From f8593776c0f0474aae0d8b93cd1be28526adf440 Mon Sep 17 00:00:00 2001
From: Matthew Grove <me@mgrove.uk>
Date: Sun, 12 Mar 2023 15:39:03 +0000
Subject: [PATCH] [FEAT] Allow admins to manage relationships for all Persons

All Persons now have associated Users, meaning Users can be hijacked by admins to manage the relationships for the associated Person.
---
 people/templates/people/person/create.html    |  6 +++++-
 .../templates/people/person/detail_full.html  |  4 ++--
 people/views/person.py                        | 19 +++++++++++++++++--
 people/views/relationship.py                  |  2 +-
 4 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/people/templates/people/person/create.html b/people/templates/people/person/create.html
index 4c38b2f..8c759d9 100644
--- a/people/templates/people/person/create.html
+++ b/people/templates/people/person/create.html
@@ -10,7 +10,11 @@
         </ol>
     </nav>
 
-    <h1>New Person</h1>
+    {% if request.user.has_person %}
+        <h1>New Person</h1>
+    {% else %}
+        <h1>Create Your Profile</h1>
+    {% endif %}
 
     <hr>
 
diff --git a/people/templates/people/person/detail_full.html b/people/templates/people/person/detail_full.html
index e1924f2..e125137 100755
--- a/people/templates/people/person/detail_full.html
+++ b/people/templates/people/person/detail_full.html
@@ -73,8 +73,8 @@
     {% if request.user.is_superuser and person.user and person.user != request.user %}
     <form action="{% url 'hijack:acquire' %}" method="POST">
         {% csrf_token %}
-        <input type="hidden" name="user_pk" value="{{ person.pk }}">
-            <button class="btn btn-warning" type="submit">Become {{ person.name }}</button>
+        <input type="hidden" name="user_pk" value="{{ person.user.pk }}">
+        <button class="btn btn-warning" type="submit">Become {{ person.name }}</button>
         <input type="hidden" name="next" value="{{ request.path }}">
     </form>
     {% endif %}
diff --git a/people/views/person.py b/people/views/person.py
index dd65988..6e677cd 100644
--- a/people/views/person.py
+++ b/people/views/person.py
@@ -14,6 +14,12 @@ from django.views.generic import CreateView, DetailView, ListView, UpdateView
 from people import forms, models, permissions
 from .map import get_map_data
 
+from random import randint
+
+from django.contrib.auth import get_user_model
+
+User = get_user_model()  # pylint: disable=invalid-name
+
 
 class PersonCreateView(LoginRequiredMixin, CreateView):
     """View to create a new instance of :class:`Person`.
@@ -27,9 +33,18 @@ class PersonCreateView(LoginRequiredMixin, CreateView):
     def form_valid(self, form):
         try:
             self.request.user.person
+            # user already has associated person
+            # assign newly created user, required for user hijacking
+            # so admins can manage relationships of all people
+            random_int = randint(0,999999999)
+            while User.objects.filter(username='autogen_'+str(random_int)):
+                random_int += 1
+            
+            form.instance.user = User.objects.create_user('autogen_' + str(random_int))
+            form.instance.user.consent_given = self.request.user.consent_given
+            form.instance.user.save()
         except ObjectDoesNotExist:
-            if 'user' in self.request.GET:
-                form.instance.user = self.request.user
+            form.instance.user = self.request.user
 
         return super().form_valid(form)
 
diff --git a/people/views/relationship.py b/people/views/relationship.py
index 2669238..da62754 100644
--- a/people/views/relationship.py
+++ b/people/views/relationship.py
@@ -61,7 +61,7 @@ class RelationshipCreateView(LoginRequiredMixin, RedirectView):
 
         except ObjectDoesNotExist:
             # User has no linked Person yet
-            return reverse('people:person.create') + '?user'
+            return reverse('people:person.create')
 
         return reverse('people:relationship.update',
                        kwargs={'pk': relationship.pk})