Allow staff to update other users' access

sso/urls.py

@@ -13,6 +13,7 @@ urlpatterns = patterns('',
     (r'^profile/reset/service/(?P<serviceid>\d+)/(?P<accept>\d+)$', views.service_reset),
     (r'^profile/apipassword/', views.set_apipasswd),
     (r'^profile/refresh/', views.refresh_access),
+    (r'^profile/refresh/(?P<userid>\d+)/', views.refresh_access),
     (r'^users/(?P<username>.*)/$', views.user_view),
     (r'^users/$', views.user_lookup),
 )

sso/views.py

@@ -232,10 +232,12 @@ def set_apipasswd(request):
 
 
 @login_required
-def refresh_access(request):
+def refresh_access(request, userid=0):
     """ Refreshes the user's access """
 
-    if request.user:
+    if userid and request.user.is_staff:
+        update_user_access(userid)
+    elif request.user:
         update_user_access(request.user.id)
         messages.add_message(request, messages.INFO, "User access updated.")
     return redirect('sso.views.profile')