diff options
author | Caleb Forbes Davis V <caldavis@gmail.com> | 2011-07-03 02:43:57 -0500 |
---|---|---|
committer | Caleb Forbes Davis V <caldavis@gmail.com> | 2011-07-03 02:56:00 -0500 |
commit | a0cf14fe7cbfe013a9973ad72a7bbd662656c9c9 (patch) | |
tree | d9efa7be7c6fe3f6b88e83d1443271509f104a71 /mediagoblin/edit/views.py | |
parent | e192d7b7a55efdfd2f50f5d068a0dfa484e152fa (diff) | |
download | mediagoblin-a0cf14fe7cbfe013a9973ad72a7bbd662656c9c9.tar.lz mediagoblin-a0cf14fe7cbfe013a9973ad72a7bbd662656c9c9.tar.xz mediagoblin-a0cf14fe7cbfe013a9973ad72a7bbd662656c9c9.zip |
uses new 'username' variable in querystring to specify the user to edit
Previously, this view only allowed editing of the logged-in user. Now you
can specify the user to edit in the querystring. If you are an admin the
view allows you to edit any user's profile, with a warning message. The
warning only shows up if the admin is editing another user's profile.
Make sure to pass the username to this view at every step in the process
Diffstat (limited to 'mediagoblin/edit/views.py')
-rw-r--r-- | mediagoblin/edit/views.py | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 5a7aa4bd..64fa0eab 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -74,7 +74,18 @@ def edit_media(request, media): @require_active_login def edit_profile(request): - user = request.user + # admins may edit any user profile given a username in the querystring + edit_username = request.GET.get('username') + if request.user['is_admin'] and request.user['username'] != edit_username: + user = request.db.User.find_one({'username': edit_username}) + # No need to warn again if admin just submitted an edited profile + if request.method != 'POST': + messages.add_message( + request, messages.WARNING, + 'You are editing a user\'s profile. Proceed with caution.') + else: + user = request.user + form = forms.EditProfileForm(request.POST, url = user.get('url'), bio = user.get('bio')) @@ -87,7 +98,9 @@ def edit_profile(request): messages.add_message(request, messages.SUCCESS, 'Profile edited!') - return redirect(request, "mediagoblin.edit.profile") + return redirect(request, + "mediagoblin.edit.profile", + username=edit_username) return render_to_response( request, |