mirror of
https://github.com/Mistake35/Cedar-Django.git
synced 2026-07-18 00:21:14 +10:00
Cedar now uses Django's Perms and groups.
You'll have to do some manual editing to give yourself superuser. - /admin/ now uses perms and groups. So you can fine tune who has access to what model. - Moved the metadata button to the user sidebar - Removed metaview lists from showing in user settings and in the metadata page.
This commit is contained in:
+113
-55
@@ -1,71 +1,110 @@
|
||||
from django.apps import apps
|
||||
from django.contrib import admin
|
||||
#from django.contrib.auth.admin import UserAdmin
|
||||
from django.contrib.auth.models import Group
|
||||
#from django.forms import ModelForm, PasswordInput
|
||||
from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
|
||||
from django.contrib.auth.forms import AdminPasswordChangeForm
|
||||
from django.contrib.auth.models import Group, Permission
|
||||
from django.contrib import messages
|
||||
from django.http import HttpResponseRedirect
|
||||
from django.conf import settings
|
||||
|
||||
from . import models
|
||||
|
||||
# Override admin login page
|
||||
from closedverse_main.views import login_page
|
||||
admin.autodiscover()
|
||||
admin.site.login = login_page
|
||||
|
||||
"""
|
||||
class UserForm(ModelForm):
|
||||
class Meta:
|
||||
model = models.User
|
||||
fields = '__all__'
|
||||
widgets = {
|
||||
'password': PasswordInput(),
|
||||
}
|
||||
"""
|
||||
@admin.action(description='Void selected Invites')
|
||||
@admin.action(description='Void selected Invites', permissions=["change"])
|
||||
def Void_invite(modeladmin, request, queryset):
|
||||
queryset.update(void = True)
|
||||
@admin.action(description='Restore selected Invites')
|
||||
@admin.action(description='Restore selected Invites', permissions=["change"])
|
||||
def Restore_invite(modeladmin, request, queryset):
|
||||
queryset.update(void = False, used = False)
|
||||
@admin.action(description='Hide selected items')
|
||||
@admin.action(description='Hide selected items', permissions=["change"])
|
||||
def Hide_content(modeladmin, request, queryset):
|
||||
queryset.update(is_rm = True)
|
||||
@admin.action(description='Show selected items')
|
||||
@admin.action(description='Show selected items', permissions=["change"])
|
||||
def Show_content(modeladmin, request, queryset):
|
||||
queryset.update(is_rm = False)
|
||||
@admin.action(description='Disable comments')
|
||||
@admin.action(description='Disable comments', permissions=["change"])
|
||||
def Disable_comments(modeladmin, request, queryset):
|
||||
queryset.update(lock_comments = 2)
|
||||
@admin.action(description='Enable comments')
|
||||
@admin.action(description='Enable comments', permissions=["change"])
|
||||
def Enable_comments(modeladmin, request, queryset):
|
||||
queryset.update(lock_comments = 0)
|
||||
@admin.action(description='Feature selected communities')
|
||||
@admin.action(description='Feature selected communities', permissions=["change"])
|
||||
def Feature_community(modeladmin, request, queryset):
|
||||
queryset.update(is_feature = True)
|
||||
@admin.action(description='Unfeature selected communities')
|
||||
@admin.action(description='Unfeature selected communities', permissions=["change"])
|
||||
def Unfeature_community(modeladmin, request, queryset):
|
||||
queryset.update(is_feature = False)
|
||||
@admin.action(description='Force login')
|
||||
@admin.action(description='Force login', permissions=["change"])
|
||||
def force_login(modeladmin, request, queryset):
|
||||
queryset.update(require_auth = True)
|
||||
@admin.action(description='Unforce login')
|
||||
@admin.action(description='Unforce login', permissions=["change"])
|
||||
def unforce_login(modeladmin, request, queryset):
|
||||
queryset.update(require_auth = False)
|
||||
@admin.action(description='Disable user')
|
||||
@admin.action(description='Disable user', permissions=["change"])
|
||||
def Disable_user(modeladmin, request, queryset):
