tcms.kiwi_auth.admin - Code Metrics - kiwitcms/Kiwi - Measure and Improve Code Quality continuously with Scrutinizer

tcms.kiwi_auth.admin B
last analyzed 2022-04-14 09:41 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	226
Duplicated Lines	0 %

Importance

Changes

Metric	Value
wmc	43
eloc	146
dl	0
loc	226
rs	8.96
c	0
b	0
f	0

16 Methods

Rating	Name	Size	Complexity
A	KiwiGroupAdmin.get_fields()	10	2
A	KiwiUserAdmin.has_change_permission()	2	1
A	KiwiUserAdmin.user_change_password()	5	1
A	KiwiUserAdmin.has_delete_permission()	7	2
A	KiwiUserAdmin.response_delete()	9	2
A	MyUserChangeForm.clean_email()	8	3
A	KiwiUserAdmin.render_change_form()	17	5
A	KiwiGroupAdmin.get_readonly_fields()	7	3
A	KiwiGroupAdmin.has_delete_permission()	4	3
A	KiwiUserAdmin.delete_view()	14	2
A	KiwiUserAdmin.has_view_permission()	5	2
A	GroupAdminForm.__init__()	5	2
A	KiwiUserAdmin.delete_model()	2	1
B	KiwiUserAdmin.get_fieldsets()	20	8
A	GroupAdminForm.save()	8	1
A	KiwiUserAdmin.get_readonly_fields()	18	4

1 Function

Rating	Name	Duplication	Size	Complexity
A	_modifying_myself()	0	2	1

How to fix Complexity

# -*- coding: utf-8 -*-

from django import forms
from django.contrib import admin
from django.contrib.admin.widgets import FilteredSelectMultiple
from django.contrib.auth import get_user_model
from django.contrib.auth.admin import GroupAdmin, UserAdmin, sensitive_post_parameters_m
from django.contrib.auth.forms import UserChangeForm
from django.contrib.auth.models import Group, Permission
from django.http import HttpResponseForbidden, HttpResponseRedirect
from django.urls import reverse
from django.utils.text import capfirst
from django.utils.translation import gettext_lazy as _

from tcms.utils.user import delete_user

User = get_user_model()  # pylint: disable=invalid-name


class MyUserChangeForm(UserChangeForm):
    """
    Enforces unique user emails.
    """

    email = forms.EmailField(required=True)

    def clean_email(self):
        query_set = User.objects.filter(email=self.cleaned_data["email"])
        if self.instance:
            query_set = query_set.exclude(pk=self.instance.pk)
        if query_set.count():
            raise forms.ValidationError(_("This email address is already in use"))

        return self.cleaned_data["email"]


def _modifying_myself(request, object_id):
    return request.user.pk == int(object_id)


class GroupAdminForm(forms.ModelForm):
    class Meta:
        model = Group
        fields = ["name", "permissions"]

    users = forms.ModelMultipleChoiceField(
        queryset=User.objects.all(),
        required=False,
        widget=FilteredSelectMultiple("users", False),
    )

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.fields["users"].label = capfirst(_("users"))
        if self.instance.pk:
            self.fields["users"].initial = self.instance.user_set.all()

    def save(self, commit=True):
        instance = super().save(commit=commit)
        instance.save()

        self.instance.user_set.set(self.cleaned_data["users"])
        self.save_m2m()

        return instance


class KiwiUserAdmin(UserAdmin):
    list_display = UserAdmin.list_display + (
        "is_active",
        "is_superuser",
        "date_joined",
        "last_login",
    )
    ordering = ["-pk"]  # same as -date_joined

    # override standard form and make the email address unique
    # even when adding users via admin panel
    form = MyUserChangeForm

    def has_change_permission(self, request, obj=None):
        return request.user.is_superuser or obj is not None

    def has_view_permission(self, request, obj=None):
        if _modifying_myself(request, getattr(obj, "pk", 0)):
            return True

        return super().has_view_permission(request, obj)

