blinkster: comparison web/lib/django/contrib/auth/admin.py

equal deleted inserted replaced

-:b758351d191f
+:cc9b7e14412b
 from django import template
+from django.db import transaction
 from django.conf import settings
 from django.contrib import admin
 from django.contrib.auth.forms import UserCreationForm, UserChangeForm, AdminPasswordChangeForm
 from django.contrib.auth.models import User, Group
+from django.contrib import messages
 from django.core.exceptions import PermissionDenied
 from django.http import HttpResponseRedirect, Http404
 from django.shortcuts import render_to_response, get_object_or_404
 from django.template import RequestContext
 from django.utils.html import escape
+from django.utils.decorators import method_decorator
 from django.utils.translation import ugettext, ugettext_lazy as _
+from django.views.decorators.csrf import csrf_protect
+csrf_protect_m = method_decorator(csrf_protect)
 class GroupAdmin(admin.ModelAdmin):
 search_fields = ('name',)
 ordering = ('name',)
 filter_horizontal = ('permissions',)
 class UserAdmin(admin.ModelAdmin):
+add_form_template = 'admin/auth/user/add_form.html'
+change_user_password_template = None
 fieldsets = (
 (None, {'fields': ('username', 'password')}),
 (_('Personal info'), {'fields': ('first_name', 'last_name', 'email')}),
-(_('Permissions'), {'fields': ('is_staff', 'is_active', 'is_superuser', 'user_permissions')}),
+(_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser', 'user_permissions')}),
 (_('Important dates'), {'fields': ('last_login', 'date_joined')}),
 (_('Groups'), {'fields': ('groups',)}),
+)
+add_fieldsets = (
+(None, {
+'classes': ('wide',),
+'fields': ('username', 'password1', 'password2')}
+),
 )
 form = UserChangeForm
 add_form = UserCreationForm
 change_password_form = AdminPasswordChangeForm
 list_display = ('username', 'email', 'first_name', 'last_name', 'is_staff')
 if url is None:
 return self.changelist_view(request)
 if url.endswith('password'):
 return self.user_change_password(request, url.split('/')[0])
 return super(UserAdmin, self).__call__(request, url)
+def get_fieldsets(self, request, obj=None):
+if not obj:
+return self.add_fieldsets
+return super(UserAdmin, self).get_fieldsets(request, obj)
+def get_form(self, request, obj=None, **kwargs):
+"""
+Use special form during user creation
+"""
+defaults = {}
+if obj is None:
+defaults.update({
+'form': self.add_form,
+'fields': admin.util.flatten_fieldsets(self.add_fieldsets),
+})
+defaults.update(kwargs)
+return super(UserAdmin, self).get_form(request, obj, **defaults)
 def get_urls(self):
 from django.conf.urls.defaults import patterns
 return patterns('',
 (r'^(\d+)/password/$', self.admin_site.admin_view(self.user_change_password))
 ) + super(UserAdmin, self).get_urls()
-def add_view(self, request):
+@csrf_protect_m
+@transaction.commit_on_success
+def add_view(self, request, form_url='', extra_context=None):
 # It's an error for a user to have add permission but NOT change
 # permission for users. If we allowed such users to add users, they
 # could create superusers, which would mean they would essentially have
 # the permission to change users. To avoid the problem entirely, we
 # disallow users from adding users if they don't have change
 if self.has_add_permission(request) and settings.DEBUG:
 # Raise Http404 in debug mode so that the user gets a helpful
 # error message.
 raise Http404('Your user does not have the "Change user" permission. In order to add users, Django requires that your user account have both the "Add user" and "Change user" permissions set.')
 raise PermissionDenied
-if request.method == 'POST':
+if extra_context is None:
-form = self.add_form(request.POST)
+extra_context = {}
-if form.is_valid():
+defaults = {
-new_user = form.save()
-msg = _('The %(name)s "%(obj)s" was added successfully.') % {'name': 'user', 'obj': new_user}
-self.log_addition(request, new_user)
-if "_addanother" in request.POST:
-request.user.message_set.create(message=msg)
-return HttpResponseRedirect(request.path)
-elif '_popup' in request.REQUEST:
-return self.response_add(request, new_user)
-else:
-request.user.message_set.create(message=msg + ' ' + ugettext("You may edit it again below."))
-return HttpResponseRedirect('../%s/' % new_user.id)
-else:
-form = self.add_form()
-return render_to_response('admin/auth/user/add_form.html', {
-'title': _('Add user'),
-'form': form,
-'is_popup': '_popup' in request.REQUEST,
-'add': True,
-'change': False,
-'has_add_permission': True,
-'has_delete_permission': False,
-'has_change_permission': True,
-'has_file_field': False,
-'has_absolute_url': False,
 'auto_populated_fields': (),
-'opts': self.model._meta,
-'save_as': False,
 'username_help_text': self.model._meta.get_field('username').help_text,
-'root_path': self.admin_site.root_path,
+}
-'app_label': self.model._meta.app_label,
+extra_context.update(defaults)
-}, context_instance=template.RequestContext(request))
+return super(UserAdmin, self).add_view(request, form_url, extra_context)
 def user_change_password(self, request, id):
 if not self.has_change_permission(request):
 raise PermissionDenied
 user = get_object_or_404(self.model, pk=id)
 if request.method == 'POST':
 form = self.change_password_form(user, request.POST)
 if form.is_valid():
 new_user = form.save()
 msg = ugettext('Password changed successfully.')
-request.user.message_set.create(message=msg)
+messages.success(request, msg)
 return HttpResponseRedirect('..')
 else:
 form = self.change_password_form(user)
-return render_to_response('admin/auth/user/change_password.html', {
+fieldsets = [(None, {'fields': form.base_fields.keys()})]
+adminForm = admin.helpers.AdminForm(form, fieldsets, {})
+return render_to_response(self.change_user_password_template or 'admin/auth/user/change_password.html', {
 'title': _('Change password: %s') % escape(user.username),
+'adminForm': adminForm,
 'form': form,
 'is_popup': '_popup' in request.REQUEST,
 'add': True,
 'change': False,
 'has_delete_permission': False,

changeset 29	cc9b7e14412b
parent 0	0d40e90630ef