feat(FastAPI): allow reporters to cancel their own requests (1/2)

This change required a slight modification of how we handle the Requests page. It is now available to all users. This commit provides 1/2 of the implementation which actually satisfies this feature. 2/2 will contain the actual implementation of closures of requests, which will also allow users who created the request to decide to close it. Issue: https://gitlab.archlinux.org/archlinux/aurweb/-/issues/20 Signed-off-by: Kevin Morris <kevr@0cost.org>
2025-02-03 10:43:03 +01:00 · 2021-09-12 20:05:49 -07:00 · 2021-09-12 20:05:49 -07:00 · 1cf9420997
commit 1cf9420997
parent 99482f9962
2 changed files with 27 additions and 10 deletions
--- a/aurweb/routers/packages.py
+++ b/aurweb/routers/packages.py
@ -12,8 +12,7 @@ import aurweb.models.package_keyword
 import aurweb.packages.util

 from aurweb import db, defaults, l10n
-from aurweb.auth import account_type_required, auth_required
-from aurweb.models.account_type import DEVELOPER, TRUSTED_USER, TRUSTED_USER_AND_DEV
+from aurweb.auth import auth_required
 from aurweb.models.license import License
 from aurweb.models.package import Package
 from aurweb.models.package_base import PackageBase
@ -540,7 +539,6 @@ async def package_base_comaintainers_post(


@router.get("/requests")
-@account_type_required({TRUSTED_USER, DEVELOPER, TRUSTED_USER_AND_DEV})
@auth_required(True, redirect="/")
 async def requests(request: Request,
                   O: int = Query(default=defaults.O),
@ -556,6 +554,11 @@ async def requests(request: Request,
        User, PackageRequest.UsersID == User.ID
    ).join(RequestType)

+    # If the request user is not elevated (TU or Dev), then
+    # filter PackageRequests which are owned by the request user.
+    if not request.user.is_elevated():
+        query = query.filter(PackageRequest.UsersID == request.user.ID)
+
    context["total"] = query.count()
    context["results"] = query.order_by(
        # Order primarily by the Status column being PENDING_ID,
--- a/test/test_packages_routes.py
+++ b/test/test_packages_routes.py
@ -1338,14 +1338,9 @@ def test_pkgbase_comaintainers(client: TestClient, user: User,
    assert users is not None and users.text is None


-def test_requests_unauthorized(client: TestClient,
-                               maintainer: User,
-                               tu_user: User,
-                               packages: List[Package],
-                               requests: List[PackageRequest]):
-    cookies = {"AURSID": maintainer.login(Request(), "testPassword")}
+def test_requests_unauthorized(client: TestClient):
    with client as request:
-        resp = request.get("/requests", cookies=cookies, allow_redirects=False)
+        resp = request.get("/requests", allow_redirects=False)
    assert resp.status_code == int(HTTPStatus.SEE_OTHER)


@ -1386,3 +1381,22 @@ def test_requests(client: TestClient,
    root = parse_root(resp.text)
    rows = root.xpath('//table[@class="results"]/tbody/tr')
    assert len(rows) == 5  # There are five records left on the second page.
+
+
+def test_requests_selfmade(client: TestClient, user: User,
+                           requests: List[PackageRequest]):
+    cookies = {"AURSID": user.login(Request(), "testPassword")}
+    with client as request:
+        resp = request.get("/requests", cookies=cookies)
+    assert resp.status_code == int(HTTPStatus.OK)
+
+    # As the user who creates all of the requests, we should see all of them.
+    # However, we are not allowed to accept any of them ourselves.
+    root = parse_root(resp.text)
+    rows = root.xpath('//table[@class="results"]/tbody/tr')
+    assert len(rows) == defaults.PP
+
+    # Our first and only link in the last row should be "Close".
+    for row in rows:
+        last_row = row.xpath('./td')[-1].xpath('./a')[0]
+        assert last_row.text.strip() == "Close"