    # pylint: disable=too-many-arguments
    def render_change_form(
        self, request, context, add=False, change=False, form_url="", obj=None
    ):
        if not self.has_view_permission(request, obj):
            return HttpResponseForbidden()

        if obj and not (
            _modifying_myself(request, obj.pk) or request.user.is_superuser
        ):
            context.update(
                {
                    "show_save": False,
                    "show_save_and_continue": False,
                }
            )
        return super().render_change_form(
            request, context, add=add, change=change, form_url=form_url, obj=obj
        )

    def get_readonly_fields(self, request, obj=None):
        if request.user.is_superuser:
            return super().get_readonly_fields(request, obj)

        readonly_fields = [
            "username",
            "is_staff",
            "is_active",
            "is_superuser",
            "last_login",
            "date_joined",
            "groups",
            "user_permissions",
        ]
        if obj and not _modifying_myself(request, obj.pk):
            readonly_fields.extend(["first_name", "last_name", "email"])

        return readonly_fields

    def get_fieldsets(self, request, obj=None):
        # super-user adding new account
        if not obj and request.user.is_superuser:
            return super().get_fieldsets(request, obj)

        first_fieldset_fields = ("username",)
        if obj and _modifying_myself(request, obj.pk):
            first_fieldset_fields = first_fieldset_fields + ("password",)

        remaining_fieldsets = (
            (_("Personal info"), {"fields": ("first_name", "last_name", "email")}),
            (_("Permissions"), {"fields": ("is_active", "groups")}),
        )

        if request.user.is_superuser:
            field_sets = super().get_fieldsets(request, obj)
            if field_sets[0][0] is None and "password" in field_sets[0][1]["fields"]:
                remaining_fieldsets = field_sets[1:]

        return ((None, {"fields": first_fieldset_fields}),) + remaining_fieldsets

    @sensitive_post_parameters_m
    def user_change_password(
        self, request, id, form_url=""
    ):  # pylint: disable=redefined-builtin
        return HttpResponseRedirect(reverse("admin:password_change"))

    @admin.options.csrf_protect_m
    def delete_view(self, request, object_id, extra_context=None):
        if not _modifying_myself(request, object_id):
            return super().delete_view(request, object_id, extra_context)

        # allow deletion of the user own account
        permission = Permission.objects.get(
            content_type__app_label="auth", codename="delete_user"
        )
        try:
            request.user.user_permissions.add(permission)
            return super().delete_view(request, object_id, extra_context)
        finally:
            request.user.user_permissions.remove(permission)

    def response_delete(self, request, obj_display, obj_id):
        result = super().response_delete(request, obj_display, obj_id)

        if not _modifying_myself(request, obj_id):
            return result

        # user doesn't exist anymore so go to the index page
        # instead of returning to the user admin page
        return HttpResponseRedirect(reverse("core-views-index"))

    def has_delete_permission(self, request, obj=None):
        # allow to delete yourself without having 'delete' permission
        # explicitly assigned
        if _modifying_myself(request, getattr(obj, "pk", 0)):
            return True

        return super().has_delete_permission(request, obj)

    def delete_model(self, request, obj):
        delete_user(obj)


class KiwiGroupAdmin(GroupAdmin):
    form = GroupAdminForm

    def has_delete_permission(self, request, obj=None):
        if obj and obj.name in ["Tester", "Administrator"]:
            return False
        return super().has_delete_permission(request, obj)

    def get_fields(self, request, obj=None):
        fields = super().get_fields(request, obj=obj)
        name_index = fields.index("name")

        # make sure Name is always the first field
        if name_index > 0:
            del fields[name_index]
            fields.insert(0, "name")

        return fields

    def get_readonly_fields(self, request, obj=None):
        readonly_fields = super().get_readonly_fields(request, obj)

        if obj and obj.name in ["Tester", "Administrator"]:
            readonly_fields = readonly_fields + ("name",)

        return readonly_fields


# user admin extended functionality
admin.site.unregister(User)
admin.site.register(User, KiwiUserAdmin)
admin.site.unregister(Group)
admin.site.register(Group, KiwiGroupAdmin)


