From d9ed098e74617916de85142400b00af973a49b76 Mon Sep 17 00:00:00 2001 From: Caleb Forbes Davis V Date: Fri, 1 Jul 2011 22:33:54 -0500 Subject: Bug #404 - Successful profile edit is successful! user is notified of successful profile edit w/o extra navigation --- mediagoblin/edit/views.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'mediagoblin/edit/views.py') diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index a9071495..5a7aa4bd 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -17,6 +17,7 @@ from webob import exc +from mediagoblin import messages from mediagoblin.util import render_to_response, redirect, clean_html from mediagoblin.edit import forms from mediagoblin.edit.lib import may_edit_media @@ -83,7 +84,10 @@ def edit_profile(request): user['bio'] = request.POST['bio'] user.save() - return redirect(request, "index", user=user['username']) + messages.add_message(request, + messages.SUCCESS, + 'Profile edited!') + return redirect(request, "mediagoblin.edit.profile") return render_to_response( request, -- cgit v1.2.3 From a0cf14fe7cbfe013a9973ad72a7bbd662656c9c9 Mon Sep 17 00:00:00 2001 From: Caleb Forbes Davis V Date: Sun, 3 Jul 2011 02:43:57 -0500 Subject: uses new 'username' variable in querystring to specify the user to edit Previously, this view only allowed editing of the logged-in user. Now you can specify the user to edit in the querystring. If you are an admin the view allows you to edit any user's profile, with a warning message. The warning only shows up if the admin is editing another user's profile. Make sure to pass the username to this view at every step in the process --- mediagoblin/edit/views.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'mediagoblin/edit/views.py') diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 5a7aa4bd..64fa0eab 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -74,7 +74,18 @@ def edit_media(request, media): @require_active_login def edit_profile(request): - user = request.user + # admins may edit any user profile given a username in the querystring + edit_username = request.GET.get('username') + if request.user['is_admin'] and request.user['username'] != edit_username: + user = request.db.User.find_one({'username': edit_username}) + # No need to warn again if admin just submitted an edited profile + if request.method != 'POST': + messages.add_message( + request, messages.WARNING, + 'You are editing a user\'s profile. Proceed with caution.') + else: + user = request.user + form = forms.EditProfileForm(request.POST, url = user.get('url'), bio = user.get('bio')) @@ -87,7 +98,9 @@ def edit_profile(request): messages.add_message(request, messages.SUCCESS, 'Profile edited!') - return redirect(request, "mediagoblin.edit.profile") + return redirect(request, + "mediagoblin.edit.profile", + username=edit_username) return render_to_response( request, -- cgit v1.2.3 From 96a2c366427f288ba3c2e20789612d829a55e908 Mon Sep 17 00:00:00 2001 From: Christopher Allan Webber Date: Sun, 3 Jul 2011 09:26:40 -0500 Subject: Caution an admin when they're editing someone else's media. --- mediagoblin/edit/views.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'mediagoblin/edit/views.py') diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 64fa0eab..f069d8e7 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -64,6 +64,14 @@ def edit_media(request, media): return redirect(request, "mediagoblin.user_pages.media_home", user=media.uploader()['username'], media=media['slug']) + if request.user['is_admin'] \ + and media['uploader'] != request.user['_id'] \ + and request.method != 'POST': + messages.add_message( + request, messages.WARNING, + 'You are editing another user\'s media. Proceed with caution.') + + return render_to_response( request, 'mediagoblin/edit/edit.html', -- cgit v1.2.3 From b86bedf9eac62ed41715de1a17bb49c672dfba93 Mon Sep 17 00:00:00 2001 From: Christopher Allan Webber Date: Sun, 3 Jul 2011 09:29:09 -0500 Subject: Switching single-quoted strings to double-quote to avoid escaping the apostrophe.. :) --- mediagoblin/edit/views.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'mediagoblin/edit/views.py') diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index f069d8e7..e064a9c3 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -69,7 +69,7 @@ def edit_media(request, media): and request.method != 'POST': messages.add_message( request, messages.WARNING, - 'You are editing another user\'s media. Proceed with caution.') + "You are editing another user's media. Proceed with caution.") return render_to_response( @@ -90,7 +90,7 @@ def edit_profile(request): if request.method != 'POST': messages.add_message( request, messages.WARNING, - 'You are editing a user\'s profile. Proceed with caution.') + "You are editing a user's profile. Proceed with caution.") else: user = request.user -- cgit v1.2.3