1 files changed, 21 insertions, 2 deletions

diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 5cfe904e..a3326b2d 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -64,6 +64,14 @@ def edit_media(request, media):
             return redirect(request, "mediagoblin.user_pages.media_home",
                 user=media.uploader()['username'], media=media['slug'])
 
+    if request.user['is_admin'] \
+            and media['uploader'] != request.user['_id'] \
+            and request.method != 'POST':
+        messages.add_message(
+            request, messages.WARNING,
+            "You are editing another user's media. Proceed with caution.")
+        
+
     return render_to_response(
         request,
         'mediagoblin/edit/edit.html',
@@ -74,7 +82,18 @@ def edit_media(request, media):
 @require_active_login
 def edit_profile(request):
 
-    user = request.user
+    # admins may edit any user profile given a username in the querystring
+    edit_username = request.GET.get('username')
+    if request.user['is_admin'] and request.user['username'] != edit_username:
+        user = request.db.User.find_one({'username': edit_username})
+        # No need to warn again if admin just submitted an edited profile
+        if request.method != 'POST':
+            messages.add_message(
+                request, messages.WARNING,
+                "You are editing a user's profile. Proceed with caution.")
+    else:
+        user = request.user
+
     form = forms.EditProfileForm(request.POST,
         url = user.get('url'),
         bio = user.get('bio'))
@@ -89,7 +108,7 @@ def edit_profile(request):
             	                 'Profile edited!')
             return redirect(request,
                            'mediagoblin.user_pages.user_home',
-                            user=user['username'])
+            	            username=edit_username)
 
     return render_to_response(
         request,