1			# -- coding: utf-8 --
2
3			from django import forms
4			from django.contrib import admin
5			from django.contrib.admin.widgets import FilteredSelectMultiple
6			from django.contrib.auth import get_user_model
7			from django.contrib.auth.admin import GroupAdmin, UserAdmin, sensitive_post_parameters_m
8			from django.contrib.auth.forms import UserChangeForm
9			from django.contrib.auth.models import Group, Permission
10			from django.http import HttpResponseForbidden, HttpResponseRedirect
11			from django.urls import reverse
12			from django.utils.text import capfirst
13			from django.utils.translation import gettext_lazy as _
14
15			from tcms.utils.user import delete_user
16
17			User = get_user_model() # pylint: disable=invalid-name
18
19
20			class MyUserChangeForm(UserChangeForm):
21			"""
22			Enforces unique user emails.
23			"""
24
25			email = forms.EmailField(required=True)
26
27			def clean_email(self):
28			query_set = User.objects.filter(email=self.cleaned_data["email"])
29			if self.instance:
30			query_set = query_set.exclude(pk=self.instance.pk)
31			if query_set.count():
32			raise forms.ValidationError(_("This email address is already in use"))
33
34			return self.cleaned_data["email"]
35
36
37			def _modifying_myself(request, object_id):
38			return request.user.pk == int(object_id)
39
40
41			class GroupAdminForm(forms.ModelForm):
42			class Meta:
43			model = Group
44			fields = ["name", "permissions"]
45
46			users = forms.ModelMultipleChoiceField(
47			queryset=User.objects.all(),
48			required=False,
49			widget=FilteredSelectMultiple("users", False),
50			)
51
52			def __init__(self, args, *kwargs):
53			super().__init__(args, *kwargs)
54			self.fields["users"].label = capfirst(_("users"))
55			if self.instance.pk:
56			self.fields["users"].initial = self.instance.user_set.all()
57
58			def save(self, commit=True):
59			instance = super().save(commit=commit)
60			instance.save()
61
62			self.instance.user_set.set(self.cleaned_data["users"])
63			self.save_m2m()
64
65			return instance
66
67
68			class KiwiUserAdmin(UserAdmin):
69			list_display = UserAdmin.list_display + (
70			"is_active",
71			"is_superuser",
72			"date_joined",
73			"last_login",
74			)
75			ordering = ["-pk"] # same as -date_joined
76
77			# override standard form and make the email address unique
78			# even when adding users via admin panel
79			form = MyUserChangeForm
80
81			def has_change_permission(self, request, obj=None):
82			return request.user.is_superuser or obj is not None
83
84			def has_view_permission(self, request, obj=None):
85			if _modifying_myself(request, getattr(obj, "pk", 0)):
86			return True
87
88			return super().has_view_permission(request, obj)
89
90			# pylint: disable=too-many-arguments
91			def render_change_form(
92			self, request, context, add=False, change=False, form_url="", obj=None
93			):
94			if not self.has_view_permission(request, obj):
95			return HttpResponseForbidden()
96
97			if obj and not (
98			_modifying_myself(request, obj.pk) or request.user.is_superuser
99			):
100			context.update(
101			{
102			"show_save": False,
103			"show_save_and_continue": False,
104			}
105			)
106			return super().render_change_form(
107			request, context, add=add, change=change, form_url=form_url, obj=obj
108			)
109
110			def get_readonly_fields(self, request, obj=None):
111			if request.user.is_superuser:
112			return super().get_readonly_fields(request, obj)
113
114			readonly_fields = [
115			"username",
116			"is_staff",
117			"is_active",
118			"is_superuser",
119			"last_login",
120			"date_joined",
121			"groups",
122			"user_permissions",
123			]
124			if obj and not _modifying_myself(request, obj.pk):
125			readonly_fields.extend(["first_name", "last_name", "email"])
126
