pinax#252 optional staff membership required with ACCOUNT_INVITE_USER…

…_STAFF_ONLY switch
cezio · May 11, 2017 · 17bf87d · 17bf87d
1 parent fb271a4
commit 17bf87d
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 8 deletions.
diff --git a/account/tests/test_views.py b/account/tests/test_views.py
@@ -360,17 +360,26 @@ def test_invitation_get_anonymous(self):
         u = User.objects.create(username="foo", is_active=True)
         resp = self.client.get(url)
         self.assertEqual(resp.status_code, 302)
-        self.assertRedirects(resp, '{}?next={}'.format(reverse('admin:login'), url))
+        self.assertRedirects(resp, '{}?next={}'.format(reverse('account_login'), url))
 
     def test_invitation_get_regular(self):
         url = reverse(AccountAppConf.INVITE_USER_URL)
         u = User.objects.create(username="foo", is_active=True)
         u.set_password(self.PASSWORD)
         u.save()
         self.client.login(username=u.username, password=self.PASSWORD)
-        resp = self.client.get(url)
-        self.assertEqual(resp.status_code, 302)
-        self.assertRedirects(resp, '{}?next={}'.format(reverse('admin:login'), url))
+
+        with self.settings(ACCOUNT_INVITE_USER_STAFF_ONLY=True):
+            resp = self.client.get(url)
+            self.assertEqual(resp.status_code, 302)
+            self.assertRedirects(resp, '{}?next={}'.format(reverse('admin:login'), url))
+
+        with self.settings(ACCOUNT_INVITE_USER_STAFF_ONLY=False):
+            self.client.login(username=u.username, password=self.PASSWORD)
+            resp = self.client.get(url)
+            self.assertEqual(resp.status_code, 200)
+            self.assertEqual(resp.template_name, ['account/invite_user.html'])
+
         #self.assertEqual(resp.template_name, ['account/invite_user.html'])
 
 

diff --git a/account/urls.py b/account/urls.py
@@ -1,7 +1,6 @@
 from __future__ import unicode_literals
 
 from django.conf.urls import url
-from django.contrib.admin.views.decorators import staff_member_required
 
 from account.views import SignupView, LoginView, LogoutView, DeleteView
 from account.views import ConfirmEmailView
@@ -20,5 +19,5 @@
     url(r"^password/reset/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/$", PasswordResetTokenView.as_view(), name="account_password_reset_token"),
     url(r"^settings/$", SettingsView.as_view(), name="account_settings"),
     url(r"^delete/$", DeleteView.as_view(), name="account_delete"),
-    url(r"^invite_user/$", staff_member_required(InviteUserView.as_view()), name="account_invite_user"),
+    url(r"^invite_user/$", InviteUserView.as_view(), name="account_invite_user"),
 ]
diff --git a/account/views.py b/account/views.py
@@ -1,6 +1,7 @@
 from __future__ import unicode_literals
 
 from django.http import Http404, HttpResponseForbidden
+from django.conf import settings as dsettings
 from django.shortcuts import redirect, get_object_or_404
 from django.utils.http import base36_to_int, int_to_base36
 from django.utils.translation import ugettext_lazy as _
@@ -9,6 +10,7 @@
 
 from django.contrib import auth, messages
 from django.contrib.auth import get_user_model
+from django.contrib.admin.views.decorators import staff_member_required
 from django.contrib.auth.hashers import make_password
 from django.contrib.auth.tokens import default_token_generator
 from django.contrib.sites.shortcuts import get_current_site
@@ -784,8 +786,6 @@ def get_context_data(self, **kwargs):
         ctx["ACCOUNT_DELETION_EXPUNGE_HOURS"] = settings.ACCOUNT_DELETION_EXPUNGE_HOURS
         return ctx
 
-
-
 
 class InviteUserView(LoginRequiredMixin, FormView):
     """ Invite a user."""
@@ -801,6 +801,13 @@ class InviteUserView(LoginRequiredMixin, FormView):
      }
     }
 
+    def dispatch(self, *args, **kwargs):
+        d = super(InviteUserView, self).dispatch
+        # when switch is on, invitation will be available for staff only
+        if getattr(dsettings, 'ACCOUNT_INVITE_USER_STAFF_ONLY', False):
+            d = staff_member_required(d)
+        return d(*args, **kwargs)
+
     def form_valid(self, form):
         code = str(uuid.uuid4())
         signup_code = form.save(commit=False)

diff --git a/docs/settings.rst b/docs/settings.rst
@@ -148,3 +148,11 @@ Default: ``list(zip(pytz.all_timezones, pytz.all_timezones))``
 =====================
 
 See full list in: https://github.com/pinax/django-user-accounts/blob/master/account/language_list.py
+
+``ACCOUNT_INVITE_USER_STAFF_ONLY``
+==================================
+
+Default: ``False``
+
+This setting restricts invitation functionality to staff members only. 
+By default, any user can invite other users.