From a8a7a4ee6782776fcf7b0ade1ee4cacf39c3c637 Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Thu, 7 Jul 2022 07:53:56 +0100
Subject: [PATCH 01/15] fix: fix typo

---
 br/templates/backend/message_list.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/br/templates/backend/message_list.html b/br/templates/backend/message_list.html
index 4c00ee6..83fdebb 100644
--- a/br/templates/backend/message_list.html
+++ b/br/templates/backend/message_list.html
@@ -57,7 +57,7 @@ <h3>{{ page_title }}</h3>
               </tr>
               {% empty %}
               <tr>
-                <td class="table-warning" colspan="4">No records fo</td>
+                <td class="table-warning" colspan="4">No records found</td>
               </tr>
               {% endfor %}
             </tbody>

From 0296fdc10daa748d5999542db0cf7c1074c4d7b3 Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Thu, 7 Jul 2022 07:56:12 +0100
Subject: [PATCH 02/15] feat: add basic users list

---
 br/templates/backend/user_edit.html | 49 +++++++++++++++
 br/templates/backend/user_list.html | 95 +++++++++++++++++++++++++++++
 profiles/forms.py                   | 46 +++++++++++++-
 profiles/urls.py                    | 10 +++
 profiles/views.py                   | 59 +++++++++++++++++-
 unicefng/urls.py                    |  1 +
 6 files changed, 257 insertions(+), 3 deletions(-)
 create mode 100644 br/templates/backend/user_edit.html
 create mode 100644 br/templates/backend/user_list.html
 create mode 100644 profiles/urls.py

diff --git a/br/templates/backend/user_edit.html b/br/templates/backend/user_edit.html
new file mode 100644
index 0000000..ee480e9
--- /dev/null
+++ b/br/templates/backend/user_edit.html
@@ -0,0 +1,49 @@
+{% extends 'backend/_layout.html' %}
+{% block content %}
+<div class="row">
+  <div class="col">
+    <div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-1 pb-1 mb-1 border-bottom">
+      <h3>{{ page_title }}</h3>
+    </div>
+  </div>
+</div>
+<div class="row">
+  <div class="col-sm-10 offset-sm-1 col-md-8 offset-md-2 py-3">
+    <form method="post">
+      {% csrf_token %}
+      <div class="card">
+        <div class="card-body">
+          <div class="row mb-3">
+            <label for="{{ form.username.id_for_label }}" class="col-sm-4 col-form-label">Username</label>
+            <div class="col-sm-8">
+              <input type="text" class="form-control" name="{{ form.username.name }}" id="{{ form.username.id_for_label }}" value="{{ form.username.value }}">
+            </div>
+          </div>
+          <div class="row mb-3">
+            <label for="{{ form.email.id_for_label }}" class="col-sm-4 col-form-label">Email</label>
+            <div class="col-sm-8">
+              <input type="email" class="form-control" name="{{ form.email.name }}" id="{{ form.email.id_for_label }}" value="{{ form.email.value }}">
+            </div>
+          </div>
+          <div class="row mb-3">
+            <label for="{{ form.first_name.id_for_label }}" class="col-sm-4 col-form-label">First name</label>
+            <div class="col-sm-8">
+              <input type="text" class="form-control" name="{{ form.first_name.name }}" id="{{ form.first_name.id_for_label }}" value="{{ form.first_name.value }}">
+            </div>
+          </div>
+          <div class="row mb-3">
+            <label for="{{ form.last_name.id_for_label }}" class="col-sm-4 col-form-label">Surname</label>
+            <div class="col-sm-8">
+              <input type="number" class="form-control" name="{{ form.last_name.name }}" id="{{ form.last_name.id_for_label }}" value="{{ form.last_name.value }}">
+            </div>
+          </div>
+        </div>
+        <div class="card-footer">
+          <button type="submit" class="btn btn-primary">Save Changes</button>
+          <a href="{% url 'users:users_list' %}" class="btn btn-secondary">Cancel</a>
+        </div>
+      </div>
+    </form>
+  </div>
+</div>
+{% endblock content %}
\ No newline at end of file
diff --git a/br/templates/backend/user_list.html b/br/templates/backend/user_list.html
new file mode 100644
index 0000000..cac14cd
--- /dev/null
+++ b/br/templates/backend/user_list.html
@@ -0,0 +1,95 @@
+{% extends 'backend/_layout.html' %}
+{% load staticfiles %}
+{% block content %}
+<div class="row">
+  <div class="col">
+    <div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-1 pb-1 mb-1 border-bottom">
+      <h3>{{ page_title }}</h3>
+    </div>
+  </div>
+</div>
+<div class="row">
+  <div class="col">
+      <div class="card border-light mb-3">
+        <div class="card-body">
+          <div class="row g-3">
+            <div class="col">
+              <a href="#" class="btn btn-success mt-3">
+                <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5" viewBox="0 0 20 20" fill="currentColor" width="20" height="20">
+                  <path fill-rule="evenodd" d="M10 3a1 1 0 011 1v5h5a1 1 0 110 2h-5v5a1 1 0 11-2 0v-5H4a1 1 0 110-2h5V4a1 1 0 011-1z" clip-rule="evenodd" />
+                </svg>
+                Add new user
+              </a>
+            </div>
+          </div>
+        </div>
+      </div>
+  </div>
+</div>
+<div class="row">
+  <div class="col">
+    <div class="card">
+      <div class="card-body">
+        <div class="table-responsive">
+          <table class="table table-hover table-sm table-striped">
+            <thead>
+              <tr>
+                <th></th>
+                <th>Full name</th>
+                <th>Username</th>
+                <th>Email</th>
+                <th>Active?</th>
+              </tr>
+            </thead>
+            <tbody>
+              {% for user in users %}
+              <tr>
+                <td>
+                  <a href="">
+                    <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5" viewBox="0 0 20 20" fill="currentColor" width="20" height="20">
+                      <title>Edit this user</title>
+                      <path d="M13.586 3.586a2 2 0 112.828 2.828l-.793.793-2.828-2.828.793-.793zM11.379 5.793L3 14.172V17h2.828l8.38-8.379-2.83-2.828z" />
+                    </svg>
+                  </a>
+                </td>
+                <td>{{ user.get_full_name }}</td>
+                <td>{{ user.username }}</td>
+                <td>{{ user.email|default:'N/A' }}</td>
+                <td>
+                  {% if user.is_active %}
+                  <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5" viewBox="0 0 20 20" fill="currentColor" width="20" height="20">
+                    <path fill-rule="evenodd" d="M16.707 5.293a1 1 0 010 1.414l-8 8a1 1 0 01-1.414 0l-4-4a1 1 0 011.414-1.414L8 12.586l7.293-7.293a1 1 0 011.414 0z" clip-rule="evenodd" />
+                  </svg>
+                  {% else %}
+                  <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5" viewBox="0 0 20 20" fill="currentColor" width="20" height="20">
+                    <path fill-rule="evenodd" d="M4.293 4.293a1 1 0 011.414 0L10 8.586l4.293-4.293a1 1 0 111.414 1.414L11.414 10l4.293 4.293a1 1 0 01-1.414 1.414L10 11.414l-4.293 4.293a1 1 0 01-1.414-1.414L8.586 10 4.293 5.707a1 1 0 010-1.414z" clip-rule="evenodd" />
+                  </svg>
+                  {% endif %}
+                </td>
+              </tr>
+              {% empty %}
+              <tr>
+                <td class="table-warning" colspan="4">No records found</td>
+              </tr>
+              {% endfor %}
+            </tbody>
+          </table>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+{% include 'backend/pagination.html' %}
+{% endblock content %}
+{% block scripts %}
+<script src="{% static 'vendor/flatpickr/flatpickr.min.js' %}"></script>
+<script>
+  let loader = function () {
+    flatpickr('.date-picker', {
+      dateFormat: 'm/d/Y'
+    });
+  };
+
+  document.addEventListener('DOMContentLoaded', loader);
+</script>
+{% endblock scripts %}
\ No newline at end of file
diff --git a/profiles/forms.py b/profiles/forms.py
index e0b1918..3bb6654 100644
--- a/profiles/forms.py
+++ b/profiles/forms.py
@@ -1,5 +1,7 @@
 # -*- coding: utf-8 -*-
 from django import forms
+from django.contrib.auth.models import User
+from django.core.exceptions import ObjectDoesNotExist
 
 from locations.models import Location
 from profiles.models import Profile
@@ -7,8 +9,50 @@
 
