correction création utilisateur par non superuser

accounts/__init__.py

@@ -0,0 +1 @@
+default_app_config = 'accounts.apps.AccountsConfig'

accounts/admin.py

@@ -4,27 +4,44 @@ from django.contrib.auth.admin import UserAdmin as AuthUserAdmin
 from django.core.exceptions import PermissionDenied
 
 
+from .forms import UserCreationForm
 from adhesions.admin import ProfileInline, AdherentInline
 
 
 class UserAdmin(AuthUserAdmin):
-    inlines = (ProfileInline, AdherentInline,)
-
     def get_readonly_fields(self, request, obj=None):
         readonly_fields = super().get_readonly_fields(request, obj)
-        if not request.user.is_superuser:
+        if obj and not request.user.is_superuser:
             readonly_fields += ('username',)
         return readonly_fields
 
     def get_fieldsets(self, request, obj=None):
         if request.user.is_superuser:
-            return AuthUserAdmin.fieldsets
+            return super().get_fieldsets(request, obj)
+        if obj:
+            return (
+                AuthUserAdmin.fieldsets[0], # Note: password is mandatory (but readonly)
+                AuthUserAdmin.fieldsets[1],
+            )
         else:
             return (
                 (None, {'fields': ('username',)}),
                 AuthUserAdmin.fieldsets[1],
             )
 
+    def get_form(self, request, obj=None):
+        # get_inlines does not exists :-(
+        if obj:
+            self.inlines = (ProfileInline, AdherentInline,)
+        else:
+            self.inlines = ()
+
+        if request.user.is_superuser or obj:
+            return super().get_form(request, obj)
+        else:
+            # This creation form does not ask for a password
+            return UserCreationForm
+
     def user_change_password(self, request, id):
         if not request.user.is_superuser:
             raise PermissionDenied

accounts/apps.py

@@ -0,0 +1,8 @@
+from django.apps import AppConfig
+
+
+class AccountsConfig(AppConfig):
+    name = 'accounts'
+
+    def ready(self):
+        import accounts.signals

accounts/forms.py

@@ -0,0 +1,8 @@
+from django.forms import ModelForm
+from django.contrib.auth.models import User
+
+
+class UserCreationForm(ModelForm):
+    class Meta:
+        model = User
+        fields = ('username', 'first_name', 'last_name', 'email',)

accounts/signals.py

@@ -0,0 +1,9 @@
+from django.dispatch import receiver
+from django.db.models.signals import pre_save
+from django.contrib.auth.models import User
+
+
+@receiver(pre_save, sender=User, dispatch_uid='set_unusable_password')
+def set_unusable_password(sender, instance, **kwargs):
+    if not instance.password:
+        instance.set_unusable_password()