Users switch between projects, not between accounts.

hc/accounts/tests/test_switch_project.py

@@ -3,6 +3,10 @@ from hc.api.models import Check
 
 
 class SwitchTeamTestCase(BaseTestCase):
+    def setUp(self):
+        super(SwitchTeamTestCase, self).setUp()
+
+        self.url = "/accounts/switch_project/%s/" % self.project.code
 
     def test_it_switches(self):
         self.bobs_profile.current_project = None
@@ -13,8 +17,7 @@ class SwitchTeamTestCase(BaseTestCase):
 
         self.client.login(username="bob@example.org", password="password")
 
-        url = "/accounts/switch_team/%s/" % self.alice.username
+        r = self.client.get(self.url, follow=True)
-        r = self.client.get(url, follow=True)
 
         self.assertContains(r, "This belongs to Alice")
 
@@ -24,27 +27,24 @@ class SwitchTeamTestCase(BaseTestCase):
     def test_it_checks_team_membership(self):
         self.client.login(username="charlie@example.org", password="password")
 
-        url = "/accounts/switch_team/%s/" % self.alice.username
+        r = self.client.get(self.url)
-        r = self.client.get(url)
         self.assertEqual(r.status_code, 403)
 
     def test_it_switches_to_own_team(self):
         self.client.login(username="alice@example.org", password="password")
 
-        url = "/accounts/switch_team/%s/" % self.alice.username
+        r = self.client.get(self.url, follow=True)
-        r = self.client.get(url, follow=True)
         self.assertEqual(r.status_code, 200)
 
-    def test_it_handles_invalid_username(self):
+    def test_it_handles_invalid_project_code(self):
         self.client.login(username="bob@example.org", password="password")
 
-        url = "/accounts/switch_team/dave/"
+        url = "/accounts/switch_project/6837d6ec-fc08-4da5-a67f-08a9ed1ccf62/"
         r = self.client.get(url)
-        self.assertEqual(r.status_code, 403)
+        self.assertEqual(r.status_code, 404)
 
     def test_it_requires_login(self):
-        url = "/accounts/switch_team/%s/" % self.alice.username
+        r = self.client.get(self.url)
-        r = self.client.get(url)
 
-        expected_url = "/accounts/login/?next=/accounts/switch_team/alice/"
+        expected_url = "/accounts/login/?next=" + self.url
         self.assertRedirects(r, expected_url)

hc/accounts/urls.py

@@ -31,7 +31,7 @@ urlpatterns = [
     path('change_email/<slug:token>/',
          views.change_email, name="hc-change-email"),
 
-    path('switch_team/<slug:target_username>/',
+    path('switch_project/<uuid:code>/',
-         views.switch_team, name="hc-switch-team"),
+         views.switch_project, name="hc-switch-project"),
 
 ]

hc/accounts/views.py

@@ -16,6 +16,7 @@ from django.utils.timezone import now
 from django.urls import resolve, Resolver404
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_POST
+from django.shortcuts import get_object_or_404
 from hc.accounts.forms import (ChangeEmailForm, EmailPasswordForm,
                                InviteTeamMemberForm, RemoveTeamMemberForm,
                                ReportSettingsForm, SetPasswordForm,
@@ -440,30 +441,26 @@ def unsubscribe_reports(request, username):
 
 
 @login_required
-def switch_team(request, target_username):
+def switch_project(request, code):
-    try:
+    project = get_object_or_404(Project, code=code)
-        target_team = Profile.objects.get(user__username=target_username)
-        target_project = target_team.get_own_project()
-    except Profile.DoesNotExist:
-        return HttpResponseForbidden()
 
     # The rules:
     # Superuser can switch to any team.
     access_ok = request.user.is_superuser
 
-    # Users can switch to their own teams.
+    # Users can switch to their own projects.
-    if not access_ok and target_team == request.profile:
+    if not access_ok and project.owner_id == request.user.id:
         access_ok = True
 
-    # Users can switch to teams they are members of.
+    # Users can switch to projects they are members of.
     if not access_ok:
-        q = request.user.memberships.filter(project=target_project)
+        q = project.member_set.filter(user=request.user)
         access_ok = q.exists()
 
     if not access_ok:
         return HttpResponseForbidden()
 
-    request.profile.current_project = target_project
+    request.profile.current_project = project
     request.profile.save()
 
     return redirect("hc-checks")

templates/base.html

@@ -127,7 +127,7 @@
                         {% for project in projects %}
                         <li class="dropdown-header">{{ project }}</li>
                         <li>
-                            <a href="{% url 'hc-switch-team' project.owner.username %}">Checks</a>
+                            <a href="{% url 'hc-switch-project' project.code %}">Checks</a>
                         </li>
                         {% if project.owner == request.user %}
                         <li>