From b12eb1ee7546f913d27648c07a9aac8a57836c4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C4=93teris=20Caune?= Date: Tue, 22 Jan 2019 15:58:07 +0200 Subject: [PATCH] Users switch between projects, not between accounts. --- ..._switch_team.py => test_switch_project.py} | 24 +++++++++---------- hc/accounts/urls.py | 4 ++-- hc/accounts/views.py | 19 +++++++-------- templates/base.html | 2 +- 4 files changed, 23 insertions(+), 26 deletions(-) rename hc/accounts/tests/{test_switch_team.py => test_switch_project.py} (63%) diff --git a/hc/accounts/tests/test_switch_team.py b/hc/accounts/tests/test_switch_project.py similarity index 63% rename from hc/accounts/tests/test_switch_team.py rename to hc/accounts/tests/test_switch_project.py index 1d459466..931ffa99 100644 --- a/hc/accounts/tests/test_switch_team.py +++ b/hc/accounts/tests/test_switch_project.py @@ -3,6 +3,10 @@ from hc.api.models import Check class SwitchTeamTestCase(BaseTestCase): + def setUp(self): + super(SwitchTeamTestCase, self).setUp() + + self.url = "/accounts/switch_project/%s/" % self.project.code def test_it_switches(self): self.bobs_profile.current_project = None @@ -13,8 +17,7 @@ class SwitchTeamTestCase(BaseTestCase): self.client.login(username="bob@example.org", password="password") - url = "/accounts/switch_team/%s/" % self.alice.username - r = self.client.get(url, follow=True) + r = self.client.get(self.url, follow=True) self.assertContains(r, "This belongs to Alice") @@ -24,27 +27,24 @@ class SwitchTeamTestCase(BaseTestCase): def test_it_checks_team_membership(self): self.client.login(username="charlie@example.org", password="password") - url = "/accounts/switch_team/%s/" % self.alice.username - r = self.client.get(url) + r = self.client.get(self.url) self.assertEqual(r.status_code, 403) def test_it_switches_to_own_team(self): self.client.login(username="alice@example.org", password="password") - url = "/accounts/switch_team/%s/" % self.alice.username - r = self.client.get(url, follow=True) + r = self.client.get(self.url, follow=True) self.assertEqual(r.status_code, 200) - def test_it_handles_invalid_username(self): + def test_it_handles_invalid_project_code(self): self.client.login(username="bob@example.org", password="password") - url = "/accounts/switch_team/dave/" + url = "/accounts/switch_project/6837d6ec-fc08-4da5-a67f-08a9ed1ccf62/" r = self.client.get(url) - self.assertEqual(r.status_code, 403) + self.assertEqual(r.status_code, 404) def test_it_requires_login(self): - url = "/accounts/switch_team/%s/" % self.alice.username - r = self.client.get(url) + r = self.client.get(self.url) - expected_url = "/accounts/login/?next=/accounts/switch_team/alice/" + expected_url = "/accounts/login/?next=" + self.url self.assertRedirects(r, expected_url) diff --git a/hc/accounts/urls.py b/hc/accounts/urls.py index ad3cef80..2591ba74 100644 --- a/hc/accounts/urls.py +++ b/hc/accounts/urls.py @@ -31,7 +31,7 @@ urlpatterns = [ path('change_email//', views.change_email, name="hc-change-email"), - path('switch_team//', - views.switch_team, name="hc-switch-team"), + path('switch_project//', + views.switch_project, name="hc-switch-project"), ] diff --git a/hc/accounts/views.py b/hc/accounts/views.py index af2a1406..36ecae2d 100644 --- a/hc/accounts/views.py +++ b/hc/accounts/views.py @@ -16,6 +16,7 @@ from django.utils.timezone import now from django.urls import resolve, Resolver404 from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_POST +from django.shortcuts import get_object_or_404 from hc.accounts.forms import (ChangeEmailForm, EmailPasswordForm, InviteTeamMemberForm, RemoveTeamMemberForm, ReportSettingsForm, SetPasswordForm, @@ -440,30 +441,26 @@ def unsubscribe_reports(request, username): @login_required -def switch_team(request, target_username): - try: - target_team = Profile.objects.get(user__username=target_username) - target_project = target_team.get_own_project() - except Profile.DoesNotExist: - return HttpResponseForbidden() +def switch_project(request, code): + project = get_object_or_404(Project, code=code) # The rules: # Superuser can switch to any team. access_ok = request.user.is_superuser - # Users can switch to their own teams. - if not access_ok and target_team == request.profile: + # Users can switch to their own projects. + if not access_ok and project.owner_id == request.user.id: access_ok = True - # Users can switch to teams they are members of. + # Users can switch to projects they are members of. if not access_ok: - q = request.user.memberships.filter(project=target_project) + q = project.member_set.filter(user=request.user) access_ok = q.exists() if not access_ok: return HttpResponseForbidden() - request.profile.current_project = target_project + request.profile.current_project = project request.profile.save() return redirect("hc-checks") diff --git a/templates/base.html b/templates/base.html index 5fc6ca35..a191b719 100644 --- a/templates/base.html +++ b/templates/base.html @@ -127,7 +127,7 @@ {% for project in projects %}
  • {{ project }}
  • - Checks + Checks
    • {% if project.owner == request.user %}