uses new 'username' variable in querystring to specify the user to edit

Previously, this view only allowed editing of the logged-in user. Now you
  can specify the user to edit in the querystring. If you are an admin the
  view allows you to edit any user's profile, with a warning message. The
  warning only shows up if the admin is editing another user's profile.

Make sure to pass the username to this view at every step in the process

mediagoblin/edit/views.py

@@ -74,7 +74,18 @@ def edit_media(request, media):
 @require_active_login
 def edit_profile(request):
 
-    user = request.user
+    # admins may edit any user profile given a username in the querystring
+    edit_username = request.GET.get('username')
+    if request.user['is_admin'] and request.user['username'] != edit_username:
+        user = request.db.User.find_one({'username': edit_username})
+        # No need to warn again if admin just submitted an edited profile
+        if request.method != 'POST':
+            messages.add_message(
+                request, messages.WARNING,
+                'You are editing a user\'s profile. Proceed with caution.')
+    else:
+        user = request.user
+
     form = forms.EditProfileForm(request.POST,
         url = user.get('url'),
         bio = user.get('bio'))
@@ -87,7 +98,9 @@ def edit_profile(request):
             messages.add_message(request, 
             	                 messages.SUCCESS, 
             	                 'Profile edited!')
-            return redirect(request, "mediagoblin.edit.profile")
+            return redirect(request, 
+            	           "mediagoblin.edit.profile", 
+            	            username=edit_username)
 
     return render_to_response(
         request,

mediagoblin/templates/mediagoblin/edit/edit_profile.html

@@ -21,8 +21,8 @@
 
 {% block mediagoblin_content %}
 
-  <form action="{{ request.urlgen('mediagoblin.edit.profile',
-                               user=user.username) }}"
+  <form action="{{ request.urlgen('mediagoblin.edit.profile') }}?username={{ 
+                                                     user['username'] }}"
         method="POST" enctype="multipart/form-data">
     <div class="grid_6 prefix_1 suffix_1 edit_box form_box">
       <h1>Editing {{ user['username'] }}'s profile</h1>