[sysadmin] Update some user operations

2025-08-18 23:18:27 +00:00 · 2015-08-27 17:01:23 +08:00 · 2015-08-27 17:01:23 +08:00 · 73e2d97f26
commit 73e2d97f26
parent ab6014748b
3 changed files with 49 additions and 17 deletions
--- a/media/js/base.js
+++ b/media/js/base.js
@ -249,6 +249,29 @@ function addConfirmTo(op_ele, popup) {
    });
 }

+// Similar to ``addConfirmto``, instead using form post when user confirms.
+function addConfirmTo_POST(op_ele, popup) {
+    op_ele.click(function() {
+        var con = '';
+        if ($(this).data('target') && popup['con'].indexOf('%s') != -1) {
+            con = popup['con'].replace('%s', '<span class="op-target">' + HTMLescape($(this).data('target')) + '</span>');
+        } else {
+            con = popup['con'];
+        }
+        $('#confirm-con').html('<h3>' + popup['title'] + '</h3><p>' + con + '</p>');
+        $('#confirm-popup').modal({appendTo:'#main'});
+        $('#simplemodal-container').css({'height':'auto'});
+        $('#confirm-yes').data('url', $(this).data('url')).click(function() {
+            $('<form>', {
+                "method": 'POST',
+                "action": $(this).data('url'),
+                "html": '<input name="csrfmiddlewaretoken" value="' + getCookie('csrftoken') + '" type="hidden">'
+            }).appendTo(document.body).submit();
+        });
+        return false;//in case op_ele is '<a>'
+    });
+}
+
 /*
 * func: add autocomplete to some input ele
 * @param ele_id: autocomplete is added to this ele(ment), e.g-'#xxx'
@ -477,22 +500,23 @@ function e(str) {
    return encodeURIComponent(str);
 }

-function prepareCSRFToken(xhr, settings) {
-    function getCookie(name) {
-        var cookieValue = null;
-        if (document.cookie && document.cookie != '') {
-            var cookies = document.cookie.split(';');
-            for (var i = 0; i < cookies.length; i++) {
-                var cookie = jQuery.trim(cookies[i]);
-                // Does this cookie string begin with the name we want?
-                if (cookie.substring(0, name.length + 1) == (name + '=')) {
-                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
-                    break;
-                }
+function getCookie(name) {
+    var cookieValue = null;
+    if (document.cookie && document.cookie != '') {
+        var cookies = document.cookie.split(';');
+        for (var i = 0; i < cookies.length; i++) {
+            var cookie = jQuery.trim(cookies[i]);
+            // Does this cookie string begin with the name we want?
+            if (cookie.substring(0, name.length + 1) == (name + '=')) {
+                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                break;
            }
        }
-        return cookieValue;
    }
+    return cookieValue;
+}
+
+function prepareCSRFToken(xhr, settings) {
    if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
        // Only send the token to relative URLs i.e. locally.
        xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
--- a/seahub/templates/sysadmin/useradmin_js.html
+++ b/seahub/templates/sysadmin/useradmin_js.html
@ -1,13 +1,13 @@
 {% load i18n%}
-addConfirmTo($('.remove-user-btn'), {
+addConfirmTo_POST($('.remove-user-btn'), {
        'title':"{% trans "Delete User" %}",
        'con':"{% trans "Are you sure you want to delete %s ?" %}"
 });
-addConfirmTo($('.reset-user-btn'), {
+addConfirmTo_POST($('.reset-user-btn'), {
        'title':"{% trans "Password Reset" %}",
        'con':"{% trans "Are you sure you want to reset the password of %s ?" %}"
 });
-addConfirmTo($('.revoke-admin-btn'), {
+addConfirmTo_POST($('.revoke-admin-btn'), {
        'title':"{% trans "Revoke Admin" %}",
        'con':"{% trans "Are you sure you want to revoke the admin permission of %s ?" %}"
 });
--- a/seahub/views/sysadmin.py
+++ b/seahub/views/sysadmin.py
@ -28,7 +28,6 @@ from seahub.auth.decorators import login_required, login_required_ajax
 from seahub.constants import GUEST_USER, DEFAULT_USER
 from seahub.utils import IS_EMAIL_CONFIGURED, string2list, is_valid_username, \
    is_pro_version
-from seahub.utils.rpc import mute_seafile_api
 from seahub.utils.licenseparse import parse_license
 from seahub.views import get_system_default_repo_id
 from seahub.forms import SetUserQuotaForm, AddUserForm, BatchAddUserForm
@ -730,6 +729,9 @@ def sys_org_set_quota(request, org_id):
@sys_staff_required
 def user_remove(request, email):
    """Remove user"""
+    if request.method != 'POST':
+        raise Http404
+
    referer = request.META.get('HTTP_REFERER', None)
    next = reverse('sys_useradmin') if referer is None else referer

@ -793,6 +795,9 @@ def remove_trial(request, user_or_org):
@sys_staff_required
 def user_remove_admin(request, email):
    """Unset user admin."""
+    if request.method != 'POST':
+        raise Http404
+
    try:
        user = User.objects.get(email=email)
        user.is_staff = False
@ -931,6 +936,9 @@ def send_user_reset_email(request, email, password):
@sys_staff_required
 def user_reset(request, email):
    """Reset password for user."""
+    if request.method != 'POST':
+        raise Http404
+
    try:
        user = User.objects.get(email=email)
        if isinstance(INIT_PASSWD, FunctionType):