From a22afe0c574cf0be301e6440f39941b8afef6d80 Mon Sep 17 00:00:00 2001 From: cuom1999 Date: Mon, 21 Aug 2023 23:21:25 -0500 Subject: [PATCH] Make change user permission stricter --- judge/admin/__init__.py | 5 ++++- judge/admin/profile.py | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/judge/admin/__init__.py b/judge/admin/__init__.py index 5150d9f..94af5aa 100644 --- a/judge/admin/__init__.py +++ b/judge/admin/__init__.py @@ -1,5 +1,6 @@ from django.contrib import admin from django.contrib.admin.models import LogEntry +from django.contrib.auth.models import User from judge.admin.comments import CommentAdmin from judge.admin.contest import ContestAdmin, ContestParticipationAdmin, ContestTagAdmin @@ -11,7 +12,7 @@ from judge.admin.interface import ( ) from judge.admin.organization import OrganizationAdmin, OrganizationRequestAdmin from judge.admin.problem import ProblemAdmin, ProblemPointsVoteAdmin -from judge.admin.profile import ProfileAdmin +from judge.admin.profile import ProfileAdmin, UserAdmin from judge.admin.runtime import JudgeAdmin, LanguageAdmin from judge.admin.submission import SubmissionAdmin from judge.admin.taxon import ProblemGroupAdmin, ProblemTypeAdmin @@ -66,3 +67,5 @@ admin.site.register(Submission, SubmissionAdmin) admin.site.register(Ticket, TicketAdmin) admin.site.register(VolunteerProblemVote, VolunteerProblemVoteAdmin) admin.site.register(Course) +admin.site.unregister(User) +admin.site.register(User, UserAdmin) diff --git a/judge/admin/profile.py b/judge/admin/profile.py index d19a80b..422fc5d 100644 --- a/judge/admin/profile.py +++ b/judge/admin/profile.py @@ -3,6 +3,7 @@ from django.forms import ModelForm from django.utils.html import format_html from django.utils.translation import gettext, gettext_lazy as _, ungettext from reversion.admin import VersionAdmin +from django.contrib.auth.admin import UserAdmin as OldUserAdmin from django_ace import AceWidget from judge.models import Profile @@ -167,3 +168,38 @@ class ProfileAdmin(VersionAdmin): "javascript", request.profile.ace_theme ) return form + + +class UserAdmin(OldUserAdmin): + # Customize the fieldsets for adding and editing users + fieldsets = ( + (None, {"fields": ("username", "password")}), + ("Personal Info", {"fields": ("first_name", "last_name", "email")}), + ( + "Permissions", + { + "fields": ( + "is_active", + "is_staff", + "is_superuser", + "groups", + "user_permissions", + ) + }, + ), + ("Important dates", {"fields": ("last_login", "date_joined")}), + ) + + readonly_fields = ("last_login", "date_joined") + + def get_readonly_fields(self, request, obj=None): + fields = self.readonly_fields + if not request.user.is_superuser: + fields += ( + "is_staff", + "is_active", + "is_superuser", + "groups", + "user_permissions", + ) + return fields