From 39608f6d837bb333cba65acb95b5077319ae2d48 Mon Sep 17 00:00:00 2001
From: Arthur <worldnomad@gmail.com>
Date: Tue, 20 Jun 2023 13:04:08 -0700
Subject: [PATCH] 12589 fixes for add/edit user form

---
 netbox/users/forms/model_forms.py | 37 ++++++++++++++++++++++++++++++-
 netbox/users/views.py             | 20 +++++------------
 2 files changed, 41 insertions(+), 16 deletions(-)

diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py
index 9346481be..6a2921b60 100644
--- a/netbox/users/forms/model_forms.py
+++ b/netbox/users/forms/model_forms.py
@@ -147,6 +147,15 @@ class TokenForm(BootstrapMixin, forms.ModelForm):
 
 
 class UserForm(BootstrapMixin, forms.ModelForm):
+    password = forms.CharField(
+        widget=forms.PasswordInput(),
+        required=True,
+    )
+    confirm_password = forms.CharField(
+        widget=forms.PasswordInput(),
+        required=True,
+        help_text=_("Enter the same password as before, for verification."),
+    )
     groups = DynamicModelMultipleChoiceField(
         required=False,
         queryset=Group.objects.all()
@@ -159,7 +168,7 @@ class UserForm(BootstrapMixin, forms.ModelForm):
     )
 
     fieldsets = (
-        ('User', ('username', 'first_name', 'last_name', 'email', )),
+        ('User', ('username', 'password', 'confirm_password', 'first_name', 'last_name', 'email', )),
         ('Groups', ('groups', )),
         ('Status', ('is_active', 'is_staff', 'is_superuser', )),
         ('Important Dates', ('last_login', 'date_joined', )),
@@ -175,14 +184,40 @@ class UserForm(BootstrapMixin, forms.ModelForm):
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
+
+        # Adjust form fields depending if Add or Edit
         if self.instance.pk:
             self.fields['object_permissions'].initial = self.instance.object_permissions.all().values_list('id', flat=True)
+            self.fields['password'].disabled = True
+            self.fields['password'].required = False
+            self.fields['password'].help_text = _(
+                "Raw passwords are not stored, so there is no way to see this "
+                "user’s password, but you can change the password using "
+                '<a href="xxx">this form</a>.'
+            )
+
+            del self.fields['confirm_password']
+        else:
+            del self.fields['date_joined']
+            del self.fields['last_login']
 
     def save(self, *args, **kwargs):
         instance = super().save(*args, **kwargs)
         instance.object_permissions.set(self.cleaned_data['object_permissions'])
         return instance
 
+    def clean(self):
+        cleaned_data = super().clean()
+        instance = getattr(self, 'instance', None)
+        if not instance:
+            password = cleaned_data.get("password")
+            confirm_password = cleaned_data.get("confirm_password")
+
+            if password != confirm_password:
+                raise forms.ValidationError(
+                    "password and confirm_password does not match"
+                )
+
 
 class GroupForm(BootstrapMixin, forms.ModelForm):
     users = DynamicModelMultipleChoiceField(
diff --git a/netbox/users/views.py b/netbox/users/views.py
index 5412e8dcb..329fe3355 100644
--- a/netbox/users/views.py
+++ b/netbox/users/views.py
@@ -348,20 +348,12 @@ class NetBoxUserListView(generic.ObjectListView):
     filterset_form = forms.UserFilterForm
     table = tables.UserTable
 
-    def get_required_permission(self):
-        return get_permission_for_model(User, 'view')
-
 
 @register_model_view(NetBoxUser)
 class NetBoxUserView(generic.ObjectView):
     queryset = NetBoxUser.objects.all()
     template_name = 'users/user.html'
 
-    def get_required_permission(self):
-        # Need to override as ObjectView will query for NetBoxUser as the model
-        # but the model we need to check perms for is User
-        return get_permission_for_model(User, 'view')
-
     def get_extra_context(self, request, instance):
         # Compile changelog table
         changelog = ObjectChange.objects.restrict(request.user, 'view').filter(user=request.user).prefetch_related(
@@ -380,10 +372,11 @@ class NetBoxUserEditView(generic.ObjectEditView):
     queryset = NetBoxUser.objects.all()
     form = forms.UserForm
 
-    def get_required_permission(self):
-        # Need to override as ObjectView will query for NetBoxUser as the model
-        # but the model we need to check perms for is User
-        return get_permission_for_model(User, self._permission_action)
+    def get(self, request, *args, **kwargs):
+        return super().get(request, *args, **kwargs)
+
+    def post(self, request, *args, **kwargs):
+        return super().post(request, *args, **kwargs)
 
 
 @register_model_view(NetBoxUser, 'delete')
@@ -408,9 +401,6 @@ class NetBoxUserBulkEditView(generic.BulkEditView):
     table = tables.UserTable
     form = forms.UserBulkEditForm
 
-    def get_required_permission(self):
-        return get_permission_for_model(User, 'change')
-
 
 class NetBoxUserBulkDeleteView(generic.BulkDeleteView):
     queryset = NetBoxUser.objects.all()