uses new 'username' variable in querystring to specify the user to edit
authorCaleb Forbes Davis V <caldavis@gmail.com>
Sun, 3 Jul 2011 07:43:57 +0000 (02:43 -0500)
committerCaleb Forbes Davis V <caldavis@gmail.com>
Sun, 3 Jul 2011 07:56:00 +0000 (02:56 -0500)
Previously, this view only allowed editing of the logged-in user. Now you
  can specify the user to edit in the querystring. If you are an admin the
  view allows you to edit any user's profile, with a warning message. The
  warning only shows up if the admin is editing another user's profile.

Make sure to pass the username to this view at every step in the process

mediagoblin/edit/views.py
mediagoblin/templates/mediagoblin/edit/edit_profile.html

index 5a7aa4bd179b0ccc53ae35f890a752782dd7c5a7..64fa0eabfd36e2ae4192e59b7b3b65ad57dc6754 100644 (file)
@@ -74,7 +74,18 @@ def edit_media(request, media):
 @require_active_login
 def edit_profile(request):
 
-    user = request.user
+    # admins may edit any user profile given a username in the querystring
+    edit_username = request.GET.get('username')
+    if request.user['is_admin'] and request.user['username'] != edit_username:
+        user = request.db.User.find_one({'username': edit_username})
+        # No need to warn again if admin just submitted an edited profile
+        if request.method != 'POST':
+            messages.add_message(
+                request, messages.WARNING,
+                'You are editing a user\'s profile. Proceed with caution.')
+    else:
+        user = request.user
+
     form = forms.EditProfileForm(request.POST,
         url = user.get('url'),
         bio = user.get('bio'))
@@ -87,7 +98,9 @@ def edit_profile(request):
             messages.add_message(request, 
                                 messages.SUCCESS, 
                                 'Profile edited!')
-            return redirect(request, "mediagoblin.edit.profile")
+            return redirect(request, 
+                          "mediagoblin.edit.profile", 
+                           username=edit_username)
 
     return render_to_response(
         request,
index 7efd0ee383e0b4d580b55f03bce15afbeb73918a..cf228977ba97e35ef1b72b6efb11836600da08c4 100644 (file)
@@ -21,8 +21,8 @@
 
 {% block mediagoblin_content %}
 
-  <form action="{{ request.urlgen('mediagoblin.edit.profile',
-                               user=user.username) }}"
+  <form action="{{ request.urlgen('mediagoblin.edit.profile') }}?username={{ 
+                                                     user['username'] }}"
         method="POST" enctype="multipart/form-data">
     <div class="grid_6 prefix_1 suffix_1 edit_box form_box">
       <h1>Editing {{ user['username'] }}'s profile</h1>