feat: add logic to prevent edit for some user accounts

mostly for sake of online demo, so a "permanent" demo user can be established
2024-11-24 17:19:50 -06:00 · 2024-11-24 17:19:50 -06:00 · 24ddb7b905
commit 24ddb7b905
parent 6fd6229a9e
6 changed files with 46 additions and 5 deletions
--- a/tests/views/test_auth.py
+++ b/tests/views/test_auth.py
@ -80,11 +80,18 @@ class TestAuthView(WebTestCase):
        redirect = view.change_password()
        self.assertIsInstance(redirect, HTTPFound)

-        # now "login" the user, and set initial password
-        self.request.user = barney
+        # set initial password
        auth.set_user_password(barney, 'foo')
        self.session.commit()

+        # forbidden if prevent_edit is set for user
+        self.request.user = barney
+        barney.prevent_edit = True
+        self.assertRaises(HTTPForbidden, view.change_password)
+
+        # okay let's test with edit allowed
+        barney.prevent_edit = False
+
        # view should now return context w/ form
        context = view.change_password()
        self.assertIn('form', context)