klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2025-11-27 15:15:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1264 from ae-utbm/refactor/user

Browse Source 
Refactor some user views
This commit is contained in:
thomas girod
2025-11-26 18:33:35 +01:00
committed by GitHub
parent 77bdc8dcb5 8c127a96f7
commit d3edcaff14
8 changed files with 138 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/static/user/user_godfathers.scss
View File

@@ -195,8 +195,9 @@
} }
} }
} }
}
&.delete { form .link-like {
margin-top: 10px; margin-top: 10px;
display: block; display: block;
text-align: center; text-align: center;
@@ -209,7 +210,6 @@
} }
} }
} }
}
>a.mini_profile_link { >a.mini_profile_link {
display: none; display: none;

6
core/templates/core/macros.jinja
View File

@@ -78,12 +78,6 @@
{% endif %} {% endif %}
{% endmacro %} {% endmacro %}
{% macro delete_godfather(user, profile, godfather, is_father) %}
{% if user == profile or user.is_root or user.is_board_member %}
<a class="delete" href="{{ url("core:user_godfathers_delete", user_id=profile.id, godfather_id=godfather.id, is_father=is_father) }}">{% trans %}Delete{% endtrans %}</a>
{% endif %}
{% endmacro %}
{% macro paginate_alpine(page, nb_pages) %} {% macro paginate_alpine(page, nb_pages) %}
{# Add pagination buttons for ajax based content with alpine {# Add pagination buttons for ajax based content with alpine

2
core/templates/core/password_change.jinja
View File

@@ -3,7 +3,7 @@
{% block content %} {% block content %}
{% if target %} {% if target %}
<p>{% trans user=target.get_display_name() %}Change password for {{ user }}{% endtrans %}</p> <p>{% trans user=form.user.get_display_name() %}Change password for {{ user }}{% endtrans %}</p>
{% endif %} {% endif %}
<form method="post" action=""> <form method="post" action="">
{% csrf_token %} {% csrf_token %}

22
core/templates/core/user_godfathers.jinja
View File

@@ -29,7 +29,16 @@
<a href="{{ url('core:user_godfathers', user_id=u.id) }}" class="mini_profile_link"> <a href="{{ url('core:user_godfathers', user_id=u.id) }}" class="mini_profile_link">
{{ u.get_mini_item() | safe }} {{ u.get_mini_item() | safe }}
</a> </a>
{{ delete_godfather(user, profile, u, True) }} {% if user == profile or user.is_root or user.is_board_member %}
<form
method="post"
class="no-margin"
action="{{ url("core:user_godfathers_delete", user_id=profile.id, godfather_id=u.id, is_father=True) }}"
>
{% csrf_token %}
<input type="submit" class="link-like" value="{% trans %}Delete{% endtrans %}">
</form>
{% endif %}
</li> </li>
{% endfor %} {% endfor %}
</ul> </ul>
@@ -46,7 +55,16 @@
<a href="{{ url('core:user_godfathers', user_id=u.id) }}" class="mini_profile_link"> <a href="{{ url('core:user_godfathers', user_id=u.id) }}" class="mini_profile_link">
{{ u.get_mini_item()|safe }} {{ u.get_mini_item()|safe }}
</a> </a>
{{ delete_godfather(user, profile, u, False) }} {% if user == profile or user.is_root or user.is_board_member %}
<form
method="post"
class="no-margin"
action="{{ url("core:user_godfathers_delete", user_id=profile.id, godfather_id=u.id, is_father=False) }}"
>
{% csrf_token %}
<input type="submit" class="link-like link-red" value="{% trans %}Delete{% endtrans %}">
</form>
{% endif %}
</li> </li>
{% endfor %} {% endfor %}
</ul> </ul>