 class ProfileAdminForm(forms.ModelForm):
     locations = forms.ModelMultipleChoiceField(
-    	queryset=Location.objects.filter(type__name=u'State'))
+        queryset=Location.objects.filter(type__name=u'State'))
 
     class Meta:
         model = Profile
         fields = (u'user', u'locations')
+
+
+class UserForm(forms.ModelForm):
+    locations = forms.ModelMultipleChoiceField(
+        queryset=Location.objects.filter(type__name=u'State'))
+    can_add_locations = forms.BooleanField(required=False)
+    can_change_br_reports = forms.BooleanField(required=False)
+    can_change_dr_reports = forms.BooleanField(required=False)
+    can_change_mnchw_reports = forms.BooleanField(required=False)
+    can_change_reporters = forms.BooleanField(required=False)
+
+    class Meta:
+        model = User
+        fields = (
+            'username', 'email', 'first_name', 'last_name', 'is_active',
+            'is_superuser'
+        )
+
+    def __init__(self, *args, **kwargs):
+        user = kwargs.get('instance')
+        if user is not None:
+            initial_data = kwargs.get('initial', {}).copy()
+
+            # set up locations for subscription
+            try:
+                profile = user.profile
+            except ObjectDoesNotExist:
+                profile = None
+
+            if profile is not None:
+                initial_data['locations'] = profile.locations
+
+            # set up permissions
+            initial_data['can_add_locations'] = user.has_perm('locations.add_location')
+            initial_data['can_change_br_reports'] = user.has_perm('br.change_birthregistration')
+            initial_data['can_change_dr_reports'] = user.has_perm('dr.change_deathreport')
+            initial_data['can_change_mnchw_reports'] = user.has_perm('ipd.change_report')
+            initial_data['can_change_reporters'] = user.has_perm('reporters.change_reporter')
+
+            kwargs['initial'] = initial_data
+
+        super(UserForm, self).__init__(*args, **kwargs)
diff --git a/profiles/urls.py b/profiles/urls.py
new file mode 100644
index 0000000..9999f44
--- /dev/null
+++ b/profiles/urls.py
@@ -0,0 +1,10 @@
+# -*- coding: utf-8 -*-
+from django.conf.urls import url
+
+from profiles.views import UserListView
+
+urlpatterns = [
+    url(r'^$', UserListView.as_view(), name='users_list'),
+    # url(r'^new/?$', UserCreateView.as_view(), name='user_create'),
+    # url(r'^(?P<pk>\d+)/?$', UserUpdateView.as_view(), name='user_edit'),
+]
\ No newline at end of file
diff --git a/profiles/views.py b/profiles/views.py
index 91ea44a..5bc4d73 100644
--- a/profiles/views.py
+++ b/profiles/views.py
@@ -1,3 +1,58 @@
-from django.shortcuts import render
+# -*- coding: utf-8 -*-
+from braces.views import LoginRequiredMixin, PermissionRequiredMixin
+from django.conf import settings
+from django.contrib.auth.models import User
+from django.views.generic import CreateView, ListView, UpdateView
 
-# Create your views here.
+from profiles.forms import UserForm
+from profiles.models import Profile
+
+PROTECTED_VIEW_PERMISSION = 'auth.change_user'
+
+
+class UserListView(LoginRequiredMixin, PermissionRequiredMixin, ListView):
+    context_object_name = 'users'
+    model = User
+    ordering = ('-pk',)
+    page_title = 'Users'
+    paginate_by = settings.PAGE_SIZE
+    permission_required = PROTECTED_VIEW_PERMISSION
+    template_name = 'backend/user_list.html'
+
+    def get_context_data(self, **kwargs):
+        context = super(UserListView, self).get_context_data(**kwargs)
+        context['page_title'] = self.page_title
+        return context
+
+
+class UserCreateView(LoginRequiredMixin, PermissionRequiredMixin, CreateView):
+    form_class = UserForm
+    model = User
+    page_title = 'Create User'
+    permission_required = PROTECTED_VIEW_PERMISSION
+    template_name = 'backend/user_create.html'
+
+    def form_valid(self, form):
+        pass
+
+    def get_context_data(self, **kwargs):
+        context = super(UserCreateView, self).get_context_data(**kwargs)
+        context['page_title'] = self.page_title
+        return context
+
+
+class UserUpdateView(LoginRequiredMixin, PermissionRequiredMixin, UpdateView):
+    form_class = UserForm
+    model = User
+    page_title = 'Edit User'
+    permission_required = PROTECTED_VIEW_PERMISSION
+    template_name = 'backend/user_edit.html'
+
+    def form_valid(self, form):
+        pass
+
+    def get_context_data(self, **kwargs):
+        context = super(UserUpdateView, self).get_context_data(**kwargs)
+        context['page_title'] = self.page_title
+        return context
+    
diff --git a/unicefng/urls.py b/unicefng/urls.py
index 0789435..b264e78 100644
--- a/unicefng/urls.py
+++ b/unicefng/urls.py
@@ -27,6 +27,7 @@
     url(r'incoming/', HttpBackendView.as_view(backend_name='polling')),
     url(r'^messages/', include('messagebox.urls', namespace='messaging')),
     url(r'^reporters/', include('reporters.urls', namespace=u'reporters')),
+    url(r'^users/', include('profiles.urls', namespace='users')),
 ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
 
 # authentication urls

From c262622b631967197707172772b9b532f1575906 Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Thu, 7 Jul 2022 08:09:23 +0100
Subject: [PATCH 03/15] feat: add user list to menu

---
 br/templates/backend/_layout.html | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/br/templates/backend/_layout.html b/br/templates/backend/_layout.html
index 2f6cbd0..52e9b96 100644
--- a/br/templates/backend/_layout.html
+++ b/br/templates/backend/_layout.html
@@ -35,6 +35,8 @@ <h4>Rapid<strong>SMS</strong></h4>
               <div class="dropdown-divider"></div>
               {% if perms.reporters.change_reporter %}
               <li><a href="{% url 'reporters:reporter_list' %}" class="dropdown-item">Reporters</a></li>
+              {% if perms.auth.change_user %}
+              <li><a href="{% url 'users:user_list' %}" class="dropdown-item">Users</a></li>
               <div class="dropdown-divider"></div>
               {% endif %}
               <li><a class="dropdown-item" href="{% url 'messaging:message_list' %}">Messages</a></li>

From e80ca029e071bfc1d5b33813de3c3f6d97750e85 Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Thu, 7 Jul 2022 14:05:48 +0100
Subject: [PATCH 04/15] feat: add user creation and editing

---
 br/templates/backend/_layout.html       |   2 +-
 br/templates/backend/user_create.html   | 124 ++++++++++++++++++++++++
 br/templates/backend/user_edit.html     |  79 ++++++++++++++-
 br/templates/backend/user_list.html     |   4 +-
 profiles/forms.py                       |  15 ++-
 profiles/urls.py                        |   6 +-
 profiles/views.py                       |  82 +++++++++++++++-
 unicefng/templates/common/usermenu.html |   2 +
 8 files changed, 301 insertions(+), 13 deletions(-)
 create mode 100644 br/templates/backend/user_create.html

