tildaslash · ak4t0sh · Aug 25, 2015 · Aug 25, 2015 · Aug 25, 2015 · Aug 27, 2015
diff --git a/cred/templates/cred_detail.html b/cred/templates/cred_detail.html
@@ -83,17 +83,17 @@ <h1>{% cred_icon cred.iconname %} {{ cred.title }}</h1>
 </table>
 
 
-
-<strong>{% trans "Description:" %}</strong>
-{% if cred.descriptionmarkdown %}
-  <div class="creddescription">
-   {% markdown_cred cred.description %}
-  </div>
-{% else %}
-  <pre>{{ cred.description }}</pre>
+{% if cred.description %}
+    <strong>{% trans "Description:" %}</strong>
+    {% if cred.descriptionmarkdown %}
+      <div class="creddescription">
+       {% markdown_cred cred.description %}
+      </div>
+    {% else %}
+      <pre>{{ cred.description }}</pre>
+    {% endif %}
 {% endif %}
 
-
 {% if delete %}
     <form action="" method="post">{% csrf_token %}
         <input type="submit" class="btn btn-danger" value="{% trans "Delete" %}" />

diff --git a/ratticweb/static/rattic/js/newcore.js b/ratticweb/static/rattic/js/newcore.js
@@ -673,6 +673,17 @@ var RATTIC = (function ($, ZeroClipboard) {
     });
   };
 
+  /* Make the user select boxes be awesome */
+  my.controls.userSelectors = function (selectors) {
+    var options = {
+      valueField: 'id',
+      labelField: 'name',
+      searchField: 'name',
+      plugins: ['remove_button']
+    };
+    selectors.selectize(options);
+  };
+
   /* Make the tag select boxes be awesome */
   my.controls.groupSelectors = function (selectors) {
     var options = {
@@ -764,6 +775,9 @@ $(document).ready(function () {
   // A Group selector that will create for staff members
   RATTIC.controls.groupSelectors($('.rattic-group-selector'));
 
+  // A User selector
+  RATTIC.controls.userSelectors($('.rattic-user-selector'));
+
   // Button that submits a form indicated by a data attribute
   RATTIC.controls.formSubmitById($('.rattic-form-submit-by-id'));
 

diff --git a/staff/models.py b/staff/models.py
@@ -91,3 +91,24 @@ def clean(self):
             del cleaned_data['password']
 
         return cleaned_data
+
+class GroupManageUsersAddUserForm(forms.ModelForm):
+    class Meta:
+        model = Group
+        fields=('users',)
+    users = forms.ModelMultipleChoiceField(
+        queryset=User.objects.all(),
+        widget=forms.SelectMultiple(attrs={'class': 'rattic-user-selector'})
+    )
+
+    def __init__(self, *args, **kwargs):
+        super(GroupManageUsersAddUserForm, self).__init__(*args, **kwargs)
+        self.fields['users'].queryset = User.objects.exclude(groups=self.instance)
+
+    def save(self, *args, **kwargs):
+        group = Group.objects.get(id=self.instance.id)
+        newusers = self.cleaned_data['users']
+        for user in newusers:
+            group.user_set.add(user)
+        self.instance=group
+        return super(GroupManageUsersAddUserForm, self).save(*args, **kwargs)
diff --git a/staff/templates/staff_groupdetail.html b/staff/templates/staff_groupdetail.html
@@ -11,6 +11,7 @@ <h1>{% trans "Group" %} {{ group.name }}</h1>
 {% if not USE_LDAP_GROUPS %}
 <div class="btn-group">
     <a class="btn" href="{% url "staff.views.groupedit" group.id %}">{% trans "Edit" %}</a>
+    <a class="btn" href="{% url "staff.views.groupmanageusers" group.id %}">{% trans "Manage users" %}</a>
     <a class="btn btn-danger" href="{% url "staff.views.groupdelete" group.id %}">{% trans "Delete" %}</a> 
 </div>
 <br /><br />

diff --git a/staff/templates/staff_groupmanageusers.html b/staff/templates/staff_groupmanageusers.html
@@ -0,0 +1,41 @@
+{% extends "base.html" %}
+{% load url from future %}
+{% load i18n %}
+
+{% block content %}
+    <h1>{% trans "User management for group" %}: {{ group.name }}</h1>
+    {% if deleteduser %}
+        <div class="alert alert-info">
+            {{ deleteduser.username }} {% trans "deleted" %}
+        </div>
+    {% endif %}
+    <h2>{% trans "Add users" %}</h2>
+    <form class="form-horizontal" action="" method="post">{% csrf_token %}
+        {% for field in form %}
+            <div class="control-group">
+                {{ field.errors }}
+                <label class="control-label" for="{{ field.html_name }}">{{ field.label }}</label>
+                <div class="controls">
+                    {{ field }}
+                </div>
+            </div>
+        {% endfor %}
+        <div class="controls">
+            <input class="btn btn-primary" type="submit" value="{% trans "Submit" %}" />
+        </div>
+    </form>
+    <h2>{% trans "Enrolled Users" %} ({{ group.user_set.all|length }})</h2>
+    <table class="table table-striped table-bordered table-condensed">
+        <tr>
+            <th>{% trans "User" %}</th>
+            <th>{% trans "Delete" %}</th>
+        </tr>
+
+        {% for u in group.user_set.all %}
+            <tr>
+                <td><a href="{% url "staff.views.userdetail" u.id %}">{{ u.username }}</a></td>
+                <td><a href="{% url "staff.views.groupmanageusers" group.id u.id %}">{% trans "Delete" %}</a></td>
+            </tr>
+        {% endfor %}
+    </table>
+{% endblock %}
diff --git a/staff/templates/staff_home.html b/staff/templates/staff_home.html
@@ -27,6 +27,7 @@ <h2>{% trans "Users" %}</h2>
     <th>{% trans "email" %}</th>
     {% if not LDAP_ENABLED %}
     <th>{% trans "Edit" %}</th>
+    <th>{% trans "Toggle status" %}</th>
     <th>{% trans "Delete" %}</th>
     {% endif %}
   </tr>
@@ -36,6 +37,13 @@ <h2>{% trans "Users" %}</h2>
   <td>{{ u.email }}</td>
   {% if not LDAP_ENABLED %}
   <td><a href="{% url "user_edit" u.id %}">{% trans "Edit" %}</a></td>
+  <td>
+      {% if not u.is_active %}
+          <a href="{% url "staff.views.usertogglestatus" u.id %}">{% trans "Enable" %}</a>
+      {% else %}
+          <a href="{% url "staff.views.usertogglestatus" u.id %}">{% trans "Disable" %}</a>
+      {% endif %}
+  </td>
   <td><a href="{% url "staff.views.userdelete" u.id %}">{% trans "Delete" %}</a></td>
   {% endif %}
 </tr>
@@ -44,12 +52,22 @@ <h2>{% trans "Users" %}</h2>
 
