external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(routers.accounts): use target user's account type for autofill

Browse source 
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2021-12-16 16:10:01 -08:00
parent e17389485b
commit 94e8d34948
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
3 changed files with 72 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
aurweb/routers/accounts.py
View file

@ -170,7 +170,7 @@ def make_account_form_context(context: dict,
context = copy.copy(context) context = copy.copy(context)
context["account_types"] = [ context["account_types"] = [
(at.USER_ID, "Normal User"), (at.USER_ID, f"Normal {at.USER}"),
(at.TRUSTED_USER_ID, at.TRUSTED_USER) (at.TRUSTED_USER_ID, at.TRUSTED_USER)
] ]

2
templates/partials/account_form.html
View file

@ -51,7 +51,7 @@
<select name="T" id="id_type"> <select name="T" id="id_type">
{% for value, type in account_types %} {% for value, type in account_types %}
<option value="{{ value }}" <option value="{{ value }}"
{% if request.user.AccountType.ID == value %} {% if user.AccountType.ID == value %}
selected="selected" selected="selected"
{% endif %} {% endif %}
> >

77
test/test_accounts_routes.py
View file

@ -11,6 +11,8 @@ import pytest
from fastapi.testclient import TestClient from fastapi.testclient import TestClient
import aurweb.models.account_type as at
from aurweb import captcha, db, logging from aurweb import captcha, db, logging
from aurweb.asgi import app from aurweb.asgi import app
from aurweb.db import create, query from aurweb.db import create, query
@ -611,17 +613,78 @@ def test_post_register_with_ssh_pubkey(client: TestClient):
assert response.status_code == int(HTTPStatus.OK) assert response.status_code == int(HTTPStatus.OK)
def test_get_account_edit(client: TestClient, user: User): def test_get_account_edit_self_as_tu(client: TestClient, tu_user: User):
request = Request() """ Test edit get route of ourselves as a TU. """
sid = user.login(request, "testPassword") cookies = {"AURSID": tu_user.login(Request(), "testPassword")}
endpoint = f"/account/{tu_user.Username}/edit"
with client as request: with client as request:
response = request.get("/account/test/edit", cookies={ response = request.get(endpoint, cookies=cookies)
"AURSID": sid
}, allow_redirects=False)
assert response.status_code == int(HTTPStatus.OK) assert response.status_code == int(HTTPStatus.OK)
# Account type can't be modified when editing ourselves.
root = parse_root(response.text)
atype = root.xpath('//select[@id="id_type"]/option[@selected="selected"]')
assert not atype
# But other fields should be available and match up.
username = root.xpath('//input[@id="id_username"]')[0]
assert username.attrib["value"] == tu_user.Username
email = root.xpath('//input[@id="id_email"]')[0]
assert email.attrib["value"] == tu_user.Email
def test_get_account_edit_tu_as_tu(client: TestClient, tu_user: User):
""" Test edit get route of another TU as a TU. """
with db.begin():
user2 = create_user("test2")
user2.AccountTypeID = at.TRUSTED_USER_ID
cookies = {"AURSID": tu_user.login(Request(), "testPassword")}
endpoint = f"/account/{user2.Username}/edit"
with client as request:
response = request.get(endpoint, cookies=cookies)
assert response.status_code == int(HTTPStatus.OK)
# Verify that we have an account type selection and that the
# "{at.TRUSTED_USER}" option is selected.
root = parse_root(response.text)
atype = root.xpath('//select[@id="id_type"]/option[@selected="selected"]')
expected = at.TRUSTED_USER
assert atype[0].text.strip() == expected
username = root.xpath('//input[@id="id_username"]')[0]
assert username.attrib["value"] == user2.Username
email = root.xpath('//input[@id="id_email"]')[0]
assert email.attrib["value"] == user2.Email
def test_get_account_edit_as_tu(client: TestClient, tu_user: User):
""" Test edit get route of another user as a TU. """
with db.begin():
user2 = create_user("test2")
cookies = {"AURSID": tu_user.login(Request(), "testPassword")}
endpoint = f"/account/{user2.Username}/edit"
with client as request:
response = request.get(endpoint, cookies=cookies)
assert response.status_code == int(HTTPStatus.OK)
# Verify that we have an account type selection and that the
# "Normal {at.USER}" option is selected.
root = parse_root(response.text)
atype = root.xpath('//select[@id="id_type"]/option[@selected="selected"]')
expected = f"Normal {at.USER}"
assert atype[0].text.strip() == expected
# Other fields should be available and match up.
username = root.xpath('//input[@id="id_username"]')[0]
assert username.attrib["value"] == user2.Username
email = root.xpath('//input[@id="id_email"]')[0]
assert email.attrib["value"] == user2.Email
def test_get_account_edit_unauthorized(client: TestClient, user: User): def test_get_account_edit_unauthorized(client: TestClient, user: User):
request = Request() request = Request()