сделал частично работающую смену пароля

2024-01-19 14:07:43 +03:00
parent a611b1784d
commit 345d807f06
6 changed files with 68 additions and 16 deletions
--- a/users/views.py
+++ b/users/views.py
@@ -1,9 +1,10 @@
 import os

+from django.contrib.auth.forms import PasswordChangeForm
 from django.http import HttpResponse, HttpResponseRedirect, HttpResponseBadRequest, Http404
 from django.shortcuts import render
 # from django.db.models import Manager
-from django.contrib.auth import authenticate, login, logout
+from django.contrib.auth import authenticate, login, logout, update_session_auth_hash
 from django.contrib.auth.decorators import login_required, permission_required
 from .models import User
 from .forms import UserRegisterForm
@@ -54,16 +55,17 @@ def view_login(request):


@login_required
-def view_account(request):
+def view_account(request, username=None):
    view_user = request.user
-    if 'username' in request.GET:
-        if request.user.has_perm('users.view_user'):
-            try:
-                view_user = User.objects.get_by_natural_key(request.GET['username'])
-            except:
-                return Http404()
-        else:
-            raise PermissionError()
+    if username is not None:
+        if username != view_user.login:
+            if request.user.has_perm('users.view_user'):
+                try:
+                    view_user = User.objects.get_by_natural_key(username)
+                except:
+                    return Http404()
+            else:
+                raise PermissionError()
    return render(request, 'account/view.html', {'view_user': view_user})


@@ -78,6 +80,28 @@ def view_register(request):
    return render(request, 'account/register.html', {'form': form})


+@login_required
+def view_change_password(request):
+    user = request.user
+    if 'username' in request.GET:
+        if request.user.has_perm('users.change_user'):
+            try:
+                user = User.objects.get_by_natural_key(request.GET['username'])
+            except:
+                return Http404()
+        else:
+            raise PermissionError()
+
+    form = PasswordChangeForm(user=user, data=(request.POST or None))
+    if request.method == "POST":
+        if form.is_valid():
+            form.save()
+            update_session_auth_hash(request, form.user)
+            return HttpResponseRedirect('account')
+
+    return render(request, 'account/change-password.html', {'form': form, 'target_user': user})
+
+
@login_required
@permission_required(perm='users.view_user', raise_exception=True)
 def view_list(request):