@require_active_login
def edit_profile(request):
- user = request.user
+ # admins may edit any user profile given a username in the querystring
+ edit_username = request.GET.get('username')
+ if request.user['is_admin'] and request.user['username'] != edit_username:
+ user = request.db.User.find_one({'username': edit_username})
+ # No need to warn again if admin just submitted an edited profile
+ if request.method != 'POST':
+ messages.add_message(
+ request, messages.WARNING,
+ 'You are editing a user\'s profile. Proceed with caution.')
+ else:
+ user = request.user
+
form = forms.EditProfileForm(request.POST,
url = user.get('url'),
bio = user.get('bio'))
messages.add_message(request,
messages.SUCCESS,
'Profile edited!')
- return redirect(request, "mediagoblin.edit.profile")
+ return redirect(request,
+ "mediagoblin.edit.profile",
+ username=edit_username)
return render_to_response(
request,
{% block mediagoblin_content %}
- <form action="{{ request.urlgen('mediagoblin.edit.profile',
- user=user.username) }}"
+ <form action="{{ request.urlgen('mediagoblin.edit.profile') }}?username={{
+ user['username'] }}"
method="POST" enctype="multipart/form-data">
<div class="grid_6 prefix_1 suffix_1 edit_box form_box">
<h1>Editing {{ user['username'] }}'s profile</h1>