Make change user permission stricter

2023-08-21 23:21:25 -05:00 · 2023-08-21 23:21:25 -05:00 · a22afe0c57
commit a22afe0c57
parent 105b7e3c75
2 changed files with 40 additions and 1 deletions
--- a/judge/admin/init.py
+++ b/judge/admin/init.py
@ -1,5 +1,6 @@
 from django.contrib import admin
 from django.contrib.admin.models import LogEntry
+from django.contrib.auth.models import User

 from judge.admin.comments import CommentAdmin
 from judge.admin.contest import ContestAdmin, ContestParticipationAdmin, ContestTagAdmin
@ -11,7 +12,7 @@ from judge.admin.interface import (
 )
 from judge.admin.organization import OrganizationAdmin, OrganizationRequestAdmin
 from judge.admin.problem import ProblemAdmin, ProblemPointsVoteAdmin
-from judge.admin.profile import ProfileAdmin
+from judge.admin.profile import ProfileAdmin, UserAdmin
 from judge.admin.runtime import JudgeAdmin, LanguageAdmin
 from judge.admin.submission import SubmissionAdmin
 from judge.admin.taxon import ProblemGroupAdmin, ProblemTypeAdmin
@ -66,3 +67,5 @@ admin.site.register(Submission, SubmissionAdmin)
 admin.site.register(Ticket, TicketAdmin)
 admin.site.register(VolunteerProblemVote, VolunteerProblemVoteAdmin)
 admin.site.register(Course)
+admin.site.unregister(User)
+admin.site.register(User, UserAdmin)
--- a/judge/admin/profile.py
+++ b/judge/admin/profile.py
@ -3,6 +3,7 @@ from django.forms import ModelForm
 from django.utils.html import format_html
 from django.utils.translation import gettext, gettext_lazy as _, ungettext
 from reversion.admin import VersionAdmin
+from django.contrib.auth.admin import UserAdmin as OldUserAdmin

 from django_ace import AceWidget
 from judge.models import Profile
@ -167,3 +168,38 @@ class ProfileAdmin(VersionAdmin):
                "javascript", request.profile.ace_theme
            )
        return form
+
+
+class UserAdmin(OldUserAdmin):
+    # Customize the fieldsets for adding and editing users
+    fieldsets = (
+        (None, {"fields": ("username", "password")}),
+        ("Personal Info", {"fields": ("first_name", "last_name", "email")}),
+        (
+            "Permissions",
+            {
+                "fields": (
+                    "is_active",
+                    "is_staff",
+                    "is_superuser",
+                    "groups",
+                    "user_permissions",
+                )
+            },
+        ),
+        ("Important dates", {"fields": ("last_login", "date_joined")}),
+    )
+
+    readonly_fields = ("last_login", "date_joined")
+
+    def get_readonly_fields(self, request, obj=None):
+        fields = self.readonly_fields
+        if not request.user.is_superuser:
+            fields += (
+                "is_staff",
+                "is_active",
+                "is_superuser",
+                "groups",
+                "user_permissions",
+            )
+        return fields