wutta/wuttaweb
2
0
Fork 0
Code Activity

feat: add logic to prevent edit for some user accounts

Browse source 
mostly for sake of online demo, so a "permanent" demo user can be
established
This commit is contained in:
Lance Edgar 2024-11-24 17:19:50 -06:00
parent 6fd6229a9e
commit 24ddb7b905
6 changed files with 46 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/wuttaweb/templates/base.mako
View file

@ -661,7 +661,9 @@
</a>
${h.end_form()}
% endif
${h.link_to("Change Password", url('change_password'), class_='navbar-item')}
% if request.is_root or not request.user.prevent_edit:
${h.link_to("Change Password", url('change_password'), class_='navbar-item')}
% endif
${h.link_to("Logout", url('logout'), class_='navbar-item')}
</div>
</div>

3
src/wuttaweb/views/auth.py
View file

@ -157,6 +157,9 @@ class AuthView(View):
if not self.request.user:
return self.redirect(self.request.route_url('home'))
if self.request.user.prevent_edit:
raise self.forbidden()
form = self.make_form(schema=self.change_password_make_schema(),
show_button_cancel=False,
show_button_reset=True)

4
src/wuttaweb/views/essential.py
View file

@ -29,8 +29,8 @@ Most apps should include this module::
That will in turn include the following modules:
* :mod:`wuttaweb.views.auth`
* :mod:`wuttaweb.views.common`
* :mod:`wuttaweb.views.auth`
* :mod:`wuttaweb.views.settings`
* :mod:`wuttaweb.views.progress`
* :mod:`wuttaweb.views.people`
@ -43,8 +43,8 @@ That will in turn include the following modules:
def defaults(config, **kwargs):
mod = lambda spec: kwargs.get(spec, spec)
config.include(mod('wuttaweb.views.auth'))
config.include(mod('wuttaweb.views.common'))
config.include(mod('wuttaweb.views.auth'))
config.include(mod('wuttaweb.views.settings'))
config.include(mod('wuttaweb.views.progress'))
config.include(mod('wuttaweb.views.people'))

9
src/wuttaweb/views/users.py
View file

@ -95,6 +95,15 @@ class UserView(MasterView):
if not user.active:
return 'has-background-warning'
def is_editable(self, user):
""" """
# only root can edit certain users
if user.prevent_edit and not self.request.is_root:
return False
return True
def configure_form(self, f):
""" """
super().configure_form(f)

11
tests/views/test_auth.py
View file

@ -80,11 +80,18 @@ class TestAuthView(WebTestCase):
redirect = view.change_password()
self.assertIsInstance(redirect, HTTPFound)
# now "login" the user, and set initial password
self.request.user = barney
# set initial password
auth.set_user_password(barney, 'foo')
self.session.commit()
# forbidden if prevent_edit is set for user
self.request.user = barney
barney.prevent_edit = True
self.assertRaises(HTTPForbidden, view.change_password)
# okay let's test with edit allowed
barney.prevent_edit = False
# view should now return context w/ form
context = view.change_password()
self.assertIn('form', context)

20
tests/views/test_users.py
View file

@ -42,6 +42,26 @@ class TestUserView(WebTestCase):
user.active = False
self.assertEqual(view.grid_row_class(user, data, 1), 'has-background-warning')
def test_is_editable(self):
model = self.app.model
view = self.make_view()
# active user is editable
user = model.User(username='barney', active=True)
self.assertTrue(view.is_editable(user))
# inactive also editable
user = model.User(username='barney', active=False)
self.assertTrue(view.is_editable(user))
# but not if prevent_edit flag is set
user = model.User(username='barney', prevent_edit=True)
self.assertFalse(view.is_editable(user))
# unless request user is root
self.request.is_root = True
self.assertTrue(view.is_editable(user))
def test_configure_form(self):
model = self.app.model
barney = model.User(username='barney')