From ddebf43d3777d059bebc3979e950fb6ce0099ed9 Mon Sep 17 00:00:00 2001
From: Jacek Lebioda <jacek.lebioda@uni.lu>
Date: Wed, 23 Feb 2022 15:54:18 +0100
Subject: [PATCH] feat: small improvements for managing users in django-admin

---
 elixir_daisy/settings.py  |  3 +++
 web/admin.py              | 47 ++++++++++++++++++++++++++-------------
 web/templates/navbar.html |  1 +
 3 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/elixir_daisy/settings.py b/elixir_daisy/settings.py
index 50749940..4a156459 100644
--- a/elixir_daisy/settings.py
+++ b/elixir_daisy/settings.py
@@ -341,6 +341,9 @@
 # ID service
 IDSERVICE_FUNCTION = 'web.views.utils.generate_elu_accession'
 
+# Should the superuser be able to change the passwords in django-admin
+ENABLE_PASSWORD_CHANGE_IN_ADMIN = False
+
 # Import local settings to override those values based on the deployment environment
 try:
     from .settings_local import *
diff --git a/web/admin.py b/web/admin.py
index efc957f0..52e60f81 100644
--- a/web/admin.py
+++ b/web/admin.py
@@ -1,4 +1,5 @@
 from django import forms
+from django.conf import settings
 from django.contrib import admin
 from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
 from django.contrib.auth.forms import ReadOnlyPasswordHashField
@@ -111,37 +112,51 @@ def save(self, commit=True):
         return user
 
 
+user_change_form_fields = (
+    'username', 'email', 'password', 'is_active', 
+    'source', 'first_name', 'last_name', 'full_name', 
+    'is_staff', 'is_superuser', 'groups', 
+    'user_permissions', 'date_joined', 'last_login'
+)
+user_admin_fieldset_row = (None, {'fields': ('username', 'email', 'password', 'is_active', 'source')}, )
+
+if getattr(settings, 'ENABLE_PASSWORD_CHANGE_IN_ADMIN', False):
+    user_change_form_fields = user_change_form_fields + ('change_password', )
+    user_admin_fieldset_row = (None, {'fields': ('username', 'email', 'password', 'change_password', 'is_active', 'source')}, )
+
+
 class UserChangeForm(forms.ModelForm):
     """A form for updating users. Includes all the fields on
     the user, but replaces the password field with admin's
     password hash display field.
     """
     password = ReadOnlyPasswordHashField(help_text='This field contains hashed and salted value')
-    #change_password = forms.CharField(label='Set new password:', 
-    #                                  help_text='Leave empty if no change is needed',
-    #                                  widget=forms.PasswordInput)
+
+    
+    if getattr(settings, 'ENABLE_PASSWORD_CHANGE_IN_ADMIN', False):
+        change_password = forms.CharField(
+            label='Set new password:', 
+            help_text='Leave empty if no change is needed',
+            required=False,
+            widget=forms.PasswordInput
+        )
 
     class Meta:
         model = User
-        fields = (
-            'username', 'email', 'password', 'is_active', 
-            'source', 'first_name', 'last_name', 'full_name', 
-            'is_staff', 'is_superuser', 'groups', 
-            'user_permissions', 'date_joined', 'last_login'
-        )
+        fields = user_change_form_fields
 
     def clean_password(self):
        # Regardless of what the user provides, return the initial value.
         # This is done here, rather than on the field, because the
         # field does not have access to the initial value
-        print(self.initial["password"])
         return self.initial["password"]
 
     def save(self, commit=True):
         user = super(UserChangeForm, self).save(commit=False)
 
-        # if len(self.cleaned_data["change_password"]):
-        #    user.set_password(self.cleaned_data["change_password"])
+        if getattr(settings, 'ENABLE_PASSWORD_CHANGE_IN_ADMIN', False):
+            if len(self.cleaned_data["change_password"]):
+                user.set_password(self.cleaned_data["change_password"])
 
         if commit:
             user.save()
@@ -154,11 +169,11 @@ class UserAdmin(BaseUserAdmin):
     add_form = UserCreationForm  # Form to add new user
 
     # The fields to be used in displaying the User model in `/admin/core/user/`
-    list_display = ('email', 'full_name', 'source', 'is_staff', 'is_superuser')
+    list_display = ('id', 'full_name', 'email', 'source', 'is_staff', 'is_superuser', 'oidc_id')
 
     # Sections in the Edit page
     fieldsets = (
-        (None, {'fields': ('username', 'email', 'password', 'is_active', 'source')}),
+        user_admin_fieldset_row,
         ('Personal info', {'fields': ('first_name', 'last_name', 'full_name', 'oidc_id')}),
         ('Permissions', {'fields': ('is_staff', 'is_superuser', 'groups', 'user_permissions')}),
         ('Additional metdata', {'fields': ('date_joined', 'last_login', 'api_key')}),
@@ -173,8 +188,8 @@ class UserAdmin(BaseUserAdmin):
         ),
     )
 
-    search_fields = ('email',)
-    ordering = ('email',)
+    search_fields = ('full_name', 'email',)
+    ordering = ('full_name',)
     filter_horizontal = ()
 
 # User
diff --git a/web/templates/navbar.html b/web/templates/navbar.html
index 7d29b5d1..1446c9d3 100644
--- a/web/templates/navbar.html
+++ b/web/templates/navbar.html
@@ -67,6 +67,7 @@
                             {% endif %}
                             {% if request.user.is_superuser %}
                                 <a class="dropdown-item" href="{% url 'users' %}">manage users</a>
+                                <a class="dropdown-item" href="{% url 'admin:index' %}">django-admin</a>
                             {% endif %}
                             {% if request.user.source.name == 'MANUAL' %}
                                 <a class="dropdown-item" href="{% url 'users_change_password'%}">change password</a>