diff --git a/br/templates/backend/_layout.html b/br/templates/backend/_layout.html
index 52e9b96..1a0f9b9 100644
--- a/br/templates/backend/_layout.html
+++ b/br/templates/backend/_layout.html
@@ -36,7 +36,7 @@ <h4>Rapid<strong>SMS</strong></h4>
               {% if perms.reporters.change_reporter %}
               <li><a href="{% url 'reporters:reporter_list' %}" class="dropdown-item">Reporters</a></li>
               {% if perms.auth.change_user %}
-              <li><a href="{% url 'users:user_list' %}" class="dropdown-item">Users</a></li>
+              <li><a href="{% url 'users:users_list' %}" class="dropdown-item">Users</a></li>
               <div class="dropdown-divider"></div>
               {% endif %}
               <li><a class="dropdown-item" href="{% url 'messaging:message_list' %}">Messages</a></li>
diff --git a/br/templates/backend/user_create.html b/br/templates/backend/user_create.html
new file mode 100644
index 0000000..c072bcb
--- /dev/null
+++ b/br/templates/backend/user_create.html
@@ -0,0 +1,124 @@
+{% extends 'backend/_layout.html' %}
+{% block content %}
+<div class="row">
+  <div class="col">
+    <div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-1 pb-1 mb-1 border-bottom">
+      <h3>{{ page_title }}</h3>
+    </div>
+  </div>
+</div>
+<div class="row">
+  <div class="col-sm-10 offset-sm-1 col-md-8 offset-md-2 py-3">
+    <form method="post">
+      {% csrf_token %}
+      <div class="card">
+        <div class="card-body">
+          <div class="row mb-3">
+            <label for="{{ form.username.id_for_label }}" class="col-sm-4 col-form-label">Username</label>
+            <div class="col-sm-8">
+              <input type="text" class="form-control" name="{{ form.username.name }}" id="{{ form.username.id_for_label }}">
+            </div>
+          </div>
+          <div class="row mb-3">
+            <label for="{{ form.email.id_for_label }}" class="col-sm-4 col-form-label">Email</label>
+            <div class="col-sm-8">
+              <input type="email" class="form-control" name="{{ form.email.name }}" id="{{ form.email.id_for_label }}">
+            </div>
+          </div>
+          <div class="row mb-3">
+            <label for="{{ form.first_name.id_for_label }}" class="col-sm-4 col-form-label">First name</label>
+            <div class="col-sm-8">
+              <input type="text" class="form-control" name="{{ form.first_name.name }}" id="{{ form.first_name.id_for_label }}">
+            </div>
+          </div>
+          <div class="row mb-3">
+            <label for="{{ form.password_confirm.id_for_label }}" class="col-sm-4 col-form-label">Surname</label>
+            <div class="col-sm-8">
+              <input type="text" class="form-control" name="{{ form.last_name.name }}" id="{{ form.last_name.id_for_label }}">
+            </div>
+          </div>
+          <div class="row mb-3">
+            <label for="{{ form.password.id_for_label }}" class="col-sm-4 col-form-label">Password</label>
+            <div class="col-sm-8">
+              <input type="password" class="form-control" name="{{ form.password.name }}" id="{{ form.password.id_for_label }}">
+              <p class="form-text">Enter a new password to change the current password</p>
+            </div>
+          </div>
+          <div class="row mb-3">
+            <label for="{{ form.password_confirm.id_for_label }}" class="col-sm-4 col-form-label">Confirm password</label>
+            <div class="col-sm-8">
+              <input type="password" class="form-control" name="{{ form.password_confirm.name }}" id="{{ form.password_confirm.id_for_label }}">
+              <p class="form-text">Repeat the password entered above</p>
+            </div>
+          </div>
+          <div class="row mb-3">
+            <div class="col-sm-8 offset-sm-4">
+              <div class="form-check">
+                <input type="checkbox" name="{{ form.is_active.name }}" id="{{ form.is_active.id_for_label }}" class="form-check-input">
+                <label for="{{ form.is_active.id_for_label }}" class="form-check-label">Active?</label>
+                <p class="form-text">An inactive user will not be able to use the system.</p>
+              </div>
+            </div>
+          </div>
+          <fieldset>
+            <legend>Permissions</legend>
+            <div class="row mb-3">
+              <div class="col-sm-8 offset-sm-4">
+                <div class="form-check">
+                  <input type="checkbox" name="{{ form.can_add_locations.name }}" id="{{ form.can_add_locations.id_for_label }}" class="form-check-input">
+                  <label for="{{ form.can_add_locations.id_for_label }}" class="form-check-label">Can manage BR centres</label>
+                </div>
+              </div>
+            </div>
+            <div class="row mb-3">
+              <div class="col-sm-8 offset-sm-4">
+                <div class="form-check">
+                  <input type="checkbox" name="{{ form.can_change_br_reports.name }}" id="{{ form.can_change_br_reports.id_for_label }}" class="form-check-input">
+                  <label for="{{ form.can_change_br_reports.id_for_label }}" class="form-check-label">Can manage BR reports</label>
+                </div>
+              </div>
+            </div>
+            <div class="row mb-3">
+              <div class="col-sm-8 offset-sm-4">
+                <div class="form-check">
+                  <input type="checkbox" name="{{ form.can_change_dr_reports.name }}" id="{{ form.can_change_dr_reports.id_for_label }}" class="form-check-input">
+                  <label for="{{ form.can_change_dr_reports.id_for_label }}" class="form-check-label">Can manage DR reports</label>
+                </div>
+              </div>
+            </div>
+            <div class="row mb-3">
+              <div class="col-sm-8 offset-sm-4">
+                <div class="form-check">
+                  <input type="checkbox" name="{{ form.can_change_mnchw_reports.name }}" id="{{ form.can_change_mnchw_reports.id_for_label }}" class="form-check-input">
+                  <label for="{{ form.can_change_mnchw_reports.id_for_label }}" class="form-check-label">Can manage MNCHW reports</label>
+                </div>
+              </div>
+            </div>
+            <div class="row mb-3">
+              <div class="col-sm-8 offset-sm-4">
+                <div class="form-check">
+                  <input type="checkbox" name="{{ form.can_change_reporters.name }}" id="{{ form.can_change_reporters.id_for_label }}" class="form-check-input">
+                  <label for="{{ form.can_change_reporters.id_for_label }}" class="form-check-label">Can manage users</label>
+                </div>
+              </div>
+            </div>
+            <div class="row mb-3">
+              <div class="col-sm-8 offset-sm-4">
+                <div class="form-check">
+                  <input type="checkbox" name="{{ form.is_superuser.name }}" id="{{ form.is_superuser.id_for_label }}" class="form-check-input">
+                  <label for="{{ form.is_superuser.id_for_label }}" class="form-check-label">Superuser?</label>
+                  <p class="form-text">A superuser has access to everything without needing specific access to anything. <span class="text-danger">Use with caution.</span></p>
+                </div>
+              </div>
+            </div>
+          </fieldset>
+        </div>
+        <div class="card-footer">
+          <button type="submit" class="btn btn-primary">Save Changes</button>
+          <a href="{% url 'users:users_list' %}" class="btn btn-secondary">Cancel</a>
+        </div>
+      </div>
+    </form>
+  </div>
+</div>
+{% endblock content %}
\ No newline at end of file
diff --git a/br/templates/backend/user_edit.html b/br/templates/backend/user_edit.html
index ee480e9..9e95771 100644
--- a/br/templates/backend/user_edit.html
+++ b/br/templates/backend/user_edit.html
@@ -32,11 +32,86 @@ <h3>{{ page_title }}</h3>
             </div>
           </div>
           <div class="row mb-3">
-            <label for="{{ form.last_name.id_for_label }}" class="col-sm-4 col-form-label">Surname</label>
+            <label for="{{ form.password_confirm.id_for_label }}" class="col-sm-4 col-form-label">Surname</label>
             <div class="col-sm-8">
-              <input type="number" class="form-control" name="{{ form.last_name.name }}" id="{{ form.last_name.id_for_label }}" value="{{ form.last_name.value }}">
+              <input type="text" class="form-control" name="{{ form.last_name.name }}" id="{{ form.last_name.id_for_label }}" value="{{ form.last_name.value }}">
             </div>
           </div>
+          <div class="row mb-3">
+            <label for="{{ form.password.id_for_label }}" class="col-sm-4 col-form-label">Password</label>
+            <div class="col-sm-8">
+              <input type="password" class="form-control" name="{{ form.password.name }}" id="{{ form.password.id_for_label }}">
+              <p class="form-text">Enter a new password to change the current password</p>
+            </div>
+          </div>
+          <div class="row mb-3">
+            <label for="{{ form.password_confirm.id_for_label }}" class="col-sm-4 col-form-label">Confirm password</label>
+            <div class="col-sm-8">
+              <input type="password" class="form-control" name="{{ form.password_confirm.name }}" id="{{ form.password_confirm.id_for_label }}">
+              <p class="form-text">Repeat the password entered above</p>
+            </div>
+          </div>
+          <div class="row mb-3">
+            <div class="col-sm-8 offset-sm-4">
+              <div class="form-check">
+                <input type="checkbox" name="{{ form.is_active.name }}" id="{{ form.is_active.id_for_label }}" class="form-check-input" {% if form.is_active.value %}checked{% endif %}>
+                <label for="{{ form.is_active.id_for_label }}" class="form-check-label">Active?</label>
+                <p class="form-text">An inactive user will not be able to use the system.</p>
+              </div>
+            </div>
+          </div>
+          <fieldset>
+            <legend>Permissions</legend>
+            <div class="row mb-3">
+              <div class="col-sm-8 offset-sm-4">
+                <div class="form-check">
+                  <input type="checkbox" name="{{ form.can_add_locations.name }}" id="{{ form.can_add_locations.id_for_label }}" class="form-check-input" {% if form.can_add_locations.value %}checked{% endif %}>
+                  <label for="{{ form.can_add_locations.id_for_label }}" class="form-check-label">Can manage BR centres</label>
+                </div>
+              </div>
+            </div>
+            <div class="row mb-3">
+              <div class="col-sm-8 offset-sm-4">
+                <div class="form-check">
+                  <input type="checkbox" name="{{ form.can_change_br_reports.name }}" id="{{ form.can_change_br_reports.id_for_label }}" class="form-check-input" {% if form.can_change_br_reports.value %}checked{% endif %}>
+                  <label for="{{ form.can_change_br_reports.id_for_label }}" class="form-check-label">Can manage BR reports</label>
+                </div>
+              </div>
+            </div>
+            <div class="row mb-3">
+              <div class="col-sm-8 offset-sm-4">
+                <div class="form-check">
+                  <input type="checkbox" name="{{ form.can_change_dr_reports.name }}" id="{{ form.can_change_dr_reports.id_for_label }}" class="form-check-input" {% if form.can_change_dr_reports.value %}checked{% endif %}>
+                  <label for="{{ form.can_change_dr_reports.id_for_label }}" class="form-check-label">Can manage DR reports</label>
+                </div>
+              </div>
+            </div>
+            <div class="row mb-3">
+              <div class="col-sm-8 offset-sm-4">
+                <div class="form-check">
+                  <input type="checkbox" name="{{ form.can_change_mnchw_reports.name }}" id="{{ form.can_change_mnchw_reports.id_for_label }}" class="form-check-input" {% if form.can_change_mnchw_reports.value %}checked{% endif %}>
+                  <label for="{{ form.can_change_mnchw_reports.id_for_label }}" class="form-check-label">Can manage MNCHW reports</label>
+                </div>
+              </div>
+            </div>
+            <div class="row mb-3">
+              <div class="col-sm-8 offset-sm-4">
+                <div class="form-check">
+                  <input type="checkbox" name="{{ form.can_change_reporters.name }}" id="{{ form.can_change_reporters.id_for_label }}" class="form-check-input" {% if form.can_change_reporters.value %}checked{% endif %}>
+                  <label for="{{ form.can_change_reporters.id_for_label }}" class="form-check-label">Can manage users</label>
+                </div>
+              </div>
+            </div>
+            <div class="row mb-3">
+              <div class="col-sm-8 offset-sm-4">
+                <div class="form-check">
+                  <input type="checkbox" name="{{ form.is_superuser.name }}" id="{{ form.is_superuser.id_for_label }}" class="form-check-input" {% if form.is_superuser.value %}checked{% endif %}>
+                  <label for="{{ form.is_superuser.id_for_label }}" class="form-check-label">Superuser?</label>
+                  <p class="form-text">A superuser has access to everything without needing specific access to anything. <span class="text-danger">Use with caution.</span></p>
+                </div>
+              </div>
+            </div>
+          </fieldset>
         </div>
         <div class="card-footer">
           <button type="submit" class="btn btn-primary">Save Changes</button>
diff --git a/br/templates/backend/user_list.html b/br/templates/backend/user_list.html
index cac14cd..94a3dd6 100644
--- a/br/templates/backend/user_list.html
+++ b/br/templates/backend/user_list.html
@@ -14,7 +14,7 @@ <h3>{{ page_title }}</h3>
         <div class="card-body">
           <div class="row g-3">
             <div class="col">
-              <a href="#" class="btn btn-success mt-3">
+              <a href="{% url 'users:user_create' %}" class="btn btn-success mt-3">
                 <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5" viewBox="0 0 20 20" fill="currentColor" width="20" height="20">
                   <path fill-rule="evenodd" d="M10 3a1 1 0 011 1v5h5a1 1 0 110 2h-5v5a1 1 0 11-2 0v-5H4a1 1 0 110-2h5V4a1 1 0 011-1z" clip-rule="evenodd" />
                 </svg>
@@ -45,7 +45,7 @@ <h3>{{ page_title }}</h3>
               {% for user in users %}
               <tr>
                 <td>
-                  <a href="">
+                  <a href="{% url 'users:user_edit' pk=user.pk %}">
                     <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5" viewBox="0 0 20 20" fill="currentColor" width="20" height="20">
                       <title>Edit this user</title>
                       <path d="M13.586 3.586a2 2 0 112.828 2.828l-.793.793-2.828-2.828.793-.793zM11.379 5.793L3 14.172V17h2.828l8.38-8.379-2.83-2.828z" />
diff --git a/profiles/forms.py b/profiles/forms.py
index 3bb6654..cc39d95 100644
--- a/profiles/forms.py
+++ b/profiles/forms.py
@@ -18,12 +18,15 @@ class Meta:
 