127			return readonly_fields
128
129			def get_fieldsets(self, request, obj=None):
130			# super-user adding new account
131			if not obj and request.user.is_superuser:
132			return super().get_fieldsets(request, obj)
133
134			first_fieldset_fields = ("username",)
135			if obj and _modifying_myself(request, obj.pk):
136			first_fieldset_fields = first_fieldset_fields + ("password",)
137
138			remaining_fieldsets = (
139			(_("Personal info"), {"fields": ("first_name", "last_name", "email")}),
140			(_("Permissions"), {"fields": ("is_active", "groups")}),
141			)
142
143			if request.user.is_superuser:
144			field_sets = super().get_fieldsets(request, obj)
145			if field_sets[0][0] is None and "password" in field_sets[0][1]["fields"]:
146			remaining_fieldsets = field_sets[1:]
147
148			return ((None, {"fields": first_fieldset_fields}),) + remaining_fieldsets
149
150			@sensitive_post_parameters_m
151			def user_change_password(
152			self, request, id, form_url=""
153			): # pylint: disable=redefined-builtin
154			return HttpResponseRedirect(reverse("admin:password_change"))
155
156			@admin.options.csrf_protect_m
157			def delete_view(self, request, object_id, extra_context=None):
158			if not _modifying_myself(request, object_id):
159			return super().delete_view(request, object_id, extra_context)
160
161			# allow deletion of the user own account
162			permission = Permission.objects.get(
163			content_type__app_label="auth", codename="delete_user"
164			)
165			try:
166			request.user.user_permissions.add(permission)
167			return super().delete_view(request, object_id, extra_context)
168			finally:
169			request.user.user_permissions.remove(permission)
170
171			def response_delete(self, request, obj_display, obj_id):
172			result = super().response_delete(request, obj_display, obj_id)
173
174			if not _modifying_myself(request, obj_id):
175			return result
176
177			# user doesn't exist anymore so go to the index page
178			# instead of returning to the user admin page
179			return HttpResponseRedirect(reverse("core-views-index"))
180
181			def has_delete_permission(self, request, obj=None):
182			# allow to delete yourself without having 'delete' permission
183			# explicitly assigned
184			if _modifying_myself(request, getattr(obj, "pk", 0)):
185			return True
186
187			return super().has_delete_permission(request, obj)
188
189			def delete_model(self, request, obj):
190			delete_user(obj)
191
192
193			class KiwiGroupAdmin(GroupAdmin):
194			form = GroupAdminForm
195
196			def has_delete_permission(self, request, obj=None):
197			if obj and obj.name in ["Tester", "Administrator"]:
198			return False
199			return super().has_delete_permission(request, obj)
200
201			def get_fields(self, request, obj=None):
202			fields = super().get_fields(request, obj=obj)
203			name_index = fields.index("name")
204
205			# make sure Name is always the first field
206			if name_index > 0:
207			del fields[name_index]
208			fields.insert(0, "name")
209
210			return fields
211
212			def get_readonly_fields(self, request, obj=None):
213			readonly_fields = super().get_readonly_fields(request, obj)
214
215			if obj and obj.name in ["Tester", "Administrator"]:
216			readonly_fields = readonly_fields + ("name",)
217
218			return readonly_fields
219
220
221			# user admin extended functionality
222			admin.site.unregister(User)
223			admin.site.register(User, KiwiUserAdmin)
224			admin.site.unregister(Group)
225			admin.site.register(Group, KiwiGroupAdmin)
226

kiwitcms / Kiwi

tcms.kiwi_auth.admin B last analyzed 2022-04-14 09:41 UTC

Complexity

Size/Duplication

Importance

16 Methods

1 Function

How to fix Complexity

Complexity

Duplication Side-by-Side

Filter issues like

tcms.kiwi_auth.admin B
last analyzed 2022-04-14 09:41 UTC