From dd8422d83a21c1679da06adcf2f8ad713eff4805 Mon Sep 17 00:00:00 2001
From: Andrew Williams <andy@tensixtyone.com>
Date: Wed, 9 Feb 2011 17:07:31 +0000
Subject: [PATCH] Allow staff to update other users' access

---
 sso/urls.py  | 1 +
 sso/views.py | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/sso/urls.py b/sso/urls.py
index b191f79..55e0f96 100644
--- a/sso/urls.py
+++ b/sso/urls.py
@@ -13,6 +13,7 @@ urlpatterns = patterns('',
     (r'^profile/reset/service/(?P<serviceid>\d+)/(?P<accept>\d+)$', views.service_reset),
     (r'^profile/apipassword/', views.set_apipasswd),
     (r'^profile/refresh/', views.refresh_access),
+    (r'^profile/refresh/(?P<userid>\d+)/', views.refresh_access),
     (r'^users/(?P<username>.*)/$', views.user_view),
     (r'^users/$', views.user_lookup),
 )
diff --git a/sso/views.py b/sso/views.py
index 7dc839c..dd287f4 100644
--- a/sso/views.py
+++ b/sso/views.py
@@ -232,10 +232,12 @@ def set_apipasswd(request):
 
 
 @login_required
-def refresh_access(request):
+def refresh_access(request, userid=0):
     """ Refreshes the user's access """
 
-    if request.user:
+    if userid and request.user.is_staff:
+        update_user_access(userid)
+    elif request.user:
         update_user_access(request.user.id)
         messages.add_message(request, messages.INFO, "User access updated.")
     return redirect('sso.views.profile')