Signed-off-by: zry <admin@z-touhou.org>

UserManage/views/user.py

@@ -174,16 +174,16 @@ def AddAdmin(request):
 @PermissionVerify()
 def EditUser(request,ID):
     user = get_user_model().objects.get(id = ID)
-
     if request.method=='POST':
-        postdata=dict(request.POST)
         if not request.POST['role']==user.role.id:
             if request.POST['username']==request.user.username:
-                postdata['role']=user.role.id
+                kwvars = {'request':request,'xerror':"您不能修改自己的角色",}
+                return render_to_response('UserManage/user.edit.error.html',kwvars,RequestContext(request))
             elif request.POST['role']=="1":
                 if not request.user.is_superuser:
-                    postdata['role']=="4"
-        form = EditUserForm(postdata,instance=user)
+                    kwvars = {'request':request,'xerror':"您无权给用户赋予网站管理员权限",}
+                    return render_to_response('UserManage/user.edit.error.html',kwvars,RequestContext(request))
+        form = EditUserForm(request.POST,instance=user)
         if form.is_valid():
             form.save() 
             return HttpResponseRedirect(reverse('listuserurl'))

templates/UserManage/user.edit.error.html

@@ -0,0 +1,17 @@
+{% extends "layout.html" %}
+
+{% block title %}
+    抱歉
+{% endblock %}
+
+{% block content %}
+<br /><br /><br /><br /><br /><br /><br />
+<div class="alert alert-danger" role="alert">
+	<center>
+		<h1>
+		编辑用户失败：{{xerror}}！
+		</h1>
+		<h3><a href="javascript:history.back();">返回之前的页面&raquo;</a></h3>
+	</center>
+</div>
+{% endblock %}