diff options
| author | Caleb Forbes Davis V <caldavis@gmail.com> | 2011-07-03 02:43:57 -0500 |
|---|---|---|
| committer | Caleb Forbes Davis V <caldavis@gmail.com> | 2011-07-03 02:56:00 -0500 |
| commit | a0cf14fe7cbfe013a9973ad72a7bbd662656c9c9 (patch) | |
| tree | d9efa7be7c6fe3f6b88e83d1443271509f104a71 | |
| parent | e192d7b7a55efdfd2f50f5d068a0dfa484e152fa (diff) | |
| download | mediagoblin-a0cf14fe7cbfe013a9973ad72a7bbd662656c9c9.tar.lz mediagoblin-a0cf14fe7cbfe013a9973ad72a7bbd662656c9c9.tar.xz mediagoblin-a0cf14fe7cbfe013a9973ad72a7bbd662656c9c9.zip | |
uses new 'username' variable in querystring to specify the user to edit
Previously, this view only allowed editing of the logged-in user. Now you
can specify the user to edit in the querystring. If you are an admin the
view allows you to edit any user's profile, with a warning message. The
warning only shows up if the admin is editing another user's profile.
Make sure to pass the username to this view at every step in the process
| -rw-r--r-- | mediagoblin/edit/views.py | 17 | ||||
| -rw-r--r-- | mediagoblin/templates/mediagoblin/edit/edit_profile.html | 4 |
2 files changed, 17 insertions, 4 deletions
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 5a7aa4bd..64fa0eab 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -74,7 +74,18 @@ def edit_media(request, media): @require_active_login def edit_profile(request): - user = request.user + # admins may edit any user profile given a username in the querystring + edit_username = request.GET.get('username') + if request.user['is_admin'] and request.user['username'] != edit_username: + user = request.db.User.find_one({'username': edit_username}) + # No need to warn again if admin just submitted an edited profile + if request.method != 'POST': + messages.add_message( + request, messages.WARNING, + 'You are editing a user\'s profile. Proceed with caution.') + else: + user = request.user + form = forms.EditProfileForm(request.POST, url = user.get('url'), bio = user.get('bio')) @@ -87,7 +98,9 @@ def edit_profile(request): messages.add_message(request, messages.SUCCESS, 'Profile edited!') - return redirect(request, "mediagoblin.edit.profile") + return redirect(request, + "mediagoblin.edit.profile", + username=edit_username) return render_to_response( request, diff --git a/mediagoblin/templates/mediagoblin/edit/edit_profile.html b/mediagoblin/templates/mediagoblin/edit/edit_profile.html index 7efd0ee3..cf228977 100644 --- a/mediagoblin/templates/mediagoblin/edit/edit_profile.html +++ b/mediagoblin/templates/mediagoblin/edit/edit_profile.html @@ -21,8 +21,8 @@ {% block mediagoblin_content %} - <form action="{{ request.urlgen('mediagoblin.edit.profile', - user=user.username) }}" + <form action="{{ request.urlgen('mediagoblin.edit.profile') }}?username={{ + user['username'] }}" method="POST" enctype="multipart/form-data"> <div class="grid_6 prefix_1 suffix_1 edit_box form_box"> <h1>Editing {{ user['username'] }}'s profile</h1> |