|
||||
queryset.update(active = False)
|
||||
@admin.action(description='Enable user')
|
||||
queryset.update(is_active = False)
|
||||
@admin.action(description='Enable user', permissions=["change"])
|
||||
def Enable_user(modeladmin, request, queryset):
|
||||
queryset.update(active = True)
|
||||
queryset.update(is_active = True)
|
||||
|
||||
@admin.action(description='Demote user', permissions=["change"])
|
||||
def Demote_user(modeladmin, request, queryset):
|
||||
queryset.update(is_superuser = False)
|
||||
queryset.update(is_staff = False)
|
||||
queryset.update(level = 0)
|
||||
|
||||
class UserAdmin(admin.ModelAdmin):
|
||||
search_fields = ('id', 'username', 'nickname', 'email', )
|
||||
list_display = ('id', 'username', 'nickname', 'warned', 'level', 'staff', 'active', )
|
||||
exclude = ('addr', 'signup_addr', 'password', )
|
||||
actions = [Disable_user, Enable_user]
|
||||
#exclude = ('staff', )
|
||||
# Not yet
|
||||
#form = UserForm
|
||||
class UserAdmin(BaseUserAdmin):
|
||||
search_fields = ('id', 'username', 'nickname', 'email', 'addr', 'signup_addr')
|
||||
list_display = ('id', 'username', 'nickname', 'level', 'is_active', 'is_staff', 'is_superuser')
|
||||
actions = [Disable_user, Enable_user, Demote_user]
|
||||
raw_id_fields = ('role', )
|
||||
readonly_fields = ('last_login', 'created', )
|
||||
fieldsets = (
|
||||
(None, {'fields': ('nickname', 'username', 'password')}),
|
||||
('Personal info', {'fields': ('email', ('addr', 'signup_addr'))}),
|
||||
('Cosmetic', {'fields': (('role', 'avatar', 'has_mh'), 'color', 'theme', 'bg_url',)}),
|
||||
('Data', {'fields': ('last_login', 'created', 'hide_online')}),
|
||||
('Permissions', {'fields': (('is_active', 'is_staff', 'is_superuser', 'can_invite'), 'level', 'c_tokens', 'groups', 'user_permissions')}),
|
||||
)
|
||||
|
||||
# yes this is stupid...
|
||||
def get_queryset(self, request):
|
||||
# Filter the list of users displayed based on the current user's level and superuser status.
|
||||
qs = super().get_queryset(request)
|
||||
if request.user.is_superuser:
|
||||
return qs
|
||||
return qs.filter(level__lt=request.user.level)
|
||||
|
||||
def has_change_permission(self, request, obj=None):
|
||||
if not obj:
|
||||
return super().has_change_permission(request, obj)
|
||||
# Superusers can edit anyone
|
||||
if request.user.is_superuser:
|
||||
return True
|
||||
# Users cannot edit superusers or users with a higher level than themselves
|
||||
if obj.is_superuser or obj.level >= request.user.level:
|
||||
return False
|
||||
return super().has_change_permission(request, obj)
|
||||
|
||||
def has_delete_permission(self, request, obj=None):
|
||||
if not obj:
|
||||
return super().has_delete_permission(request, obj)
|
||||
# Superusers can delete anyone
|
||||
if request.user.is_superuser:
|
||||
return True
|
||||
# Users cannot delete superusers or users with a higher level than themselves
|
||||
if obj.is_superuser or obj.level >= request.user.level:
|
||||
return False
|
||||
return super().has_delete_permission(request, obj)
|
||||
|
||||
def get_readonly_fields(self, request, obj=None):
|
||||
# Get the default readonly fields
|
||||
readonly_fields = super().get_readonly_fields(request, obj)
|
||||
|
||||
# If the user is not a superuser, add the fields to the readonly list
|
||||
if not request.user.is_superuser:
|
||||
readonly_fields += ('level', 'is_staff', 'is_superuser', 'groups', 'user_permissions', 'password')
|
||||
return readonly_fields
|
||||
|
||||
class ProfileAdmin(admin.ModelAdmin):
|
||||
search_fields = ('id', 'user__username__icontains', 'comment', 'origin_id',)
|
||||
raw_id_fields = ('user', 'favorite',)
|
||||
@@ -142,12 +181,30 @@ class RoleAdmin(admin.ModelAdmin):
|
||||
exclude = ('is_static', )
|
||||
|
||||
class BanAdmin(admin.ModelAdmin):
|
||||
# Hide that shit for now, Eventually I plan to get rid of the user_tools_meta thing completely and just show IP addresses for staff like any normal site.
