Expose, honor the prevent_password_change flag for Users

tailbone/views/auth.py

@@ -175,8 +175,12 @@ class AuthenticationView(View):
         if not self.request.user:
             return self.redirect(self.request.route_url('home'))
 
-        if self.user_is_protected(self.request.user) and not self.request.is_root:
-            self.request.session.flash("Cannot change password for user: {}".format(self.request.user))
+        if ((self.request.user.prevent_password_change
+             or self.user_is_protected(self.request.user))
+            and not self.request.is_root):
+
+            self.request.session.flash("Cannot change password for user: {}".format(
+                self.request.user))
             return self.redirect(self.request.get_referrer())
 
         schema = ChangePassword().bind(user=self.request.user, request=self.request)

tailbone/views/users.py

@@ -67,6 +67,7 @@ class UserView(PrincipalMasterView):
         'active',
         'active_sticky',
         'set_password',
+        'prevent_password_change',
         'roles',
         'permissions',
     ]
@@ -210,7 +211,10 @@ class UserView(PrincipalMasterView):
             f.set_renderer('display_name_', self.render_person_name)
 
         # set_password
-        f.set_widget('set_password', dfwidget.CheckedPasswordWidget())
+        if self.editing and user.prevent_password_change and not self.request.is_root:
+            f.remove('set_password')
+        else:
+            f.set_widget('set_password', dfwidget.CheckedPasswordWidget())
         # if self.creating:
         #     f.set_required('password')
 
@@ -316,7 +320,7 @@ class UserView(PrincipalMasterView):
                 user.person.local_only = True
 
         # maybe set user password
-        if data['set_password']:
+        if 'set_password' in form and data['set_password']:
             set_user_password(user, data['set_password'])
 
         # update roles for user