 class UserForm(forms.ModelForm):
     locations = forms.ModelMultipleChoiceField(
-        queryset=Location.objects.filter(type__name=u'State'))
+        queryset=Location.objects.filter(type__name=u'State'), required=False)
     can_add_locations = forms.BooleanField(required=False)
     can_change_br_reports = forms.BooleanField(required=False)
     can_change_dr_reports = forms.BooleanField(required=False)
     can_change_mnchw_reports = forms.BooleanField(required=False)
     can_change_reporters = forms.BooleanField(required=False)
+    can_change_users = forms.BooleanField(required=False)
+    password = forms.CharField(required=False, widget=forms.PasswordInput())
+    password_confirm = forms.CharField(required=False, widget=forms.PasswordInput())
 
     class Meta:
         model = User
@@ -52,7 +55,17 @@ def __init__(self, *args, **kwargs):
             initial_data['can_change_dr_reports'] = user.has_perm('dr.change_deathreport')
             initial_data['can_change_mnchw_reports'] = user.has_perm('ipd.change_report')
             initial_data['can_change_reporters'] = user.has_perm('reporters.change_reporter')
+            initial_data['can_change_users'] = user.has_perm('auth.change_user')
 
             kwargs['initial'] = initial_data
 
         super(UserForm, self).__init__(*args, **kwargs)
+
+    def clean(self):
+        cleaned_data = super(UserForm, self).clean()
+        password = cleaned_data.get('password')
+        password_confirm = cleaned_data.get('password_confirm')
+        if password != password_confirm:
+            self.add_error('password', 'Passwords do not match')
+
+        return cleaned_data
\ No newline at end of file
diff --git a/profiles/urls.py b/profiles/urls.py
index 9999f44..f9de473 100644
--- a/profiles/urls.py
+++ b/profiles/urls.py
@@ -1,10 +1,10 @@
 # -*- coding: utf-8 -*-
 from django.conf.urls import url
 
-from profiles.views import UserListView
+from profiles.views import UserCreateView, UserListView, UserUpdateView
 
 urlpatterns = [
     url(r'^$', UserListView.as_view(), name='users_list'),
-    # url(r'^new/?$', UserCreateView.as_view(), name='user_create'),
-    # url(r'^(?P<pk>\d+)/?$', UserUpdateView.as_view(), name='user_edit'),
+    url(r'^new/?$', UserCreateView.as_view(), name='user_create'),
+    url(r'^(?P<pk>\d+)/?$', UserUpdateView.as_view(), name='user_edit'),
 ]
\ No newline at end of file
diff --git a/profiles/views.py b/profiles/views.py
index 5bc4d73..774263f 100644
--- a/profiles/views.py
+++ b/profiles/views.py
@@ -1,7 +1,10 @@
 # -*- coding: utf-8 -*-
 from braces.views import LoginRequiredMixin, PermissionRequiredMixin
 from django.conf import settings
-from django.contrib.auth.models import User
+from django.contrib.auth.models import Permission, User
+from django.contrib.contenttypes.models import ContentType
+from django.core.urlresolvers import reverse
+from django.http import HttpResponseRedirect
 from django.views.generic import CreateView, ListView, UpdateView
 
 from profiles.forms import UserForm
@@ -10,6 +13,66 @@
 PROTECTED_VIEW_PERMISSION = 'auth.change_user'
 
