12589 fixes for add/edit user form

2025-08-25 16:56:10 -06:00 · 2023-06-20 13:04:08 -07:00 · 2023-06-20 13:04:08 -07:00 · 39608f6d83
commit 39608f6d83
parent bdfcb939f1
2 changed files with 41 additions and 16 deletions
--- a/netbox/users/forms/model_forms.py
+++ b/netbox/users/forms/model_forms.py
@ -147,6 +147,15 @@ class TokenForm(BootstrapMixin, forms.ModelForm):


 class UserForm(BootstrapMixin, forms.ModelForm):
+    password = forms.CharField(
+        widget=forms.PasswordInput(),
+        required=True,
+    )
+    confirm_password = forms.CharField(
+        widget=forms.PasswordInput(),
+        required=True,
+        help_text=_("Enter the same password as before, for verification."),
+    )
    groups = DynamicModelMultipleChoiceField(
        required=False,
        queryset=Group.objects.all()
@ -159,7 +168,7 @@ class UserForm(BootstrapMixin, forms.ModelForm):
    )

    fieldsets = (
-        ('User', ('username', 'first_name', 'last_name', 'email', )),
+        ('User', ('username', 'password', 'confirm_password', 'first_name', 'last_name', 'email', )),
        ('Groups', ('groups', )),
        ('Status', ('is_active', 'is_staff', 'is_superuser', )),
        ('Important Dates', ('last_login', 'date_joined', )),
@ -175,14 +184,40 @@ class UserForm(BootstrapMixin, forms.ModelForm):

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
+
+        # Adjust form fields depending if Add or Edit
        if self.instance.pk:
            self.fields['object_permissions'].initial = self.instance.object_permissions.all().values_list('id', flat=True)
+            self.fields['password'].disabled = True
+            self.fields['password'].required = False
+            self.fields['password'].help_text = _(
+                "Raw passwords are not stored, so there is no way to see this "
+                "user’s password, but you can change the password using "
+                '<a href="xxx">this form</a>.'
+            )
+
+            del self.fields['confirm_password']
+        else:
+            del self.fields['date_joined']
+            del self.fields['last_login']

    def save(self, *args, **kwargs):
        instance = super().save(*args, **kwargs)
        instance.object_permissions.set(self.cleaned_data['object_permissions'])
        return instance

+    def clean(self):
+        cleaned_data = super().clean()
+        instance = getattr(self, 'instance', None)
+        if not instance:
+            password = cleaned_data.get("password")
+            confirm_password = cleaned_data.get("confirm_password")
+
+            if password != confirm_password:
+                raise forms.ValidationError(
+                    "password and confirm_password does not match"
+                )
+

 class GroupForm(BootstrapMixin, forms.ModelForm):
    users = DynamicModelMultipleChoiceField(
--- a/netbox/users/views.py
+++ b/netbox/users/views.py
@ -348,20 +348,12 @@ class NetBoxUserListView(generic.ObjectListView):
    filterset_form = forms.UserFilterForm
    table = tables.UserTable

-    def get_required_permission(self):
-        return get_permission_for_model(User, 'view')
-

@register_model_view(NetBoxUser)
 class NetBoxUserView(generic.ObjectView):
    queryset = NetBoxUser.objects.all()
    template_name = 'users/user.html'

-    def get_required_permission(self):
-        # Need to override as ObjectView will query for NetBoxUser as the model
-        # but the model we need to check perms for is User
-        return get_permission_for_model(User, 'view')
-
    def get_extra_context(self, request, instance):
        # Compile changelog table
        changelog = ObjectChange.objects.restrict(request.user, 'view').filter(user=request.user).prefetch_related(
@ -380,10 +372,11 @@ class NetBoxUserEditView(generic.ObjectEditView):
    queryset = NetBoxUser.objects.all()
    form = forms.UserForm

-    def get_required_permission(self):
-        # Need to override as ObjectView will query for NetBoxUser as the model
-        # but the model we need to check perms for is User
-        return get_permission_for_model(User, self._permission_action)
+    def get(self, request, *args, **kwargs):
+        return super().get(request, *args, **kwargs)
+
+    def post(self, request, *args, **kwargs):
+        return super().post(request, *args, **kwargs)


@register_model_view(NetBoxUser, 'delete')
@ -408,9 +401,6 @@ class NetBoxUserBulkEditView(generic.BulkEditView):
    table = tables.UserTable
    form = forms.UserBulkEditForm

-    def get_required_permission(self):
-        return get_permission_for_model(User, 'change')
-

 class NetBoxUserBulkDeleteView(generic.BulkDeleteView):
    queryset = NetBoxUser.objects.all()