Allow staff (is_staff) to view other peoples raw images as well as their profile, by appending the username to the profile url - for support reasons

ivatar/ivataraccount/urls.py

@@ -63,6 +63,7 @@ urlpatterns = [  # pylint: disable=invalid-name
     ), name='export'),
     path('delete/', DeleteAccountView.as_view(), name='delete'),
     path('profile/', ProfileView.as_view(), name='profile'),
+    url('profile/(?P<profile_username>\w+)', ProfileView.as_view(), name='profile_with_profile_username'),
     path('add_email/', AddEmailView.as_view(), name='add_email'),
     path('add_openid/', AddOpenIDView.as_view(), name='add_openid'),
     path('upload_photo/', UploadPhotoView.as_view(), name='upload_photo'),

ivatar/ivataraccount/views.py

@@ -409,7 +409,7 @@ class RawImageView(DetailView):
 
     def get(self, request, *args, **kwargs):
         photo = self.model.objects.get(pk=kwargs['pk'])  # pylint: disable=no-member
-        if not photo.user.id == request.user.id:
+        if not photo.user.id == request.user.id and not request.user.is_staff:
             return HttpResponseRedirect(reverse_lazy('home'))
         return HttpResponse(
             BytesIO(photo.data), content_type='image/%s' % photo.format)
@@ -883,6 +883,15 @@ class ProfileView(TemplateView):
     template_name = 'profile.html'
 
     def get(self, request, *args, **kwargs):
+        if 'profile_username' in kwargs:
+            if not request.user.is_staff:
+                return HttpResponseRedirect(reverse_lazy('profile'))
+            try:
+                u = User.objects.get(username=kwargs['profile_username'])
+                request.user = u
+            except:
+                pass
+
         self._confirm_claimed_openid()
         return super().get(self, request, args, kwargs)