 
+def update_permissions(user, form_data):
+    from br.models import BirthRegistration
+    from dr.models import DeathReport
+    from ipd.models import Report
+    from locations.models import Location
+    from reporters.models import Reporter
+
+    br_report_content_type = ContentType.objects.get_for_model(
+        BirthRegistration)
+    dr_report_content_type = ContentType.objects.get_for_model(DeathReport)
+    location_content_type = ContentType.objects.get_for_model(Location)
+    mnchw_report_content_type = ContentType.objects.get_for_model(Report)
+    reporter_content_type = ContentType.objects.get_for_model(Reporter)
+    user_content_type = ContentType.objects.get_for_model(User)
+
+    if form_data.get('can_add_locations'):
+        permission = Permission.objects.get(
+            codename='add_location',
+            content_type=location_content_type,
+        )
+        user.user_permissions.add(permission)
+
+    if form_data.get('can_change_br_reports'):
+        permission = Permission.objects.get(
+            codename='change_birthregistration',
+            content_type=br_report_content_type,
+        )
+        user.user_permissions.add(permission)
+
+    if form_data.get('can_change_dr_reports'):
+        permission = Permission.objects.get(
+            codename='change_deathreport',
+            content_type=dr_report_content_type,
+        )
+        user.user_permissions.add(permission)
+
+    if form_data.get('can_change_mnchw_reports'):
+        permission = Permission.objects.get(
+            codename='change_report',
+            content_type=mnchw_report_content_type,
+        )
+        user.user_permissions.add(permission)
+
+    if form_data.get('can_change_reporters'):
+        permission = Permission.objects.get(
+            codename='change_reporter',
+            content_type=reporter_content_type,
+        )
+        user.user_permissions.add(permission)
+
+    if form_data.get('can_change_users'):
+        permission = Permission.objects.get(
+            codename='change_user',
+            content_type=user_content_type,
+        )
+        user.user_permissions.add(permission)
+
+    user.save()
+
+
 class UserListView(LoginRequiredMixin, PermissionRequiredMixin, ListView):
     context_object_name = 'users'
     model = User
@@ -33,7 +96,13 @@ class UserCreateView(LoginRequiredMixin, PermissionRequiredMixin, CreateView):
     template_name = 'backend/user_create.html'
 
     def form_valid(self, form):
-        pass
+        user = form.save()
+        cleaned_data = form.cleaned_data
+
+        if user.is_superuser:
+            update_permissions(user, cleaned_data)
+
+        return HttpResponseRedirect(reverse('users:users_list'))
 
     def get_context_data(self, **kwargs):
         context = super(UserCreateView, self).get_context_data(**kwargs)
@@ -49,10 +118,15 @@ class UserUpdateView(LoginRequiredMixin, PermissionRequiredMixin, UpdateView):
     template_name = 'backend/user_edit.html'
 
     def form_valid(self, form):
-        pass
+        user = form.save()
+        cleaned_data = form.cleaned_data
+
+        if user.is_superuser:
+            update_permissions(user, cleaned_data)
+
+        return HttpResponseRedirect(reverse('users:users_list'))
 
     def get_context_data(self, **kwargs):
         context = super(UserUpdateView, self).get_context_data(**kwargs)
         context['page_title'] = self.page_title
         return context
-    
diff --git a/unicefng/templates/common/usermenu.html b/unicefng/templates/common/usermenu.html
index a6c4e29..41358db 100644
--- a/unicefng/templates/common/usermenu.html
+++ b/unicefng/templates/common/usermenu.html
@@ -13,6 +13,8 @@
 <li><a href="{% url 'reporters:reporter_list' %}" class="dropdown-item">Reporters</a></li>
 <div class="dropdown-divider"></div>
 {% endif %}
+{% if perms.auth.change_user %}<li><a class="dropdown-item" href="{% url 'users:users_list' %}">Users</a></li>{% endif %}
+<div class="dropdown-divider"></div>
 <li><a class="dropdown-item" href="{% url 'messaging:message_list' %}">Messages</a></li>
 <div class="dropdown-divider"></div>
 {% endif %}
\ No newline at end of file

From e490ab091350b9d937f3bc49ae7c27a9e9628151 Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Sat, 9 Jul 2022 08:57:30 +0100
Subject: [PATCH 05/15] fix: set password on save

---
 profiles/forms.py |  7 ++++++-
 profiles/views.py | 12 ++++++++----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/profiles/forms.py b/profiles/forms.py
index cc39d95..dc06df4 100644
--- a/profiles/forms.py
+++ b/profiles/forms.py
@@ -68,4 +68,9 @@ def clean(self):
         if password != password_confirm:
             self.add_error('password', 'Passwords do not match')
 
-        return cleaned_data
\ No newline at end of file
+        return cleaned_data
+
+
+class UserCreateForm(UserForm):
+    password = forms.CharField(widget=forms.PasswordInput())
+    password_confirm = forms.CharField(widget=forms.PasswordInput())
\ No newline at end of file
diff --git a/profiles/views.py b/profiles/views.py
index 774263f..76befe8 100644
--- a/profiles/views.py
+++ b/profiles/views.py
@@ -7,7 +7,7 @@
 from django.http import HttpResponseRedirect
 from django.views.generic import CreateView, ListView, UpdateView
 
-from profiles.forms import UserForm
+from profiles.forms import UserCreateForm, UserForm
 from profiles.models import Profile
 
 PROTECTED_VIEW_PERMISSION = 'auth.change_user'
@@ -89,7 +89,7 @@ def get_context_data(self, **kwargs):
 
 
 class UserCreateView(LoginRequiredMixin, PermissionRequiredMixin, CreateView):
-    form_class = UserForm
+    form_class = UserCreateForm
     model = User
     page_title = 'Create User'
     permission_required = PROTECTED_VIEW_PERMISSION
@@ -98,8 +98,9 @@ class UserCreateView(LoginRequiredMixin, PermissionRequiredMixin, CreateView):
     def form_valid(self, form):
         user = form.save()
         cleaned_data = form.cleaned_data
+        user.set_password(cleaned_data.get('password'))
 
-        if user.is_superuser:
+        if not user.is_superuser:
             update_permissions(user, cleaned_data)
 
         return HttpResponseRedirect(reverse('users:users_list'))
@@ -121,7 +122,10 @@ def form_valid(self, form):
         user = form.save()
         cleaned_data = form.cleaned_data
 
-        if user.is_superuser:
+        if cleaned_data.get('password'):
+            user.set_password(cleaned_data.get('password'))
+
+        if not user.is_superuser:
             update_permissions(user, cleaned_data)
 
         return HttpResponseRedirect(reverse('users:users_list'))

From 7d1064b410174a6083f47496e4afb7c3a70a9ea6 Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Mon, 18 Jul 2022 14:07:33 +0100
Subject: [PATCH 06/15] feat: update login template

---
 br/templates/backend/login.html | 67 +++++++++++++++++++++++++++++++++
 unicefng/urls.py                |  2 +-
 2 files changed, 68 insertions(+), 1 deletion(-)
 create mode 100644 br/templates/backend/login.html

diff --git a/br/templates/backend/login.html b/br/templates/backend/login.html
new file mode 100644
index 0000000..f5a1f78
--- /dev/null
+++ b/br/templates/backend/login.html
@@ -0,0 +1,67 @@
+{% load staticfiles %}
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <link rel="stylesheet" href="{% static 'vendor/bootstrap5/css/bootstrap.min.css' %}">
+  <title>Login</title>
+  <style>
+    html,body {
+      height: 100%;
+    }
+
+    body {
+      display: flex;
+      align-items: center;
+      padding-top: 40px;
+      padding-bottom: 40px;
+    }
+
+    .form-signin {
+      width: 100%;
+      padding: 15%;
+      margin: auto;
+    }
+
+    .form-signin .form-floating:focus-within {
+      z-index: 2;
+    }
+
+    .form-signin input[type="text"] {
+      margin-bottom: -1px;
+      border-bottom-right-radius: 0;
+      border-bottom-left-radius: 0;
+    }
+    
+    .form-signin input[type="password"] {
+      margin-bottom: 10px;
+      border-top-right-radius: 0;
+      border-top-left-radius: 0;
+    }
+  </style>
+</head>
+<body class="text-center">
+  <main class="form-signin">
+    <form method="post">
+      {% csrf_token %}
+      <h1 class="h3 mb-3 fw-normal">Please sign in</h1>
+      <div class="form-floating">
+        <input id="username" type="text" name="username" class="form-control" placeholder="Username">
+        <label for="username">Username</label>
+      </div>
+      <div class="form-floating">
+        <input id="password" type="password" name="password" class="form-control" placeholder="Password">
+        <label for="password">Password</label>
+      </div>
+      <button class="w-100 btn btn-lg btn-primary" type="submit">
+        <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5" viewBox="0 0 20 20" fill="currentColor" width="20" height="20">
+          <path fill-rule="evenodd" d="M5 9V7a5 5 0 0110 0v2a2 2 0 012 2v5a2 2 0 01-2 2H5a2 2 0 01-2-2v-5a2 2 0 012-2zm8-2v2H7V7a3 3 0 016 0z" clip-rule="evenodd" />
+        </svg>
+        Sign in
+      </button>
+    </form>
+  </main>
+</body>
+</html>
\ No newline at end of file
diff --git a/unicefng/urls.py b/unicefng/urls.py
index b264e78..e8053fe 100644
--- a/unicefng/urls.py
+++ b/unicefng/urls.py
@@ -32,6 +32,6 @@
 
