101
102
"""Only allow access if the requesting user is an admin."""
102
103
return req.user and req.user.admin
104
def filter(self, stream, ctx):
105
return stream | HTMLFormFiller(data=ctx['data'])
107
return UserAdminSchema()
109
def get_default_data(self, req):
110
return {'admin': self.context.admin,
111
'disabled': self.context.state == u'disabled',
112
'fullname': self.context.fullname,
113
'studentid': self.context.studentid,
116
def save_object(self, req, data):
117
if self.context is req.user:
118
# Admin checkbox is disabled -- assume unchanged
119
data['admin'] = self.context.admin
120
data['disabled'] = self.context.state == u'disabled'
122
self.context.admin = data['admin']
123
if self.context.state in (u'enabled', u'disabled'):
124
self.context.state = (u'disabled' if data['disabled']
126
self.context.fullname = data['fullname'] \
127
if data['fullname'] else None
128
self.context.studentid = data['studentid'] \
129
if data['studentid'] else None
107
133
def populate(self, req, ctx):
108
if req.method == 'POST':
109
data = dict(req.get_fieldstorage())
111
validator = UserAdminSchema()
112
data = validator.to_python(data, state=req)
114
if self.context is req.user:
115
# Admin checkbox is disabled -- assume unchanged
116
data['admin'] = self.context.admin
117
data['disabled'] = self.context.state == u'disabled'
119
self.context.admin = data['admin']
120
if self.context.state in (u'enabled', u'disabled'):
121
self.context.state = (u'disabled' if data['disabled']
123
self.context.fullname = data['fullname'] \
124
if data['fullname'] else None
125
self.context.studentid = data['studentid'] \
126
if data['studentid'] else None
128
req.throw_redirect(req.uri)
129
except formencode.Invalid, e:
130
errors = e.unpack_errors()
132
data = {'admin': self.context.admin,
133
'disabled': self.context.state == u'disabled',
134
'fullname': self.context.fullname,
135
'studentid': self.context.studentid,
140
ctx['user'] = self.context
141
# Disable the Admin checkbox if editing oneself
134
super(UserAdminView, self).populate(req, ctx)
136
# Disable the admin checkbox if editing oneself
142
137
ctx['disable_admin'] = self.context is req.user
144
ctx['errors'] = errors
146
139
class PasswordChangeView(XHTMLView):
147
140
"""A form to change a user's password, with knowledge of the old one."""