##// END OF EJS Templates
users: add extra checks on editing the default user...
Thomas De Schampheleire -
r5168:4e076ea7 default
parent child Browse files
Show More
@@ -350,7 +350,7 b' class UsersController(BaseController):'
350 def update_perms(self, id):
350 def update_perms(self, id):
351 """PUT /users_perm/id: Update an existing item"""
351 """PUT /users_perm/id: Update an existing item"""
352 # url('user_perm', id=ID, method='put')
352 # url('user_perm', id=ID, method='put')
353 user = User.get_or_404(id)
353 user = self._get_user_or_raise_if_default(id)
354
354
355 try:
355 try:
356 form = CustomDefaultPermissionsForm()()
356 form = CustomDefaultPermissionsForm()()
@@ -403,7 +403,7 b' class UsersController(BaseController):'
403 def add_email(self, id):
403 def add_email(self, id):
404 """POST /user_emails:Add an existing item"""
404 """POST /user_emails:Add an existing item"""
405 # url('user_emails', id=ID, method='put')
405 # url('user_emails', id=ID, method='put')
406
406 user = self._get_user_or_raise_if_default(id)
407 email = request.POST.get('new_email')
407 email = request.POST.get('new_email')
408 user_model = UserModel()
408 user_model = UserModel()
409
409
@@ -423,6 +423,7 b' class UsersController(BaseController):'
423 def delete_email(self, id):
423 def delete_email(self, id):
424 """DELETE /user_emails_delete/id: Delete an existing item"""
424 """DELETE /user_emails_delete/id: Delete an existing item"""
425 # url('user_emails_delete', id=ID, method='delete')
425 # url('user_emails_delete', id=ID, method='delete')
426 user = self._get_user_or_raise_if_default(id)
426 email_id = request.POST.get('del_email_id')
427 email_id = request.POST.get('del_email_id')
427 user_model = UserModel()
428 user_model = UserModel()
428 user_model.delete_extra_email(id, email_id)
429 user_model.delete_extra_email(id, email_id)
@@ -563,12 +563,30 b' class TestAdminUsersControllerForDefault'
563 user = User.get_default_user()
563 user = User.get_default_user()
564 response = self.app.get(url('edit_user_perms', id=user.user_id), status=404)
564 response = self.app.get(url('edit_user_perms', id=user.user_id), status=404)
565
565
566 def test_update_perms_default_user(self):
567 self.log_user()
568 user = User.get_default_user()
569 response = self.app.post(url('edit_user_perms', id=user.user_id),
570 {'_method': 'put', '_authentication_token': self.authentication_token()}, status=404)
571
566 # E-mails
572 # E-mails
567 def test_edit_emails_default_user(self):
573 def test_edit_emails_default_user(self):
568 self.log_user()
574 self.log_user()
569 user = User.get_default_user()
575 user = User.get_default_user()
570 response = self.app.get(url('edit_user_emails', id=user.user_id), status=404)
576 response = self.app.get(url('edit_user_emails', id=user.user_id), status=404)
571
577
578 def test_add_emails_default_user(self):
579 self.log_user()
580 user = User.get_default_user()
581 response = self.app.post(url('edit_user_emails', id=user.user_id),
582 {'_method': 'put', '_authentication_token': self.authentication_token()}, status=404)
583
584 def test_delete_emails_default_user(self):
585 self.log_user()
586 user = User.get_default_user()
587 response = self.app.post(url('edit_user_emails', id=user.user_id),
588 {'_method': 'delete', '_authentication_token': self.authentication_token()}, status=404)
589
572 # IP addresses
590 # IP addresses
573 # Add/delete of IP addresses for the default user is used to maintain
591 # Add/delete of IP addresses for the default user is used to maintain
574 # the global IP whitelist and thus allowed. Only 'edit' is forbidden.
592 # the global IP whitelist and thus allowed. Only 'edit' is forbidden.
General Comments 0
You need to be logged in to leave comments. Login now