 # authentication urls
 urlpatterns += [
-    url(r'^accounts/login/$', auth_views.login, {'template_name': 'login.html'}, name="user-login"),
+    url(r'^accounts/login/$', auth_views.login, {'template_name': 'backend/login.html'}, name="user-login"),
     url(r'^accounts/logout/$', auth_views.logout_then_login, name="user-logout")
 ]

From 8208b012154bcf4c2a4968be368063453a306e67 Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Tue, 19 Jul 2022 01:48:47 +0100
Subject: [PATCH 07/15] chore: reorder dropdown links

---
 br/templates/backend/_layout.html | 58 ++++++++++++++++++-------------
 1 file changed, 33 insertions(+), 25 deletions(-)

diff --git a/br/templates/backend/_layout.html b/br/templates/backend/_layout.html
index 1a0f9b9..45d90ed 100644
--- a/br/templates/backend/_layout.html
+++ b/br/templates/backend/_layout.html
@@ -24,31 +24,39 @@ <h4>Rapid<strong>SMS</strong></h4>
             </a>
             <ul class="dropdown-menu text-small shadow" aria-labelledby="dropdownMenu">
               {% if user.is_authenticated %}
-              {% if perms.br.change_birthregistration %}<li><a class="dropdown-item" href="{% url 'br:reports_list' %}">BR reports</a></li>{% endif %}
-              {% if perms.br.change_birthregistration %}<li><a class="dropdown-item" href="{% url 'locations:center_list' %}">BR centers</a></li>{% endif %}
-              <li><a class="dropdown-item" href="{% url 'br:help' %}">BR help</a></li>
-              <div class="dropdown-divider"></div>
-              {% if perms.dr.change_deathreport %}<li><a class="dropdown-item" href="{% url 'dr:dr_report_list' %}">DR reports</a></li>{% endif %}
-              {% if perms.dr.change_deathreport %}<li><a class="dropdown-item" href="{% static 'documents/DRFORM.pdf' %}">DR manual</a></li>{% endif %}
-              <div class="dropdown-divider"></div>
-              {% if perms.ipd.change_report %}<li><a class="dropdown-item" href="{% url 'mnchw:campaign_list' %}">MNCHW campaigns</a></li>{% endif %}
-              <div class="dropdown-divider"></div>
-              {% if perms.reporters.change_reporter %}
-              <li><a href="{% url 'reporters:reporter_list' %}" class="dropdown-item">Reporters</a></li>
-              {% if perms.auth.change_user %}
-              <li><a href="{% url 'users:users_list' %}" class="dropdown-item">Users</a></li>
-              <div class="dropdown-divider"></div>
-              {% endif %}
-              <li><a class="dropdown-item" href="{% url 'messaging:message_list' %}">Messages</a></li>
-              <div class="dropdown-divider"></div>
-              <li>
-                <a class="dropdown-item" href="{% url 'user-logout' %}">
-                  <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5" viewBox="0 0 20 20" fill="currentColor" width="20" height="20">
-                    <path fill-rule="evenodd" d="M3 3a1 1 0 00-1 1v12a1 1 0 102 0V4a1 1 0 00-1-1zm10.293 9.293a1 1 0 001.414 1.414l3-3a1 1 0 000-1.414l-3-3a1 1 0 10-1.414 1.414L14.586 9H7a1 1 0 100 2h7.586l-1.293 1.293z" clip-rule="evenodd" />
-                  </svg>
-                  &nbsp; Log Out
-                </a>
-              </li>
+                <li><a class="dropdown-item" href="{% url 'br:help' %}">BR help</a></li>
+                {% if perms.br.change_birthregistration %}
+                <li><a class="dropdown-item" href="{% url 'br:reports_list' %}">BR reports</a></li>
+                <li><a class="dropdown-item" href="{% url 'locations:center_list' %}">BR centers</a></li>
+                <div class="dropdown-divider"></div>
+                {% endif %}
+                {% if perms.dr.change_deathreport %}
+                <li><a class="dropdown-item" href="{% url 'dr:dr_report_list' %}">DR reports</a></li>
+                <li><a class="dropdown-item" href="{% static 'documents/DRFORM.pdf' %}">DR manual</a></li>
+                <div class="dropdown-divider"></div>
+                {% endif %}
+                {% if perms.ipd.change_report %}
+                <li><a class="dropdown-item" href="{% url 'mnchw:campaign_list' %}">MNCHW campaigns</a></li>
+                <div class="dropdown-divider"></div>
+                {% endif %}
+                {% if perms.reporters.change_reporter %}
+                <li><a href="{% url 'reporters:reporter_list' %}" class="dropdown-item">Reporters</a></li>
+                <div class="dropdown-divider"></div>
+                {% endif %}
+                {% if perms.auth.change_user %}
+                <li><a href="{% url 'users:users_list' %}" class="dropdown-item">Users</a></li>
+                <div class="dropdown-divider"></div>
+                {% endif %}
+                <li><a class="dropdown-item" href="{% url 'messaging:message_list' %}">Messages</a></li>
+                <div class="dropdown-divider"></div>
+                <li>
+                  <a class="dropdown-item" href="{% url 'user-logout' %}">
+                    <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5" viewBox="0 0 20 20" fill="currentColor" width="20" height="20">
+                      <path fill-rule="evenodd" d="M3 3a1 1 0 00-1 1v12a1 1 0 102 0V4a1 1 0 00-1-1zm10.293 9.293a1 1 0 001.414 1.414l3-3a1 1 0 000-1.414l-3-3a1 1 0 10-1.414 1.414L14.586 9H7a1 1 0 100 2h7.586l-1.293 1.293z" clip-rule="evenodd" />
+                    </svg>
+                    &nbsp; Log Out
+                  </a>
+                </li>
               {% endif %}
             </ul>
           </div>

From e4dbf8a9d02d7b9e584cecb5a1dad343f9e82408 Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Tue, 19 Jul 2022 01:52:49 +0100
Subject: [PATCH 08/15] fix: correct broken HTML

---
 br/templates/backend/reports_list.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/br/templates/backend/reports_list.html b/br/templates/backend/reports_list.html
index a78c15e..7723b3f 100644
--- a/br/templates/backend/reports_list.html
+++ b/br/templates/backend/reports_list.html
@@ -89,8 +89,9 @@ <h3>{{ page_title }}</h3>
                 <tr>
                   <td>
                     <div class="form-check">
-                      <input type="checkbox" name="reports" value="{{ report.pk }}" class="reports form-check-input" data-delete-checkbox="true"></td>
+                      <input type="checkbox" name="reports" value="{{ report.pk }}" class="reports form-check-input" data-delete-checkbox="true">
                     </div>
+                  </td>
                   <td>
                     {% if report.source == 'internal' %}
                     <a href="{% url 'br:report_edit' report.pk %}">

From 5006e941ebc33b6277e7669240839e96650b5480 Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Tue, 19 Jul 2022 08:23:13 +0100
Subject: [PATCH 09/15] fix: correc broken styles

---
 br/templates/backend/login.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/br/templates/backend/login.html b/br/templates/backend/login.html
index f5a1f78..4decce5 100644
--- a/br/templates/backend/login.html
+++ b/br/templates/backend/login.html
@@ -21,7 +21,8 @@
 
     .form-signin {
       width: 100%;
-      padding: 15%;
+      max-width: 330px;
+      padding: 15px;
       margin: auto;
     }
 

From 592cd0561a7040adc5c966ecb235e68bfad3b0d0 Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Tue, 19 Jul 2022 08:27:48 +0100
Subject: [PATCH 10/15] chore: reorder user menu