 <h2>{% trans "Access Groups" %}</h2>
 <table class="table table-striped table-bordered table-condensed">
-  <tr><th>{% trans "Name" %}</th>{% if not USE_LDAP_GROUPS %}<th>{% trans "Edit" %}</th><th>{% trans "Delete" %}</th>{% endif %}</tr>
+  <tr>
+      <th>{% trans "Name" %}</th>
+      <th>{% trans "Users" %}</th>
+      {% if not USE_LDAP_GROUPS %}
+          <th>{% trans "Edit" %}</th>
+          <th>{% trans "Manage users" %}</th>
+          <th>{% trans "Delete" %}</th>
+      {% endif %}
+  </tr>
 {% for g in grouplist %}
 <tr>
   <td><a href="{% url "staff.views.groupdetail" g.id %}">{{ g.name }}</a></td>
+  <td>{{ g.user_set.all|length }}</td>
   {% if not USE_LDAP_GROUPS %}
     <td><a href="{% url "staff.views.groupedit" g.id %}">{% trans "Edit" %}</a></td>
+    <td><a href="{% url "staff.views.groupmanageusers" g.id %}">{% trans "Manage users" %}</a></td>
     <td><a href="{% url "staff.views.groupdelete" g.id %}">{% trans "Delete" %}</a></td>
   {% endif %}
 </tr>

diff --git a/staff/urls.py b/staff/urls.py
@@ -31,7 +31,10 @@
         url(r'^groupadd/$', 'groupadd'),
         url(r'^groupedit/(?P<gid>\d+)/$', 'groupedit'),
         url(r'^groupdelete/(?P<gid>\d+)/$', 'groupdelete'),
+        url(r'^groupmanageusers/(?P<gid>\d+)/$', 'groupmanageusers'),
+        url(r'^groupmanageusers/(?P<gid>\d+)/(?P<delete>\d+)/$', 'groupmanageusers'),
         url(r'^useredit/(?P<pk>\d+)/$', UpdateUser.as_view(), name="user_edit"),
+        url(r'^usertogglestatus/(?P<uid>\d+)/$', 'usertogglestatus'),
         url(r'^userdelete/(?P<uid>\d+)/$', 'userdelete'),
     )
 

diff --git a/staff/views.py b/staff/views.py
@@ -17,7 +17,7 @@
 from cred.icon import get_icon_list
 from cred.models import CredAudit, Cred, Tag
 from cred.forms import CredForm
-from models import UserForm, GroupForm, KeepassImportForm, AuditFilterForm
+from models import UserForm, GroupForm, GroupManageUsersAddUserForm, KeepassImportForm, AuditFilterForm
 from decorators import rattic_staff_required
 
 
@@ -90,6 +90,32 @@ def groupdelete(request, gid):
         return HttpResponseRedirect(reverse('staff.views.home'))
     return render(request, 'staff_groupdetail.html', {'group': group, 'delete': True})
 
+@rattic_staff_required
+def groupmanageusers(request, gid, delete=0):
+    group = get_object_or_404(Group, pk=gid)
+    if request.method == 'POST':
+        form = GroupManageUsersAddUserForm(request.POST, instance=group)
+        if form.is_valid():
+            form.save()
+            return HttpResponseRedirect(reverse('staff.views.home'))
+    else:
+        form = GroupManageUsersAddUserForm(instance=group)
+        if delete:
+            user = get_object_or_404(User, pk=delete)
+            group.user_set.remove(user)
+            return render(request, 'staff_groupmanageusers.html', {'group': group, 'form': form, 'deleteduser': user})
+    return render(request, 'staff_groupmanageusers.html', {'group': group, 'form': form})
+
+@rattic_staff_required
+def usertogglestatus(request, uid):
+    user = get_object_or_404(User, pk=uid)
+    user.is_active = not user.is_active
+    user.save()
+
+    if not user.is_active:
+        return HttpResponseRedirect(reverse('cred.views.list', args=('changeadvice', uid)))
+    else:
+        return HttpResponseRedirect(reverse('staff.views.home'))
 
 @rattic_staff_required
 def userdelete(request, uid):