78
core/tests/test_user.py
View File

@@ -427,6 +427,19 @@ class TestUserQuerySetViewableBy:
assert not viewable.exists() assert not viewable.exists()
@pytest.mark.django_db
def test_user_preferences(client: Client):
user = subscriber_user.make()
client.force_login(user)
url = reverse("core:user_prefs", kwargs={"user_id": user.id})
response = client.get(url)
assert response.status_code == 200
response = client.post(url, {"notify_on_click": "true"})
assertRedirects(response, url)
user.preferences.refresh_from_db()
assert user.preferences.notify_on_click is True
@pytest.mark.django_db @pytest.mark.django_db
def test_user_stats(client: Client): def test_user_stats(client: Client):
user = subscriber_user.make() user = subscriber_user.make()
@@ -450,3 +463,68 @@ def test_user_stats(client: Client):
client.force_login(user) client.force_login(user)
response = client.get(reverse("core:user_stats", kwargs={"user_id": user.id})) response = client.get(reverse("core:user_stats", kwargs={"user_id": user.id}))
assert response.status_code == 200 assert response.status_code == 200
@pytest.mark.django_db
class TestChangeUserPassword:
def test_as_root(self, client: Client, admin_user: User):
client.force_login(admin_user)
user = subscriber_user.make()
url = reverse("core:password_root_change", kwargs={"user_id": user.id})
response = client.get(url)
assert response.status_code == 200
response = client.post(
url, {"new_password1": "poutou", "new_password2": "poutou"}
)
assertRedirects(response, reverse("core:password_change_done"))
user.refresh_from_db()
assert user.check_password("poutou") is True
@pytest.mark.django_db
class TestUserGodfather:
@pytest.mark.parametrize("godfather", [True, False])
def test_add_family(self, client: Client, godfather):
user = subscriber_user.make()
other_user = subscriber_user.make()
client.force_login(user)
url = reverse("core:user_godfathers", kwargs={"user_id": user.id})
response = client.get(url)
assert response.status_code == 200
response = client.post(
url,
{"type": "godfather" if godfather else "godchild", "user": other_user.id},
)
assertRedirects(response, url)
if godfather:
assert user.godfathers.contains(other_user)
else:
assert user.godchildren.contains(other_user)
def test_tree(self, client: Client):
user = subscriber_user.make()
client.force_login(user)
response = client.get(
reverse("core:user_godfathers_tree", kwargs={"user_id": user.id})
)
assert response.status_code == 200
def test_remove_family(self, client: Client):
user = subscriber_user.make()
other_user = subscriber_user.make()
user.godfathers.add(other_user)
client.force_login(user)
response = client.post(
reverse(
"core:user_godfathers_delete",
kwargs={
"user_id": user.id,
"godfather_id": other_user.id,
"is_father": True,
},
)
)
assertRedirects(
response, reverse("core:user_godfathers", kwargs={"user_id": user.id})
)
assert not user.godfathers.contains(other_user)

4
core/urls.py
View File

@@ -54,6 +54,7 @@ from core.views import (
PagePropView, PagePropView,
PageRevView, PageRevView,
PageView, PageView,
PasswordRootChangeView,
SearchView, SearchView,
SithLoginView, SithLoginView,
SithPasswordChangeDoneView, SithPasswordChangeDoneView,
@@ -80,7 +81,6 @@ from core.views import (
delete_user_godfather, delete_user_godfather,
logout, logout,
notification, notification,
password_root_change,
send_file, send_file,
) )
@@ -100,7 +100,7 @@ urlpatterns = [
path("password_change/", SithPasswordChangeView.as_view(), name="password_change"), path("password_change/", SithPasswordChangeView.as_view(), name="password_change"),
path( path(
"password_change/<int:user_id>/", "password_change/<int:user_id>/",
password_root_change, PasswordRootChangeView.as_view(),
name="password_root_change", name="password_root_change",
), ),
path( path(

3
core/views/forms.py
View File

@@ -303,7 +303,6 @@ class UserGodfathersForm(forms.Form):
) )
user = forms.ModelChoiceField( user = forms.ModelChoiceField(
label=_("Select user"), label=_("Select user"),
help_text=None,
required=True, required=True,
widget=AutoCompleteSelectUser, widget=AutoCompleteSelectUser,
queryset=User.objects.all(), queryset=User.objects.all(),
@@ -315,8 +314,6 @@ class UserGodfathersForm(forms.Form):
def clean_user(self): def clean_user(self):
other_user = self.cleaned_data.get("user") other_user = self.cleaned_data.get("user")
if not other_user:
raise ValidationError(_("This user does not exist"))
if other_user == self.target_user: if other_user == self.target_user:
raise ValidationError(_("You cannot be related to yourself")) raise ValidationError(_("You cannot be related to yourself"))
return other_user return other_user