|
||||
exclude = ('ip_address', )
|
||||
raw_id_fields = ('to', 'by')
|
||||
list_display = ('by', 'to', 'reason', 'expiry_date', 'active')
|
||||
|
||||
#class BlockAdmin(admin.ModelAdmin)
|
||||
def save_model(self, request, obj, form, change):
|
||||
# Set the 'by' field to the currently logged-in user
|
||||
obj.by = request.user
|
||||
|
||||
admin.site.unregister(Group)
|
||||
# Check if the user being banned is a superuser or has a higher level than the user issuing the ban
|
||||
if obj.to.is_superuser or obj.to.level > request.user.level:
|
||||
messages.error(request, "You cannot ban a superuser or a user with a higher level.")
|
||||
return
|
||||
|
||||
super().save_model(request, obj, form, change)
|
||||
|
||||
def response_add(self, request, obj, post_url_continue=None):
|
||||
# If there was an error, redirect back to the 'add' page
|
||||
if messages.get_messages(request):
|
||||
return HttpResponseRedirect(request.path)
|
||||
return super().response_add(request, obj, post_url_continue)
|
||||
|
||||
class LoginAdmin(admin.ModelAdmin):
|
||||
raw_id_fields = ('user',)
|
||||
list_display = ('user', 'addr', 'user_agent', )
|
||||
search_fields = ('user__username', 'addr', 'user_agent', )
|
||||
|
||||
admin.site.register(models.Role, RoleAdmin)
|
||||
admin.site.register(models.User, UserAdmin)
|
||||
@@ -158,24 +215,25 @@ admin.site.register(models.Complaint, ComplaintAdmin)
|
||||
admin.site.register(models.Message, MessageAdmin)
|
||||
admin.site.register(models.Conversation, ConversationAdmin)
|
||||
admin.site.register(models.Notification, NotificationAdmin)
|
||||
#admin.site.register(models.LoginAttempt, LoginAdmin)
|
||||
admin.site.register(models.LoginAttempt, LoginAdmin)
|
||||
admin.site.register(models.UserBlock)
|
||||
admin.site.register(models.AuditLog, AuditAdmin)
|
||||
admin.site.register(models.ProfileHistory, HistoryAdmin)
|
||||
|
||||
|
||||
admin.site.register(models.Yeah)
|
||||
admin.site.register(models.Follow)
|
||||
admin.site.register(models.FriendRequest)
|
||||
admin.site.register(models.Post, PostAdmin)
|
||||
admin.site.register(models.Comment, CommentAdmin)
|
||||
|
||||
admin.site.register(models.Ads, AdsAdmin)
|
||||
admin.site.register(models.Ban, BanAdmin)
|
||||
admin.site.register(models.Warning)
|
||||
|
||||
if settings.DEBUG:
|
||||
admin.site.register(models.Yeah)
|
||||
admin.site.register(models.Follow)
|
||||
admin.site.register(models.FriendRequest)
|
||||
admin.site.register(models.Friendship, ConversationAdmin)
|
||||
#admin.site.register(models.Notification)
|
||||
admin.site.register(models.Poll)
|
||||
admin.site.register(models.PollVote)
|
||||
admin.site.register(models.Ads, AdsAdmin)
|
||||
# This will show fucking everything, just don't give other people perms to see content types, sessions, and all that shit.
|
||||
# This is so the superuser, owner of the site can see everything.
|
||||
app_models = apps.get_models()
|
||||
for model in app_models:
|
||||
try:
|
||||
admin.site.register(model)
|
||||
except admin.sites.AlreadyRegistered:
|
||||
pass
|
||||
Reference in New Issue
Block a user