nikdoof/test-auth
1
0
Fork 0
mirror of https://github.com/nikdoof/test-auth.git synced 2025-12-14 14:52:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't allow users to be kicked from Managed groups

Browse Source
This commit is contained in:
Andrew Williams
2011-05-29 13:35:22 +01:00
parent 90b1cffcc7
commit 071a21e704
1 changed files with 14 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
app/groups/views.py
View File

@@ -170,21 +170,22 @@ def kick_member(request, groupid, userid):
group = get_object_or_404(Group, id=groupid)
user = get_object_or_404(User, id=userid)
if user == request.user:
if user in group.groupinformation.admins.all():
group.groupinformation.admins.remove(user)
user.groups.remove(group)
update_user_access.delay(user.id)
messages.add_message(request, messages.INFO, "You have left the group %s" % group.name)
elif request.user in group.groupinformation.admins.all() or request.user.is_superuser:
if not user in group.groupinformation.admins.all():
if not group.groupinformation.type in [GROUP_TYPE_MANAGED]:
if user == request.user:
if user in group.groupinformation.admins.all():
group.groupinformation.admins.remove(user)
user.groups.remove(group)
update_user_access.delay(user.id)
messages.add_message(request, messages.INFO, "%s has been removed from %s." % (user.username, group.name))
else:
messages.add_message(request, messages.INFO, "%s is a admin of %s and cannot be removed." % (user.username, group.name))
messages.add_message(request, messages.INFO, "You have left the group %s" % group.name)
return HttpResponseRedirect(reverse('groups.views.admin_group', args=[groupid]))
elif request.user in group.groupinformation.admins.all() or request.user.is_superuser:
if not user in group.groupinformation.admins.all():
user.groups.remove(group)
update_user_access.delay(user.id)
messages.add_message(request, messages.INFO, "%s has been removed from %s." % (user.username, group.name))
else:
messages.add_message(request, messages.INFO, "%s is a admin of %s and cannot be removed." % (user.username, group.name))
return HttpResponseRedirect(reverse('groups.views.admin_group', args=[groupid]))
return HttpResponseRedirect(reverse('groups.views.group_list'))