From 3a9cd0a024d2cf5d9de814cff6514599252e54e7 Mon Sep 17 00:00:00 2001
From: Dan Helfman <witten@torsion.org>
Date: Tue, 3 Jun 2008 16:11:27 -0700
Subject: [PATCH] New controller.Groups.update_settings() and associated unit
 tests.

---
 controller/Groups.py           | 39 +++++++++++++++
 controller/test/Test_groups.py | 87 ++++++++++++++++++++++++++++++++++
 2 files changed, 126 insertions(+)

diff --git a/controller/Groups.py b/controller/Groups.py
index a5a87b2..1f8eee3 100644
--- a/controller/Groups.py
+++ b/controller/Groups.py
@@ -55,3 +55,42 @@ class Groups( object ):
       admin_users = admin_users,
       other_users = other_users,
     )
+
+  @expose( view = Json )
+  @end_transaction
+  @grab_user_id
+  @validate(
+    group_id = Valid_id(),
+    group_name = Valid_string( min = 0, max = 100 ),
+    group_settings_button = unicode,
+    user_id = Valid_id( none_okay = True ),
+  )
+  def update_settings( self, group_id, group_name, group_settings_button, user_id = None ):
+    """
+    Update the settings for the given group.
+
+    @type group_id: unicode
+    @param group_id: id of group whose users to return
+    @type group_name: unicode
+    @param group_name: new name of the group
+    @type group_settings_button: unicode
+    @param group_settings_button: ignored
+    @rtype: dict
+    @return: { 'message': message }
+    @raise Access_error: the current user doesn't have admin membership to the given group
+    @raise Validation_error: one of the arguments is invalid
+    """
+    if not self.__users.check_group( user_id, group_id, admin = True ):
+      raise Access_error()
+
+    group = self.__database.load( Group, group_id )
+
+    if group is None:
+      raise Access_error()
+
+    group.name = group_name
+    self.__database.save( group )
+
+    return dict(
+      message = u"The group settings have been saved.",
+    )
diff --git a/controller/test/Test_groups.py b/controller/test/Test_groups.py
index 55c7f08..d084777 100644
--- a/controller/test/Test_groups.py
+++ b/controller/test/Test_groups.py
@@ -63,6 +63,93 @@ class Test_groups( Test_controller ):
     assert result[ u"group" ].name == self.group.name
     assert result[ u"group" ].admin == self.group.admin
 
+  def test_load_users_without_access( self ):
+    self.login2()
+
+    result = self.http_post( "/groups/load_users", dict(
+      group_id = self.group2.object_id,
+    ), session_id = self.session_id )
+
+    assert u"access" in result[ u"error" ]
+
+  def test_load_users_without_admin_access( self ):
+    self.login()
+
+    result = self.http_post( "/groups/load_users", dict(
+      group_id = self.group.object_id,
+    ), session_id = self.session_id )
+
+    assert u"access" in result[ u"error" ]
+
+  def test_load_users_with_unknown_group( self ):
+    self.login()
+
+    result = self.http_post( "/groups/load_users", dict(
+      group_id = u"unknowngroupid",
+    ), session_id = self.session_id )
+
+    assert u"access" in result[ u"error" ]
+
+  def test_update_settings( self ):
+    self.login2()
+    new_name = u"new group name"
+
+    result = self.http_post( "/groups/update_settings", dict(
+      group_id = self.group.object_id,
+      group_name = new_name,
+      group_settings_button = u"save settings",
+    ), session_id = self.session_id )
+    
+    assert u"saved" in result[ u"message" ]
+
+    group = self.database.load( Group, self.group.object_id )
+    assert group.name == new_name
+
+  def test_update_settings_without_access( self ):
+    self.login2()
+    new_name = u"new group name"
+
+    result = self.http_post( "/groups/update_settings", dict(
+      group_id = self.group2.object_id,
+      group_name = new_name,
+      group_settings_button = u"save settings",
+    ), session_id = self.session_id )
+    
+    assert u"access" in result[ u"error" ]
+
+    group = self.database.load( Group, self.group.object_id )
+    assert group.name == self.group.name
+
+  def test_update_settings_without_admin_access( self ):
+    self.login()
+    new_name = u"new group name"
+
+    result = self.http_post( "/groups/update_settings", dict(
+      group_id = self.group.object_id,
+      group_name = new_name,
+      group_settings_button = u"save settings",
+    ), session_id = self.session_id )
+    
+    assert u"access" in result[ u"error" ]
+
+    group = self.database.load( Group, self.group.object_id )
+    assert group.name == self.group.name
+
+  def test_update_settings_with_unknown_group( self ):
+    self.login2()
+    new_name = u"new group name"
+
+    result = self.http_post( "/groups/update_settings", dict(
+      group_id = u"unknowngroupid",
+      group_name = new_name,
+      group_settings_button = u"save settings",
+    ), session_id = self.session_id )
+    
+    assert u"access" in result[ u"error" ]
+
+    group = self.database.load( Group, self.group.object_id )
+    assert group.name == self.group.name
+
   def login( self ):
     result = self.http_post( "/users/login", dict(
       username = self.username,