51
core/views/user.py
View File

@@ -29,8 +29,9 @@ from operator import itemgetter
from smtplib import SMTPException from smtplib import SMTPException
from django.contrib.auth import login, views from django.contrib.auth import login, views
from django.contrib.auth.forms import PasswordChangeForm from django.contrib.auth.decorators import login_required
from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.forms import PasswordChangeForm, SetPasswordForm
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.core.exceptions import PermissionDenied from django.core.exceptions import PermissionDenied
from django.db.models import DateField, F, QuerySet, Sum from django.db.models import DateField, F, QuerySet, Sum
from django.db.models.functions import Trunc from django.db.models.functions import Trunc
@@ -38,11 +39,11 @@ from django.forms.models import modelform_factory
from django.http import Http404 from django.http import Http404
from django.shortcuts import get_object_or_404, redirect from django.shortcuts import get_object_or_404, redirect
from django.template.loader import render_to_string from django.template.loader import render_to_string
from django.template.response import TemplateResponse
from django.urls import reverse, reverse_lazy from django.urls import reverse, reverse_lazy
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
from django.utils.safestring import SafeString from django.utils.safestring import SafeString
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from django.views.decorators.http import require_POST
from django.views.generic import ( from django.views.generic import (
CreateView, CreateView,
DeleteView, DeleteView,
@@ -98,21 +99,23 @@ def logout(request):
return views.logout_then_login(request) return views.logout_then_login(request)
def password_root_change(request, user_id): class PasswordRootChangeView(UserPassesTestMixin, FormView):
"""Allows a root user to change someone's password.""" """Allows a root user to change someone's password."""
if not request.user.is_root:
raise PermissionDenied template_name = "core/password_change.jinja"
user = get_object_or_404(User, id=user_id) form_class = SetPasswordForm
if request.method == "POST": success_url = reverse_lazy("core:password_change_done")
form = views.SetPasswordForm(user=user, data=request.POST)
if form.is_valid(): def test_func(self):
return self.request.user.is_root
def get_form_kwargs(self):
user = get_object_or_404(User, id=self.kwargs["user_id"])
return super().get_form_kwargs() | {"user": user}
def form_valid(self, form: SetPasswordForm):
form.save() form.save()
return redirect("core:password_change_done") return super().form_valid(form)
else:
form = views.SetPasswordForm(user=user)
return TemplateResponse(
request, "core/password_change.jinja", {"form": form, "target": user}
)
@method_decorator(check_honeypot, name="post") @method_decorator(check_honeypot, name="post")
@@ -287,10 +290,12 @@ class UserView(UserTabsMixin, CanViewMixin, DetailView):
return kwargs return kwargs
@require_POST
@login_required
def delete_user_godfather(request, user_id, godfather_id, is_father): def delete_user_godfather(request, user_id, godfather_id, is_father):
user_is_admin = request.user.is_root or request.user.is_board_member user_is_admin = request.user.is_root or request.user.is_board_member
if user_id != request.user.id and not user_is_admin: if user_id != request.user.id and not user_is_admin:
raise PermissionDenied() raise PermissionDenied
user = get_object_or_404(User, id=user_id) user = get_object_or_404(User, id=user_id)
to_remove = get_object_or_404(User, id=godfather_id) to_remove = get_object_or_404(User, id=godfather_id)
if is_father: if is_father:
@@ -417,7 +422,6 @@ class UserUpdateProfileView(UserTabsMixin, CanEditMixin, UpdateView):
form_class = UserProfileForm form_class = UserProfileForm
current_tab = "edit" current_tab = "edit"
edit_once = ["profile_pict", "date_of_birth", "first_name", "last_name"] edit_once = ["profile_pict", "date_of_birth", "first_name", "last_name"]
board_only = []
def remove_restricted_fields(self, request): def remove_restricted_fields(self, request):
"""Removes edit_once and board_only fields.""" """Removes edit_once and board_only fields."""
@@ -426,9 +430,6 @@ class UserUpdateProfileView(UserTabsMixin, CanEditMixin, UpdateView):
request.user.is_board_member or request.user.is_root request.user.is_board_member or request.user.is_root
): ):
self.form.fields.pop(i, None) self.form.fields.pop(i, None)
for i in self.board_only:
if not (request.user.is_board_member or request.user.is_root):
self.form.fields.pop(i, None)
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
self.object = self.get_object() self.object = self.get_object()
@@ -480,10 +481,10 @@ class UserPreferencesView(UserTabsMixin, UseFragmentsMixin, CanEditMixin, Update
current_tab = "prefs" current_tab = "prefs"
def get_form_kwargs(self): def get_form_kwargs(self):
kwargs = super().get_form_kwargs() return super().get_form_kwargs() | {"instance": self.object.preferences}
pref = self.object.preferences
kwargs.update({"instance": pref}) def get_success_url(self):
return kwargs return self.request.path
def get_fragment_context_data(self) -> dict[str, SafeString]: def get_fragment_context_data(self) -> dict[str, SafeString]:
# Avoid cyclic import error # Avoid cyclic import error