From 80622cc96611d36ee8b63eb3c95d952e290668b6 Mon Sep 17 00:00:00 2001
From: Kevin Morris <kevr@0cost.org>
Date: Sat, 19 Feb 2022 16:12:15 -0800
Subject: [PATCH] fix: suspend check should check Suspended...

This was causing some false negative errors in the update process,
and it clearly not correct -- oops :(

Signed-off-by: Kevin Morris <kevr@0cost.org>
---
 aurweb/users/validate.py     | 5 +++--
 test/test_accounts_routes.py | 6 +++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/aurweb/users/validate.py b/aurweb/users/validate.py
index 26f6eec6..de51e3ff 100644
--- a/aurweb/users/validate.py
+++ b/aurweb/users/validate.py
@@ -15,6 +15,7 @@ from aurweb.captcha import get_captcha_answer, get_captcha_salts, get_captcha_to
 from aurweb.exceptions import ValidationError
 from aurweb.models.account_type import ACCOUNT_TYPE_NAME
 from aurweb.models.ssh_pub_key import get_fingerprint
+from aurweb.util import strtobool
 
 logger = logging.get_logger(__name__)
 
@@ -26,9 +27,9 @@ def invalid_fields(E: str = str(), U: str = str(), **kwargs) -> None:
 
 def invalid_suspend_permission(request: Request = None,
                                user: models.User = None,
-                               J: bool = False,
+                               S: str = "False",
                                **kwargs) -> None:
-    if not request.user.is_elevated() and J != bool(user.InactivityTS):
+    if not request.user.is_elevated() and strtobool(S) != bool(user.Suspended):
         raise ValidationError([
             "You do not have permission to suspend accounts."])
 
diff --git a/test/test_accounts_routes.py b/test/test_accounts_routes.py
index e532e341..37b3d130 100644
--- a/test/test_accounts_routes.py
+++ b/test/test_accounts_routes.py
@@ -916,13 +916,13 @@ def test_post_account_edit_error_invalid_password(client: TestClient,
     assert "Invalid password." in content
 
 
-def test_post_account_edit_inactivity_unauthorized(client: TestClient,
-                                                   user: User):
+def test_post_account_edit_suspend_unauthorized(client: TestClient,
+                                                user: User):
     cookies = {"AURSID": user.login(Request(), "testPassword")}
     post_data = {
         "U": "test",
         "E": "test@example.org",
-        "J": True,
+        "S": True,
         "passwd": "testPassword"
     }
     with client as request: