fix: suspend check should check Suspended...

This was causing some false negative errors in the update process, and it clearly not correct -- oops :( Signed-off-by: Kevin Morris <kevr@0cost.org>
2025-02-03 10:43:03 +01:00 · 2022-02-19 16:12:15 -08:00 · 2022-02-19 16:12:15 -08:00 · 80622cc966
commit 80622cc966
parent 4a4fd01563
2 changed files with 6 additions and 5 deletions
--- a/aurweb/users/validate.py
+++ b/aurweb/users/validate.py
@ -15,6 +15,7 @@ from aurweb.captcha import get_captcha_answer, get_captcha_salts, get_captcha_to
 from aurweb.exceptions import ValidationError
 from aurweb.models.account_type import ACCOUNT_TYPE_NAME
 from aurweb.models.ssh_pub_key import get_fingerprint
+from aurweb.util import strtobool

 logger = logging.get_logger(__name__)

@ -26,9 +27,9 @@ def invalid_fields(E: str = str(), U: str = str(), **kwargs) -> None:

 def invalid_suspend_permission(request: Request = None,
                               user: models.User = None,
-                               J: bool = False,
+                               S: str = "False",
                               **kwargs) -> None:
-    if not request.user.is_elevated() and J != bool(user.InactivityTS):
+    if not request.user.is_elevated() and strtobool(S) != bool(user.Suspended):
        raise ValidationError([
            "You do not have permission to suspend accounts."])

--- a/test/test_accounts_routes.py
+++ b/test/test_accounts_routes.py
@ -916,13 +916,13 @@ def test_post_account_edit_error_invalid_password(client: TestClient,
    assert "Invalid password." in content


-def test_post_account_edit_inactivity_unauthorized(client: TestClient,
+def test_post_account_edit_suspend_unauthorized(client: TestClient,
                                                user: User):
    cookies = {"AURSID": user.login(Request(), "testPassword")}
    post_data = {
        "U": "test",
        "E": "test@example.org",
-        "J": True,
+        "S": True,
        "passwd": "testPassword"
    }
    with client as request: