From b18746e769eef8bfe144fb7d856cf11bb1528d07 Mon Sep 17 00:00:00 2001
From: Bartuccio Antoine <klmp200@klmp200.net>
Date: Sat, 13 Jul 2019 04:58:23 +0200
Subject: [PATCH 1/5] core: fix error 500 when accessing user tools with
 anonymous user

---
 core/views/user.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/core/views/user.py b/core/views/user.py
index 019cda0a..5cbc2d88 100644
--- a/core/views/user.py
+++ b/core/views/user.py
@@ -770,6 +770,11 @@ class UserToolsView(QuickNotifMixin, UserTabsMixin, TemplateView):
     template_name = "core/user_tools.jinja"
     current_tab = "tools"
 
+    def dispatch(self, request, *args, **kwargs):
+        if request.user.is_anonymous:
+            raise PermissionDenied
+        return super(UserToolsView, self).dispatch(request, *args, **kwargs)
+
     def get_context_data(self, **kwargs):
         self.object = self.request.user
         from launderette.models import Launderette

From 9b7b96a31086f290e60c8d75e7eeb66e6c018062 Mon Sep 17 00:00:00 2001
From: Bartuccio Antoine <klmp200@klmp200.net>
Date: Mon, 15 Jul 2019 12:26:04 +0200
Subject: [PATCH 2/5] core: add UserIsLoggedMixin to check if an user is not
 anonymous

---
 core/views/__init__.py | 11 +++++++++++
 core/views/user.py     |  8 ++------
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/core/views/__init__.py b/core/views/__init__.py
index 202b08fa..41bd5eee 100644
--- a/core/views/__init__.py
+++ b/core/views/__init__.py
@@ -214,6 +214,17 @@ class FormerSubscriberMixin(View):
         return super(FormerSubscriberMixin, self).dispatch(request, *args, **kwargs)
 
 
+class UserIsLoggedMixin(View):
+    """
+    This view check if the user is logged
+    """
+
+    def dispatch(self, request, *args, **kwargs):
+        if request.user.is_anonymous:
+            raise PermissionDenied
+        return super(UserIsLoggedMixin, self).dispatch(request, *args, **kwargs)
+
+
 class TabedViewMixin(View):
     """
     This view provide the basic functions for displaying tabs in the template
diff --git a/core/views/user.py b/core/views/user.py
index 5cbc2d88..63135872 100644
--- a/core/views/user.py
+++ b/core/views/user.py
@@ -52,6 +52,7 @@ from core.views import (
     CanViewMixin,
     CanEditMixin,
     CanEditPropMixin,
+    UserIsLoggedMixin,
     TabedViewMixin,
     QuickNotifMixin,
 )
@@ -762,7 +763,7 @@ class UserUpdateGroupView(UserTabsMixin, CanEditPropMixin, UpdateView):
     current_tab = "groups"
 
 
-class UserToolsView(QuickNotifMixin, UserTabsMixin, TemplateView):
+class UserToolsView(QuickNotifMixin, UserTabsMixin, UserIsLoggedMixin, TemplateView):
     """
     Displays the logged user's tools
     """
@@ -770,11 +771,6 @@ class UserToolsView(QuickNotifMixin, UserTabsMixin, TemplateView):
     template_name = "core/user_tools.jinja"
     current_tab = "tools"
 
-    def dispatch(self, request, *args, **kwargs):
-        if request.user.is_anonymous:
-            raise PermissionDenied
-        return super(UserToolsView, self).dispatch(request, *args, **kwargs)
-
     def get_context_data(self, **kwargs):
         self.object = self.request.user
         from launderette.models import Launderette

From 640a72c52d994a93119909bf0689fe64db07d150 Mon Sep 17 00:00:00 2001
From: Bartuccio Antoine <klmp200@klmp200.net>
Date: Mon, 15 Jul 2019 12:36:05 +0200
Subject: [PATCH 3/5] core: add tests for UserToolsView

---
 core/tests.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/core/tests.py b/core/tests.py
index 92e41a98..ff482067 100644
--- a/core/tests.py
+++ b/core/tests.py
@@ -396,6 +396,21 @@ http://git.an
         )
 
 
+class UserToolsTest(TestCase):
+    def setUp(self):
+        call_command("populate")
+
+    def test_anonymous_user_unauthorized(self):
+        response = self.client.get(reverse("core:user_tools"))
+        self.assertEquals(response.status_code, 403)
+
+    def test_page_is_working(self):
+        self.client.login(username="guy", password="plop")
+        response = self.client.get(reverse("core:user_tools"))
+        self.assertNotEquals(response.status_code, 500)
+        self.assertEquals(response.status_code, 200)
+
+
 # TODO: many tests on the pages:
 #   - renaming a page
 #   - changing a page's parent --> check that page's children's full_name

From 65cb85a887edd2aacc65d762c849fa4376f55cfa Mon Sep 17 00:00:00 2001
From: Bartuccio Antoine <klmp200@klmp200.net>
Date: Mon, 15 Jul 2019 14:29:47 +0200
Subject: [PATCH 4/5] ci: fix building of pygraphviz

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 216837bc..5c6a6ed2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,7 +5,7 @@ test:
   stage: test
   script:
   - apt-get update
-  - apt-get install -y gettext python3-xapian
+  - apt-get install -y gettext python3-xapian libgraphviz-dev
   - pushd /usr/lib/python3/dist-packages/xapian && ln -s _xapian* _xapian.so && popd
   - export PYTHONPATH="/usr/lib/python3/dist-packages:$PYTHONPATH"
   - python -c 'import xapian' # Fail immediately if there is a problem with xapian

From 96a3eaff1c61031c0d0909293b411b2c27ea9482 Mon Sep 17 00:00:00 2001
From: Bartuccio Antoine <klmp200@klmp200.net>
Date: Mon, 15 Jul 2019 14:40:03 +0200
Subject: [PATCH 5/5] ci: fix django rest framework version

---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 2efe3c6d..d5b5edd8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,7 +5,7 @@ mistune
 django-jinja
 pyopenssl
 pytz
-djangorestframework
+djangorestframework <3.10
 django-phonenumber-field
 phonenumbers
 django-ajax-selects