Browse Source

correction création utilisateur par non superuser

Élie Bouttier 8 years ago
parent
commit
e2b2c12144
5 changed files with 47 additions and 4 deletions
  1. 1 0
      accounts/__init__.py
  2. 21 4
      accounts/admin.py
  3. 8 0
      accounts/apps.py
  4. 8 0
      accounts/forms.py
  5. 9 0
      accounts/signals.py

+ 1 - 0
accounts/__init__.py

@@ -0,0 +1 @@
+default_app_config = 'accounts.apps.AccountsConfig'

+ 21 - 4
accounts/admin.py

@@ -4,27 +4,44 @@ from django.contrib.auth.admin import UserAdmin as AuthUserAdmin
 from django.core.exceptions import PermissionDenied
 
 
+from .forms import UserCreationForm
 from adhesions.admin import ProfileInline, AdherentInline
 
 
 class UserAdmin(AuthUserAdmin):
-    inlines = (ProfileInline, AdherentInline,)
-
     def get_readonly_fields(self, request, obj=None):
         readonly_fields = super().get_readonly_fields(request, obj)
-        if not request.user.is_superuser:
+        if obj and not request.user.is_superuser:
             readonly_fields += ('username',)
         return readonly_fields
 
     def get_fieldsets(self, request, obj=None):
         if request.user.is_superuser:
-            return AuthUserAdmin.fieldsets
+            return super().get_fieldsets(request, obj)
+        if obj:
+            return (
+                AuthUserAdmin.fieldsets[0], # Note: password is mandatory (but readonly)
+                AuthUserAdmin.fieldsets[1],
+            )
         else:
             return (
                 (None, {'fields': ('username',)}),
                 AuthUserAdmin.fieldsets[1],
             )
 
+    def get_form(self, request, obj=None):
+        # get_inlines does not exists :-(
+        if obj:
+            self.inlines = (ProfileInline, AdherentInline,)
+        else:
+            self.inlines = ()
+
+        if request.user.is_superuser or obj:
+            return super().get_form(request, obj)
+        else:
+            # This creation form does not ask for a password
+            return UserCreationForm
+
     def user_change_password(self, request, id):
         if not request.user.is_superuser:
             raise PermissionDenied

+ 8 - 0
accounts/apps.py

@@ -0,0 +1,8 @@
+from django.apps import AppConfig
+
+
+class AccountsConfig(AppConfig):
+    name = 'accounts'
+
+    def ready(self):
+        import accounts.signals

+ 8 - 0
accounts/forms.py

@@ -0,0 +1,8 @@
+from django.forms import ModelForm
+from django.contrib.auth.models import User
+
+
+class UserCreationForm(ModelForm):
+    class Meta:
+        model = User
+        fields = ('username', 'first_name', 'last_name', 'email',)

+ 9 - 0
accounts/signals.py

@@ -0,0 +1,9 @@
+from django.dispatch import receiver
+from django.db.models.signals import pre_save
+from django.contrib.auth.models import User
+
+
+@receiver(pre_save, sender=User, dispatch_uid='set_unusable_password')
+def set_unusable_password(sender, instance, **kwargs):
+    if not instance.password:
+        instance.set_unusable_password()