1 files changed, 28 insertions, 8 deletions

diff --git a/ishtar_common/views.py b/ishtar_common/views.py
index f6468afd0..c9a2d92dd 100644
--- a/ishtar_common/views.py
+++ b/ishtar_common/views.py
@@ -71,8 +71,9 @@ from archaeological_finds.forms import DashboardTreatmentForm, \
 
 from ishtar_common.forms import FinalForm, FinalDeleteForm
 from ishtar_common.widgets import JQueryAutoComplete
-from ishtar_common.utils import get_random_item_image_link, shortify, \
-    get_all_field_names, get_field_labels_from_path
+from ishtar_common.utils import clean_session_cache, \
+    get_all_field_names, get_field_labels_from_path, \
+    get_random_item_image_link, shortify
 from ishtar_common import forms_common as forms
 from ishtar_common import wizards
 from ishtar_common.models import HistoryError, PRIVATE_FIELDS, \
@@ -1756,11 +1757,6 @@ class LoginRequiredMixin(object):
     def dispatch(self, request, *args, **kwargs):
         return super(LoginRequiredMixin, self).dispatch(request, *args,
                                                         **kwargs)
-        if kwargs.get('pk') and not self.request.user.is_staff and \
-           not str(kwargs['pk']) == str(self.request.user.company.pk):
-            return redirect(reverse('index'))
-        return super(LoginRequiredMixin, self).dispatch(request, *args,
-                                                        **kwargs)
 
 
 class AdminLoginRequiredMixin(LoginRequiredMixin):
@@ -1772,9 +1768,28 @@ class AdminLoginRequiredMixin(LoginRequiredMixin):
 
 
 class ProfileEdit(LoginRequiredMixin, FormView):
-    template_name = 'ishtar/form.html'
+    template_name = 'ishtar/forms/profile.html'
     form_class = forms.ProfilePersonForm
 
+    def dispatch(self, request, *args, **kwargs):
+        if kwargs.get('pk'):
+            try:
+                profile = models.UserProfile.objects.get(
+                    pk=kwargs['pk'], person__ishtaruser__user_ptr=request.user)
+            except models.UserProfile.DoesNotExist:
+                # cannot edit a profile that is not yours...
+                return redirect(reverse('index'))
+            current_changed = False
+            # the profile edited became the current profile
+            if not profile.current:
+                current_changed = True
+                profile.current = True
+            # force post-save in case of many current profile
+            profile.save()
+            if current_changed:
+                clean_session_cache(request.session)
+        return super(ProfileEdit, self).dispatch(request, *args, **kwargs)
+
     def get_success_url(self):
         return reverse('profile')
 
@@ -1783,6 +1798,11 @@ class ProfileEdit(LoginRequiredMixin, FormView):
         kwargs['user'] = self.request.user
         return kwargs
 
+    def get_context_data(self, **kwargs):
+        data = super(ProfileEdit, self).get_context_data(**kwargs)
+        data['page_name'] = _(u"Current profile")
+        return data
+
     def form_valid(self, form):
         form.save(self.request.session)
         return HttpResponseRedirect(self.get_success_url())