Separate edit user links for admin/user (bug 564561)

2010-05-18 13:29:16 +02:00 · 2010-05-18 13:29:16 +02:00 · d6025a8d0a
--- a/apps/access/middleware.py
+++ b/apps/access/middleware.py
@ -16,7 +16,7 @@ class ACLMiddleware(object):
        # figure out our list of groups...
        if request.user.is_authenticated():
            request.amo_user = request.user.get_profile()
-            request.groups = request.amo_user.group_set.all()
+            request.groups = request.amo_user.groups.all()

            if acl.action_allowed(request, 'Admin', '%'):
                request.user.is_staff = True
--- a/apps/access/models.py
+++ b/apps/access/models.py
@ -7,7 +7,8 @@ class Group(amo.models.ModelBase):

    name = models.CharField(max_length=255, default='')
    rules = models.TextField()
-    users = models.ManyToManyField('users.UserProfile', through='GroupUser')
+    users = models.ManyToManyField('users.UserProfile', through='GroupUser',
+                                   related_name='groups')

    class Meta:
        db_table = 'groups'
--- a/apps/users/models.py
+++ b/apps/users/models.py
@ -184,7 +184,7 @@ class UserProfile(amo.models.ModelBase):
        self.user.password = self.password
        self.user.date_joined = self.created

-        if self.group_set.filter(rules='*:*').count():
+        if self.groups.filter(rules='*:*').count():
            self.user.is_superuser = self.user.is_staff = True

        self.user.save()
--- a/apps/users/templates/users/profile.html
+++ b/apps/users/templates/users/profile.html
@ -24,9 +24,14 @@
          </div>
        {% endif %}

-        {% if user.is_staff: %}{# TODO restrict this to admins with user edit rights only #}
+        {% if edit_any_user or own_profile %}
          <p class="editprofile">
-            <a href="{{ url("admin:users_userprofile_change", profile.id) }}">{{ _('Edit User') }}</a>
+            {% if own_profile %}
+              <a href="{{ url("users.edit") }}">{{ _('Edit Profile') }}</a>
+            {% endif %}
+            {% if edit_any_user %}
+              <a href="{{ url("admin:users_userprofile_change", profile.id) }}">{{ _('Manage User') }}</a>
+            {% endif %}
          </p>
        {% endif %}
      </div>{# /object-content #}
--- a/apps/users/tests/test_views.py
+++ b/apps/users/tests/test_views.py
@ -1,10 +1,12 @@
 from django import test
 from django.core import mail
+from django.core.cache import cache
 from django.contrib.auth.models import User
 from django.test.client import Client

 from nose.tools import eq_

+from access.models import Group, GroupUser
 from amo.helpers import urlparams
 from amo.pyquery_wrapper import PyQuery
 from amo.urlresolvers import reverse
@ -145,3 +147,47 @@ class TestRegistration(UserViewBase):
        url = reverse('users.confirm.resend', args=[self.user.id])
        r = self.client.get(url, follow=True)
        self.assertContains(r, 'An email has been sent to your address')
+
+
+class TestProfile(UserViewBase):
+
+    def test_edit_buttons(self):
+        """Ensure admin/user edit buttons are shown."""
+
+        def get_links(id):
+            """Grab profile, return edit links."""
+            url = reverse('users.profile', args=[id])
+            r = self.client.get(url)
+            return PyQuery(r.content)('p.editprofile a')
+
+        # Anonymous user.
+        links = get_links(self.user.id)
+        eq_(links.length, 0)
+
+        # Non-admin, someone else's profile.
+        self.client.login(username='jbalogh@mozilla.com', password='foo')
+        links = get_links(9945)
+        eq_(links.length, 0)
+
+        # Non-admin, own profile.
+        links = get_links(self.user.id)
+        eq_(links.length, 1)
+        eq_(links.eq(0).attr('href'), reverse('users.edit'))
+
+        # Admin, someone else's profile.
+        admingroup = Group(rules='Admin:EditAnyUser')
+        admingroup.save()
+        GroupUser.objects.create(group=admingroup, user=self.user_profile)
+        cache.clear()
+
+        links = get_links(9945)
+        eq_(links.length, 1)
+        eq_(links.eq(0).attr('href'),
+            reverse('admin:users_userprofile_change', args=[9945]))
+
+        # Admin, own profile.
+        links = get_links(self.user.id)
+        eq_(links.length, 2)
+        eq_(links.eq(0).attr('href'), reverse('users.edit'))
+        eq_(links.eq(1).attr('href'),
+            reverse('admin:users_userprofile_change', args=[self.user.id]))
--- a/apps/users/views.py
+++ b/apps/users/views.py
@ -14,6 +14,7 @@ from tower import ugettext as _

 import jingo

+from access import acl
 import amo
 from amo.urlresolvers import reverse
 from bandwagon.models import Collection
@ -275,9 +276,14 @@ def profile(request, user_id):
    else:
        fav_coll = []

+    edit_any_user = acl.action_allowed(request, 'Admin', 'EditAnyUser')
+    own_profile = request.user.is_authenticated() and (
+        request.amo_user.id == user.id)
+
    return jingo.render(request, 'users/profile.html',
                        {'profile': user, 'own_coll': own_coll,
-                         'fav_coll': fav_coll})
+                         'fav_coll': fav_coll, 'edit_any_user': edit_any_user,
+                         'own_profile': own_profile})


 def register(request):
--- a/media/css/zamboni/zamboni.css
+++ b/media/css/zamboni/zamboni.css
@ -1159,15 +1159,18 @@ form .error .note.error {
 }

 .object-content .editprofile a {
+    background: transparent url("../../img/amo2009/icons/news-feed-sprite.png") 0 -538px no-repeat;
    font-weight: bold;
    font-size: .923em;
+    margin-right: 1em;
    padding: .25em 0 .25em 22px;
-    background: transparent url("../../../media/img/amo2009/icons/news-feed-sprite.png") 0 -538px no-repeat;
 }

 .html-rtl .object-content .editprofile a {
-    padding: .25em 22px .25em 0;
    background-position: 100% -538px;
+    padding: .25em 22px .25em 0;
+    margin-right: 0;
+    margin-left: 1em;
 }

 /** =Category Landing *********/