Users switch between projects, not between accounts.

2019-01-22 15:58:07 +02:00 · 2019-01-22 15:58:07 +02:00 · b12eb1ee75
commit b12eb1ee75
parent b013a92c43
4 changed files with 23 additions and 26 deletions
--- a/hc/accounts/tests/test_switch_project.py
+++ b/hc/accounts/tests/test_switch_project.py
@ -3,6 +3,10 @@ from hc.api.models import Check


 class SwitchTeamTestCase(BaseTestCase):
+    def setUp(self):
+        super(SwitchTeamTestCase, self).setUp()
+
+        self.url = "/accounts/switch_project/%s/" % self.project.code

    def test_it_switches(self):
        self.bobs_profile.current_project = None
@ -13,8 +17,7 @@ class SwitchTeamTestCase(BaseTestCase):

        self.client.login(username="bob@example.org", password="password")

-        url = "/accounts/switch_team/%s/" % self.alice.username
-        r = self.client.get(url, follow=True)
+        r = self.client.get(self.url, follow=True)

        self.assertContains(r, "This belongs to Alice")

@ -24,27 +27,24 @@ class SwitchTeamTestCase(BaseTestCase):
    def test_it_checks_team_membership(self):
        self.client.login(username="charlie@example.org", password="password")

-        url = "/accounts/switch_team/%s/" % self.alice.username
-        r = self.client.get(url)
+        r = self.client.get(self.url)
        self.assertEqual(r.status_code, 403)

    def test_it_switches_to_own_team(self):
        self.client.login(username="alice@example.org", password="password")

-        url = "/accounts/switch_team/%s/" % self.alice.username
-        r = self.client.get(url, follow=True)
+        r = self.client.get(self.url, follow=True)
        self.assertEqual(r.status_code, 200)

-    def test_it_handles_invalid_username(self):
+    def test_it_handles_invalid_project_code(self):
        self.client.login(username="bob@example.org", password="password")

-        url = "/accounts/switch_team/dave/"
+        url = "/accounts/switch_project/6837d6ec-fc08-4da5-a67f-08a9ed1ccf62/"
        r = self.client.get(url)
-        self.assertEqual(r.status_code, 403)
+        self.assertEqual(r.status_code, 404)

    def test_it_requires_login(self):
-        url = "/accounts/switch_team/%s/" % self.alice.username
-        r = self.client.get(url)
+        r = self.client.get(self.url)

-        expected_url = "/accounts/login/?next=/accounts/switch_team/alice/"
+        expected_url = "/accounts/login/?next=" + self.url
        self.assertRedirects(r, expected_url)
--- a/hc/accounts/urls.py
+++ b/hc/accounts/urls.py
@ -31,7 +31,7 @@ urlpatterns = [
    path('change_email/<slug:token>/',
         views.change_email, name="hc-change-email"),

-    path('switch_team/<slug:target_username>/',
-         views.switch_team, name="hc-switch-team"),
+    path('switch_project/<uuid:code>/',
+         views.switch_project, name="hc-switch-project"),

 ]
--- a/hc/accounts/views.py
+++ b/hc/accounts/views.py
@ -16,6 +16,7 @@ from django.utils.timezone import now
 from django.urls import resolve, Resolver404
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_POST
+from django.shortcuts import get_object_or_404
 from hc.accounts.forms import (ChangeEmailForm, EmailPasswordForm,
                               InviteTeamMemberForm, RemoveTeamMemberForm,
                               ReportSettingsForm, SetPasswordForm,
@ -440,30 +441,26 @@ def unsubscribe_reports(request, username):


@login_required
-def switch_team(request, target_username):
-    try:
-        target_team = Profile.objects.get(user__username=target_username)
-        target_project = target_team.get_own_project()
-    except Profile.DoesNotExist:
-        return HttpResponseForbidden()
+def switch_project(request, code):
+    project = get_object_or_404(Project, code=code)

    # The rules:
    # Superuser can switch to any team.
    access_ok = request.user.is_superuser

-    # Users can switch to their own teams.
-    if not access_ok and target_team == request.profile:
+    # Users can switch to their own projects.
+    if not access_ok and project.owner_id == request.user.id:
        access_ok = True

-    # Users can switch to teams they are members of.
+    # Users can switch to projects they are members of.
    if not access_ok:
-        q = request.user.memberships.filter(project=target_project)
+        q = project.member_set.filter(user=request.user)
        access_ok = q.exists()

    if not access_ok:
        return HttpResponseForbidden()

-    request.profile.current_project = target_project
+    request.profile.current_project = project
    request.profile.save()

    return redirect("hc-checks")
--- a/templates/base.html
+++ b/templates/base.html
@ -127,7 +127,7 @@
                        {% for project in projects %}
                        <li class="dropdown-header">{{ project }}</li>
                        <li>
-                            <a href="{% url 'hc-switch-team' project.owner.username %}">Checks</a>
+                            <a href="{% url 'hc-switch-project' project.code %}">Checks</a>
                        </li>
                        {% if project.owner == request.user %}
                        <li>