---
 unicefng/templates/common/usermenu.html | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/unicefng/templates/common/usermenu.html b/unicefng/templates/common/usermenu.html
index 41358db..31a29f6 100644
--- a/unicefng/templates/common/usermenu.html
+++ b/unicefng/templates/common/usermenu.html
@@ -1,20 +1,28 @@
 {% load static %}
 {% if user.is_authenticated %}
-{% if perms.br.change_birthregistration %}<li><a class="dropdown-item" href="{% url 'br:reports_list' %}">BR reports</a></li>{% endif %}
-{% if perms.br.change_birthregistration %}<li><a class="dropdown-item" href="{% url 'locations:center_list' %}">BR centers</a></li>{% endif %}
 <li><a class="dropdown-item" href="{% url 'br:help' %}">BR help</a></li>
+{% if perms.br.change_birthregistration %}
+<li><a class="dropdown-item" href="{% url 'br:reports_list' %}">BR reports</a></li>
+<li><a class="dropdown-item" href="{% url 'locations:center_list' %}">BR centers</a></li>
 <div class="dropdown-divider"></div>
-{% if perms.dr.change_deathreport %}<li><a class="dropdown-item" href="{% url 'dr:dr_report_list' %}">DR reports</a></li>{% endif %}
-{% if perms.dr.change_deathreport %}<li><a class="dropdown-item" href="{% static 'documents/DRFORM.pdf' %}">DR manual</a></li>{% endif %}
+{% endif %}
+{% if perms.dr.change_deathreport %}
+<li><a class="dropdown-item" href="{% url 'dr:dr_report_list' %}">DR reports</a></li>
+<li><a class="dropdown-item" href="{% static 'documents/DRFORM.pdf' %}">DR manual</a></li>
 <div class="dropdown-divider"></div>
-{% if perms.ipd.change_report %}<li><a class="dropdown-item" href="{% url 'mnchw:campaign_list' %}">MNCHW campaigns</a></li>{% endif %}
+{% endif %}
+{% if perms.ipd.change_report %}
+<li><a class="dropdown-item" href="{% url 'mnchw:campaign_list' %}">MNCHW campaigns</a></li>
 <div class="dropdown-divider"></div>
+{% endif %}
 {% if perms.reporters.change_reporter %}
 <li><a href="{% url 'reporters:reporter_list' %}" class="dropdown-item">Reporters</a></li>
 <div class="dropdown-divider"></div>
 {% endif %}
-{% if perms.auth.change_user %}<li><a class="dropdown-item" href="{% url 'users:users_list' %}">Users</a></li>{% endif %}
+{% if perms.auth.change_user %}
+<li><a class="dropdown-item" href="{% url 'users:users_list' %}">Users</a></li>
 <div class="dropdown-divider"></div>
+{% endif %}
 <li><a class="dropdown-item" href="{% url 'messaging:message_list' %}">Messages</a></li>
 <div class="dropdown-divider"></div>
 {% endif %}
\ No newline at end of file

From 1ed0e65309c543d743b9f201020e020fdbb8fbf0 Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Tue, 19 Jul 2022 08:40:07 +0100
Subject: [PATCH 11/15] fix: correct modal styles for BS5

---
 br/templates/backend/reports_list.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/br/templates/backend/reports_list.html b/br/templates/backend/reports_list.html
index 7723b3f..ff6cdf2 100644
--- a/br/templates/backend/reports_list.html
+++ b/br/templates/backend/reports_list.html
@@ -134,8 +134,8 @@ <h3>{{ page_title }}</h3>
   <div class="modal-dialog" role="document">
     <div class="modal-content">
       <div class="modal-header">
-        <button type="button" class="close" data-bs-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
         <h4 class="modal-title" id="deleteModalLabel">Delete records?</h4>
+        <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
       </div>
       <div class="modal-body">
         <p>Are you sure you want to delete these records?</p>

From 07fab303be3592201c9b3e76ccd3ca7c8d759726 Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Tue, 19 Jul 2022 08:41:07 +0100
Subject: [PATCH 12/15] feat: add user deletion

---
 br/templates/backend/user_list.html | 53 +++++++++++++++++++++++++++++
 profiles/forms.py                   | 22 +++++++++++-
 profiles/urls.py                    |  4 ++-
 profiles/views.py                   | 35 +++++++++++++++++--
 4 files changed, 110 insertions(+), 4 deletions(-)

diff --git a/br/templates/backend/user_list.html b/br/templates/backend/user_list.html
index 94a3dd6..7dad2a3 100644
--- a/br/templates/backend/user_list.html
+++ b/br/templates/backend/user_list.html
@@ -20,6 +20,7 @@ <h3>{{ page_title }}</h3>
                 </svg>
                 Add new user
               </a>
+              <button type="button" class="btn btn-danger invisible mt-3" id="delete_btn" data-bs-toggle="modal" data-bs-target="#deleteConfirmModal">Delete Selected</button>
             </div>
           </div>
         </div>
@@ -34,6 +35,7 @@ <h3>{{ page_title }}</h3>
           <table class="table table-hover table-sm table-striped">
             <thead>
               <tr>
+                <th></th>
                 <th></th>
                 <th>Full name</th>
                 <th>Username</th>
@@ -42,8 +44,15 @@ <h3>{{ page_title }}</h3>
               </tr>
             </thead>
             <tbody>
+              <form action="{% url 'users:user_delete' %}" id="delete_form" method="post">
+                {% csrf_token %}
               {% for user in users %}
               <tr>
+                <td>
+                  <div class="form-check">
+                    <input type="checkbox" name="{{ delete_form.users.name }}" value="{{ user.pk }}" class="users form-check-input" data-delete-checkbox="true">
+                  </div>
+                </td>
                 <td>
                   <a href="{% url 'users:user_edit' pk=user.pk %}">
                     <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5" viewBox="0 0 20 20" fill="currentColor" width="20" height="20">
@@ -72,6 +81,7 @@ <h3>{{ page_title }}</h3>
                 <td class="table-warning" colspan="4">No records found</td>
               </tr>
               {% endfor %}
+              </form>
             </tbody>
           </table>
         </div>
@@ -80,6 +90,24 @@ <h3>{{ page_title }}</h3>
   </div>
 </div>
 {% include 'backend/pagination.html' %}
+<div class="modal fade" tabindex="-1" role="dialog" aria-labelledby="deleteModalLabel" id="deleteConfirmModal">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <h4 class="modal-title" id="deleteModalLabel">Delete users?</h4>
+        <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+      </div>
+      <div class="modal-body">
+        <p>Are you sure you want to delete these users?</p>
+        <p><strong><em>This cannot be undone!</em></strong></p>
+      </div>
+      <div class="modal-footer">
+        <button class="btn btn-danger" id="confirm_delete" type="button">Yes, delete them</button>
+        <button class="btn btn-default" type="button" data-bs-dismiss="modal">No, don't</button>
+      </div>
+    </div>
+  </div>
+</div>
 {% endblock content %}
 {% block scripts %}
 <script src="{% static 'vendor/flatpickr/flatpickr.min.js' %}"></script>
@@ -88,8 +116,33 @@ <h3>{{ page_title }}</h3>
     flatpickr('.date-picker', {
       dateFormat: 'm/d/Y'
     });
+
+    // set up toggling of delete button
+    const deleteButton = document.getElementById('delete_btn');
+    const toggleDeleteButton = () => {
+      const numChecked = document.querySelectorAll('input[data-delete-checkbox]:checked').length;
+      if (numChecked === 0) {
+        // hide delete button
+        deleteButton.classList.add('invisible');
+      } else {
+        // show delete button
+        deleteButton.classList.remove('invisible');
+      }
+    };
+
+    document.addEventListener('change', function (event) {
+      if (event.target.matches('[data-delete-checkbox]'))
+        toggleDeleteButton();
+    });
   };
 
+  // set up submission of delete form
+  const deleteForm = document.getElementById('delete_form');
+  const deleteConfirmButton = document.getElementById('confirm_delete');
+  deleteConfirmButton.addEventListener('click', () => {
+    deleteForm.submit();
+  });
+
   document.addEventListener('DOMContentLoaded', loader);
 </script>
 {% endblock scripts %}
\ No newline at end of file
diff --git a/profiles/forms.py b/profiles/forms.py
index dc06df4..b683b8d 100644
--- a/profiles/forms.py
+++ b/profiles/forms.py
@@ -73,4 +73,24 @@ def clean(self):
 
 class UserCreateForm(UserForm):
     password = forms.CharField(widget=forms.PasswordInput())
-    password_confirm = forms.CharField(widget=forms.PasswordInput())
\ No newline at end of file
+    password_confirm = forms.CharField(widget=forms.PasswordInput())
+
+
+class UserDeleteForm(forms.Form):
+    users = forms.ModelMultipleChoiceField(
+        queryset=User.objects.all(),
+        required=False, widget=forms.CheckboxSelectMultiple
+    )
+
+    def __init__(self, *args, **kwargs):
+        self.initiator = kwargs.pop('user', None)
+        super(UserDeleteForm, self).__init__(*args, **kwargs)
+
+    def clean(self):
+        cleaned_data = super(UserDeleteForm, self).clean()
+        users = cleaned_data.get('users')
+        if self.initiator is not None:
+            if users.filter(pk=self.initiator.pk).exists():
+                self.add_error('users', 'Cannot delete the current user')
+
+        return cleaned_data
diff --git a/profiles/urls.py b/profiles/urls.py
index f9de473..84e9aa5 100644
--- a/profiles/urls.py
+++ b/profiles/urls.py
@@ -1,10 +1,12 @@
 # -*- coding: utf-8 -*-
 from django.conf.urls import url
 
