<img src="{% static 'images/icons/edit.png' %}" title="{% trans 'Edit participant' %}"> <img src="{% static 'images/icons/edit.png' %}" title="{% trans 'Edit participant' %}">
</a> </a>
{% if user != request_user and not user.is_superuser %}
<a href="{% url user_delete user.id %}"> <a href="{% url user_delete user.id %}">
<img src="{% static 'images/icons/delete.png' %}" title="{% trans 'Delete participant' %}"> <img src="{% static 'images/icons/delete.png' %}" title="{% trans 'Delete participant' %}">
</a> </a>
@ -102,6 +103,7 @@
<a class="status_link activate" href="{% url user_status_activate user.id %}" title="{% trans 'Change status to active' %}"{% if user.is_active %} style="display:none"{% endif %}> <a class="status_link activate" href="{% url user_status_activate user.id %}" title="{% trans 'Change status to active' %}"{% if user.is_active %} style="display:none"{% endif %}>
<span></span> <span></span>
</a> </a>
{% endif %}
</span> </span>
</td> </td>
{% endif %} {% endif %}

16
openslides/participant/views.py
View File

@ -127,12 +127,13 @@ class UserOverview(ListView):
# list of all existing categories # list of all existing categories
details = [p['detail'] for p in User.objects.values('detail') details = [p['detail'] for p in User.objects.values('detail')
.exclude(detail='').distinct()] .exclude(detail='').distinct()]
# list of all existing committees # list of all existing committees
committees = [p['committee'] for p in User.objects.values('committee') committees = [p['committee'] for p in User.objects.values('committee')
.exclude(committee='').distinct()] .exclude(committee='').distinct()]
# context vars
context.update({ context.update({
'allusers': all_users, 'allusers': all_users,
'request_user': self.request.user,
'percent': round(percent, 1), 'percent': round(percent, 1),
'details': details, 'details': details,
'committees': committees, 'committees': committees,
@ -204,6 +205,13 @@ class UserDeleteView(DeleteView):
model = User model = User
url = 'user_overview' url = 'user_overview'
def pre_redirect(self, request, *args, **kwargs):
if self.get_object() == self.request.user:
messages.error(request, _("You can not delete yourself."))
elif self.get_object().is_superuser:
messages.error(request, _("You can not delete the administrator."))
else:
super(DeleteView, self).pre_redirect(request, *args, **kwargs)
class SetUserStatusView(RedirectView, SingleObjectMixin): class SetUserStatusView(RedirectView, SingleObjectMixin):
""" """
@ -220,6 +228,12 @@ class SetUserStatusView(RedirectView, SingleObjectMixin):
if action == 'activate': if action == 'activate':
self.object.is_active = True self.object.is_active = True
elif action == 'deactivate': elif action == 'deactivate':
if self.get_object().user == self.request.user:
messages.error(request, _("You can not deactivate yourself."))
return
elif self.get_object().is_superuser:
messages.error(request, _("You can not deactivate the administrator."))
return
self.object.is_active = False self.object.is_active = False
elif action == 'toggle': elif action == 'toggle':
self.object.is_active = not self.object.is_active self.object.is_active = not self.object.is_active