[bug 783707] Allow disabling of users

2013-02-19 18:54:15 -05:00 · 2013-02-19 18:54:15 -05:00 · a2a85134db
--- a/apps/users/models.py
+++ b/apps/users/models.py
@ -70,7 +70,8 @@ class Profile(ModelBase):
                         verbose_name=_lazy(u'Preferred language for email'))

    class Meta(object):
-        permissions = (('view_karma_points', 'Can view karma points'),)
+        permissions = (('view_karma_points', 'Can view karma points'),
+                       ('deactivate_users', 'Can deactivate users'),)

    def __unicode__(self):
        return unicode(self.user)
--- a/apps/users/templates/users/profile.html
+++ b/apps/users/templates/users/profile.html
@ -44,6 +44,17 @@
          {{ private_message(profile.user) }}
        {% endif %}
      </div>
+      {% if user.id != profile.user.id and user.has_perm('users.deactivate_users') %}
+        {% if profile.user.is_active %}
+          <form id="deactivate-form" method="post" action="{{ url('users.deactivate') }}">
+            {{ csrf() }}
+            <input type="hidden" name="user_id" value="{{ profile.user.id }}">
+            <input type="submit" value="{{ _('Deactivate this user') }}">
+          </form>
+        {% else %}
+          <div id="deactivated-msg">{{ _('This user has been deactivated.') }}</div>
+        {% endif %}
+      {% endif %}
      {% if num_answers or num_questions or num_solutions or num_documents %}
        <section class="contributions">
          <h2>Contributions</h2>
--- a/apps/users/tests/test_templates.py
+++ b/apps/users/tests/test_templates.py
@ -382,6 +382,24 @@ class ViewProfileTests(TestCaseBase):
        eq_(200, r.status_code)
        assert '2 documents' in r.content

+    def test_deactivate_button(self):
+        """Check that the deactivate button is shown appropriately"""
+        p = profile()
+        r = self.client.get(reverse('users.profile', args=[p.user.id]))
+        assert 'Deactivate this user' not in r.content
+
+        add_permission(self.u, Profile, 'deactivate_users')
+        self.client.login(username=self.u.username, password='testpass')
+        r = self.client.get(reverse('users.profile', args=[p.user.id]))
+        assert 'Deactivate this user' in r.content
+
+        p.user.is_active = False
+        p.user.save()
+        r = self.client.get(reverse('users.profile', args=[p.user.id]))
+        assert 'This user has been deactivated.' in r.content
+
+        r = self.client.get(reverse('users.profile', args=[self.u.id]))
+        assert 'Deactivate this user' not in r.content

 class PasswordChangeTests(TestCaseBase):

--- a/apps/users/tests/test_views.py
+++ b/apps/users/tests/test_views.py
@ -16,7 +16,7 @@ from sumo.tests import TestCase, LocalizingClient, send_mail_raise_smtp
 from sumo.urlresolvers import reverse
 from users import ERROR_SEND_EMAIL
 from users.models import Profile, RegistrationProfile, EmailChange, Setting
-from users.tests import profile, user, group
+from users.tests import profile, user, group, add_permission


 class RegisterTests(TestCase):
@ -453,3 +453,22 @@ class UserProfileTests(TestCase):
    def test_profile_post(self):
        res = self.client.post(self.url)
        eq_(405, res.status_code)
+
+    def test_profile_deactivate(self):
+        """Test user deactivation"""
+        p = profile()
+
+        self.client.login(username=self.u.username, password='testpass')
+        res = self.client.post(reverse('users.deactivate', locale='en-US'),
+                               {'user_id': p.user.id})
+
+        eq_(403, res.status_code)
+
+        add_permission(self.u, Profile, 'deactivate_users')
+        res = self.client.post(reverse('users.deactivate', locale='en-US'),
+                               {'user_id': p.user.id})
+
+        eq_(302, res.status_code)
+
+        p = Profile.objects.get(user_id=p.user_id)
+        assert not p.user.is_active
--- a/apps/users/urls.py
+++ b/apps/users/urls.py
@ -40,6 +40,7 @@ users_patterns = patterns('',
    url(r'^/settings$', views.edit_settings, name='users.edit_settings'),
    url(r'^/avatar$', views.edit_avatar, name='users.edit_avatar'),
    url(r'^/avatar/delete$', views.delete_avatar, name='users.delete_avatar'),
+    url(r'^/deactivate$', views.deactivate, name='users.deactivate'),

    # Password reset
    url(r'^/pwreset$', views.password_reset, name='users.pw_reset'),
--- a/apps/users/views.py
+++ b/apps/users/views.py
@ -10,7 +10,8 @@ from django.contrib.sites.models import Site
 from django.core import mail
 from django.http import (HttpResponsePermanentRedirect, HttpResponseRedirect,
                         Http404)
-from django.views.decorators.http import require_http_methods, require_GET
+from django.views.decorators.http import (require_http_methods, require_GET,
+                                          require_POST)
 from django.shortcuts import get_object_or_404
 from django.template.loader import render_to_string
 from django.utils.http import base36_to_int
@ -22,7 +23,8 @@ from statsd import statsd
 from tidings.tasks import claim_watches
 from tower import ugettext as _

-from access.decorators import logout_required, login_required
+from access.decorators import (logout_required, login_required,
+                               permission_required)
 from questions.models import (Question, user_num_answers, user_num_questions,
                              user_num_solutions)
 from sumo import email_utils
@ -35,6 +37,7 @@ from users.forms import (ProfileForm, AvatarForm, EmailConfirmationForm,
                         AuthenticationForm, EmailChangeForm, SetPasswordForm,
                         PasswordChangeForm, SettingsForm, ForgotUsernameForm,
                         RegisterForm)
+from users.helpers import profile_url
 from users.models import (Profile, RegistrationProfile,
                          EmailChange)
 from users.utils import (handle_login, handle_register,
@ -287,7 +290,11 @@ def confirm_change_email(request, activation_key):
@mobile_template('users/{mobile/}profile.html')
 def profile(request, template, user_id):
    user_profile = get_object_or_404(
-        Profile, user__id=user_id, user__is_active=True)
+        Profile, user__id=user_id)
+
+    if not (request.user.has_perm('users.deactivate_users')
+        or user_profile.user.is_active):
+        raise Http404('No Profile matches the given query.')

    groups = user_profile.user.groups.all()
    return jingo.render(request, template, {
@ -299,6 +306,15 @@ def profile(request, template, user_id):
        'num_documents': user_num_documents(user_profile.user),})


+@require_POST
+@permission_required('users.deactivate_users')
+def deactivate(request):
+    user = get_object_or_404(User, id=request.POST['user_id'], is_active=True)
+    user.is_active = False
+    user.save()
+    return HttpResponseRedirect(profile_url(user))
+
+
@require_GET
 def documents_contributed(request, user_id):
    user_profile = get_object_or_404(
--- a/media/less/users.less
+++ b/media/less/users.less
@ -11,6 +11,11 @@ article {
  }
 }

+#deactivated-msg {
+  color: #cc0000;
+  font-weight: bold;
+}
+
 #user-nav {
  margin-bottom: 20px;
 }
--- a/migrations/199-deactivate-users-permission.sql
+++ b/migrations/199-deactivate-users-permission.sql
@ -0,0 +1,4 @@
+SET @ct = (SELECT id from django_content_type WHERE name='profile' AND app_label='users');
+
+INSERT INTO auth_permission (`name`, `content_type_id`, `codename`) VALUES
+    ('Can deactivate users', @ct, 'deactivate_users');