-from profiles.views import UserCreateView, UserListView, UserUpdateView
+from profiles.views import (
+    UserCreateView, UserListView, UserUpdateView, user_delete)
 
 urlpatterns = [
     url(r'^$', UserListView.as_view(), name='users_list'),
     url(r'^new/?$', UserCreateView.as_view(), name='user_create'),
+    url(r'^delete/?$', user_delete, name='user_delete'),
     url(r'^(?P<pk>\d+)/?$', UserUpdateView.as_view(), name='user_edit'),
 ]
\ No newline at end of file
diff --git a/profiles/views.py b/profiles/views.py
index 76befe8..0967769 100644
--- a/profiles/views.py
+++ b/profiles/views.py
@@ -1,13 +1,16 @@
 # -*- coding: utf-8 -*-
 from braces.views import LoginRequiredMixin, PermissionRequiredMixin
 from django.conf import settings
+from django.contrib import messages
 from django.contrib.auth.models import Permission, User
 from django.contrib.contenttypes.models import ContentType
 from django.core.urlresolvers import reverse
-from django.http import HttpResponseRedirect
+from django.http import (
+    HttpResponseForbidden, HttpResponseNotAllowed, HttpResponseRedirect)
+from django.utils.http import is_safe_url
 from django.views.generic import CreateView, ListView, UpdateView
 
-from profiles.forms import UserCreateForm, UserForm
+from profiles.forms import UserCreateForm, UserDeleteForm, UserForm
 from profiles.models import Profile
 
 PROTECTED_VIEW_PERMISSION = 'auth.change_user'
@@ -85,6 +88,7 @@ class UserListView(LoginRequiredMixin, PermissionRequiredMixin, ListView):
     def get_context_data(self, **kwargs):
         context = super(UserListView, self).get_context_data(**kwargs)
         context['page_title'] = self.page_title
+        context['delete_form'] = UserDeleteForm()
         return context
 
 
@@ -134,3 +138,30 @@ def get_context_data(self, **kwargs):
         context = super(UserUpdateView, self).get_context_data(**kwargs)
         context['page_title'] = self.page_title
         return context
+
+
+def user_delete(request):
+    if request.method != 'POST':
+        return HttpResponseNotAllowed(['POST'])
+
+    if not request.user.is_authenticated:
+        return HttpResponseForbidden()
+
+    form = UserDeleteForm(request.POST, user=request.user)
+    redirect_path = request.META.get(
+        'HTTP_REFERER', reverse('users:users_list'))
+
+    if form.is_valid():
+        users = form.cleaned_data.get('users')
+        users.delete()
+
+        messages.add_message(
+            request,
+            messages.SUCCESS,
+            '<strong>Success!</strong> The selected users were deleted.'
+        )
+
+        if not is_safe_url(url=redirect_path, host=request.get_host()):
+            redirect_path = reverse('users:users_list')
+
+    return HttpResponseRedirect(redirect_path)

From fa488a28109d29800f54043d20e0b1b68645017c Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Tue, 19 Jul 2022 09:01:16 +0100
Subject: [PATCH 13/15] chore: correct styling, add message display

---
 br/templates/backend/reports_list.html |  5 +++--
 br/templates/backend/user_list.html    | 16 ++++++++++++++--
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/br/templates/backend/reports_list.html b/br/templates/backend/reports_list.html
index ff6cdf2..85bb1c7 100644
--- a/br/templates/backend/reports_list.html
+++ b/br/templates/backend/reports_list.html
@@ -16,7 +16,7 @@ <h3>{{ page_title }}</h3>
 {% for message in messages %}
 <div class="row">
   <div class="col-sm-12">
-    <div class="alert {% if message.tags %}alert-{{ message.tags }}{% endif %} alert-dismissable">
+    <div class="alert {% if message.tags %}{{ message.tags|lower }}{% endif %} alert-dismissable fade show" role="alert">
       {{ message|safe }}
       <button class="btn-close" type="button" data-bs-dismss="alert" aria-label="Close"></button>
     </div>
@@ -84,12 +84,13 @@ <h3>{{ page_title }}</h3>
               </tr>
             </thead>
             <form action="{% url 'br:rep_delete' %}" id="delete_form" method="post">
+              {% csrf_token %}
               <tbody>
                 {% for report in reports %}
                 <tr>
                   <td>
                     <div class="form-check">
-                      <input type="checkbox" name="reports" value="{{ report.pk }}" class="reports form-check-input" data-delete-checkbox="true">
+                      <input type="checkbox" name="{{ delete_form.reports.name }}" value="{{ report.pk }}" class="reports form-check-input" data-delete-checkbox="true">
                     </div>
                   </td>
                   <td>
diff --git a/br/templates/backend/user_list.html b/br/templates/backend/user_list.html
index 7dad2a3..644a404 100644
--- a/br/templates/backend/user_list.html
+++ b/br/templates/backend/user_list.html
@@ -8,19 +8,31 @@ <h3>{{ page_title }}</h3>
     </div>
   </div>
 </div>
+{% if messages %}
+{% for message in messages %}
+<div class="row">
+  <div class="col-sm-12">
+    <div class="alert {% if message.tags %}{{ message.tags|lower }}{% endif %} alert-dismissable fade show" role="alert">
+      {{ message|safe }}
+      <button class="btn-close" type="button" data-bs-dismss="alert" aria-label="Close"></button>
+    </div>
+  </div>
+</div>
+{% endfor %}
+{% endif %}
 <div class="row">
   <div class="col">
       <div class="card border-light mb-3">
         <div class="card-body">
           <div class="row g-3">
             <div class="col">
-              <a href="{% url 'users:user_create' %}" class="btn btn-success mt-3">
+              <a href="{% url 'users:user_create' %}" class="btn btn-success">
                 <svg xmlns="http://www.w3.org/2000/svg" class="h-5 w-5" viewBox="0 0 20 20" fill="currentColor" width="20" height="20">
                   <path fill-rule="evenodd" d="M10 3a1 1 0 011 1v5h5a1 1 0 110 2h-5v5a1 1 0 11-2 0v-5H4a1 1 0 110-2h5V4a1 1 0 011-1z" clip-rule="evenodd" />
                 </svg>
                 Add new user
               </a>
-              <button type="button" class="btn btn-danger invisible mt-3" id="delete_btn" data-bs-toggle="modal" data-bs-target="#deleteConfirmModal">Delete Selected</button>
+              <button type="button" class="btn btn-danger invisible" id="delete_btn" data-bs-toggle="modal" data-bs-target="#deleteConfirmModal">Delete Selected</button>
             </div>
           </div>
         </div>

From db766889cb1d2a39554472ddb1cad8ad72bc8248 Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Tue, 19 Jul 2022 09:02:21 +0100
Subject: [PATCH 14/15] chore: add delete form to view

---
 br/views.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/br/views.py b/br/views.py
index 8337cc9..cf63f4e 100644
--- a/br/views.py
+++ b/br/views.py
@@ -354,6 +354,7 @@ def get_context_data(self, **kwargs):
         context = super(ReportListView, self).get_context_data(**kwargs)
         context['filter_form'] = self.filter_set.form
         context['page_title'] = self.page_title
+        context['delete_form'] = ReportDeleteForm()
         return context
 
     def get_queryset(self):

From 96978bfb345d509049c6a4fb788bf29f629a8685 Mon Sep 17 00:00:00 2001
From: Odumosu Dipo <dodumosu@timbaobjects.com>
Date: Tue, 19 Jul 2022 09:07:51 +0100
Subject: [PATCH 15/15] chore: add newline to end of file

---
 profiles/urls.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/profiles/urls.py b/profiles/urls.py
index 84e9aa5..a3d48b5 100644
--- a/profiles/urls.py
+++ b/profiles/urls.py
@@ -9,4 +9,4 @@
     url(r'^new/?$', UserCreateView.as_view(), name='user_create'),
     url(r'^delete/?$', user_delete, name='user_delete'),
     url(r'^(?P<pk>\d+)/?$', UserUpdateView.as_view(), name='user_edit'),
-]
\ No newline at end of file
+]