return 404 when accessing not existing account

2024-10-18 12:58:06 +00:00 · 2024-10-08 15:30:35 +02:00 · 2024-10-08 15:30:35 +02:00 · b0884c6b04
commit b0884c6b04
parent 58d3a7ee2c
2 changed files with 23 additions and 6 deletions
--- a/core/tests/test_user.py
+++ b/core/tests/test_user.py
@ -1,7 +1,8 @@
 from datetime import timedelta
 import pytest
 from django.core.management import call_command
-from django.test import TestCase
+from django.test import Client, TestCase
 from django.urls import reverse
 from django.utils.timezone import now
 from model_bakery import baker, seq
@ -95,3 +96,18 @@ class TestSearchUsersView(TestSearchUsers):
        self.client.force_login(subscriber_user.make())
        response = self.client.get(reverse("core:search"))
        assert response.status_code == 200
@pytest.mark.django_db
 def test_user_account_not_found(client: Client):
    client.force_login(baker.make(User, is_superuser=True))
    user = baker.make(User)
    res = client.get(reverse("core:user_account", kwargs={"user_id": user.id}))
    assert res.status_code == 404
    res = client.get(
        reverse(
            "core:user_account_detail",
            kwargs={"user_id": user.id, "year": 2024, "month": 10},
        )
    )
    assert res.status_code == 404
--- a/core/views/user.py
+++ b/core/views/user.py
@ -632,6 +632,12 @@ class UserAccountBase(UserTabsMixin, DetailView):
            return super().dispatch(request, *arg, **kwargs)
        raise PermissionDenied
    def get_object(self, queryset=None):
        obj = super().get_object(queryset)
        if not hasattr(obj, "customer"):
            raise Http404(_("User has no account"))
        return obj
 class UserAccountView(UserAccountBase):
    """Display a user's account."""
@ -671,11 +677,6 @@ class UserAccountDetailView(UserAccountBase, YearMixin, MonthMixin):
    template_name = "core/user_account_detail.jinja"
    def get(self, request, *args, **kwargs):
        if not hasattr(self.get_object(), "customer"):
            raise Http404(_("This user has no account"))
        return super().get(request, *args, **kwargs)
    def get_context_data(self, **kwargs):
        kwargs = super().get_context_data(**kwargs)
        kwargs["profile"] = self.object