[extensions-web] auth: Actually change the correct user's name
- From: Jasper St. Pierre <jstpierre src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [extensions-web] auth: Actually change the correct user's name
- Date: Tue, 28 May 2013 23:05:18 +0000 (UTC)
commit ddee488055c0274c13677c5a8673c4991290d017
Author: Jasper St. Pierre <jstpierre mecheye net>
Date: Mon May 20 23:08:23 2013 -0400
auth: Actually change the correct user's name
We were allowing admins to change all display names, but not
actually setting the name on the correct user.
.../auth/templates/registration/profile.html | 2 +-
sweettooth/auth/urls.py | 2 +-
sweettooth/auth/views.py | 13 ++++++++-----
sweettooth/static/js/main.js | 5 ++++-
4 files changed, 14 insertions(+), 8 deletions(-)
---
diff --git a/sweettooth/auth/templates/registration/profile.html
b/sweettooth/auth/templates/registration/profile.html
index 7287e2f..fecf0b7 100644
--- a/sweettooth/auth/templates/registration/profile.html
+++ b/sweettooth/auth/templates/registration/profile.html
@@ -5,7 +5,7 @@
{% load gravatar %}
<div class="profile">
{% if is_editable %}
- <h2 class="editable" id="new_display_name">{{ display_name }}</h2>
+ <h2 class="editable" data-pk="{{ user.pk }}" id="new_display_name">{{ display_name }}</h2>
{% else %}
<h2>{{ display_name }}</h2>
{% endif %}
diff --git a/sweettooth/auth/urls.py b/sweettooth/auth/urls.py
index 948249e..8ba4f01 100644
--- a/sweettooth/auth/urls.py
+++ b/sweettooth/auth/urls.py
@@ -10,7 +10,7 @@ urlpatterns = patterns('',
dict(template_name='registration/login.html',
authentication_form=forms.AuthenticationForm), name='auth-login'),
- url(r'^change_display_name', views.ajax_change_display_name),
+ url(r'^change_display_name/(?P<pk>\d+)', views.ajax_change_display_name),
url(r'^logout/', logout,
dict(next_page='/'), name='auth-logout'),
diff --git a/sweettooth/auth/views.py b/sweettooth/auth/views.py
index 4ba40f2..3a1ecc8 100644
--- a/sweettooth/auth/views.py
+++ b/sweettooth/auth/views.py
@@ -37,17 +37,20 @@ def profile(request, user):
@ajax_view
@require_POST
@login_required
-def ajax_change_display_name(request):
+def ajax_change_display_name(request, pk):
if request.POST['id'] != 'new_display_name':
return HttpResponseForbidden()
- if not request.user.is_authenticated():
+ userobj = get_object_or_404(models.User, pk=pk)
+ is_editable = (request.user == userobj) or request.user.has_perm('review.can-review-extensions')
+
+ if not is_editable:
return HttpResponseForbidden()
# display name is "%s %s" % (first_name, last_name). Change the first name.
- request.user.first_name = request.POST['value']
- request.user.save()
- return request.POST['value']
+ userobj.first_name = request.POST['value']
+ userobj.save()
+ return userobj.first_name
@login_required
def profile_redirect(request):
diff --git a/sweettooth/static/js/main.js b/sweettooth/static/js/main.js
index 5ba1d4f..f424923 100644
--- a/sweettooth/static/js/main.js
+++ b/sweettooth/static/js/main.js
@@ -45,7 +45,10 @@ function($, messages, modal, hashParamUtils, templates) {
$("time").timeago();
- $("#new_display_name").csrfEditable('/accounts/change_display_name');
+ $("#new_display_name").each(function() {
+ var pk = $(this).data('pk');
+ $(this).csrfEditable('/accounts/change_display_name/' + pk);
+ });
var $userPopupLink = $('#global_domain_bar .user');
var $userPopup = $('#global_domain_bar .user_popup');
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]