controller.Users.remove_group() now resets the removed user's rate plan to 0. Also fixed broken controller.Users.signup().
Updated unit tests.
This commit is contained in:
parent
71a3b29709
commit
7ee838d46e
|
@ -308,7 +308,7 @@ class Users( object ):
|
|||
@raise Signup_error: passwords don't match or the username is unavailable
|
||||
@raise Validation_error: one of the arguments is invalid
|
||||
"""
|
||||
( user, notebook ) = self.__create_user( username, password, password_repeat, email_bddress )
|
||||
( user, notebook ) = self.__create_user( username, password, password_repeat, email_address )
|
||||
self.__database.commit()
|
||||
|
||||
# if there's an invite_id, then redeem that invite and redirect to the invite's notebook
|
||||
|
@ -317,7 +317,7 @@ class Users( object ):
|
|||
if not invite:
|
||||
raise Signup_error( u"The invite is unknown." )
|
||||
|
||||
self.convert_invite_to_access( invite, user_id )
|
||||
self.convert_invite_to_access( invite, user.object_id )
|
||||
redirect = u"/notebooks/%s" % invite.notebook_id
|
||||
# if there's a requested rate plan, then redirect to the PayPal subscribe page
|
||||
elif rate_plan and rate_plan > 0:
|
||||
|
@ -751,7 +751,8 @@ class Users( object ):
|
|||
)
|
||||
def remove_group( self, user_id_to_remove, group_id, user_id = None ):
|
||||
"""
|
||||
Remove a user's membership from the given group.
|
||||
Remove a user's membership from the given group. For now, this also sets them to the lowest
|
||||
rate plan.
|
||||
|
||||
@type user_id_to_remove: unicode
|
||||
@param user_id_to_remove: id of the user to remove from the group
|
||||
|
@ -771,6 +772,11 @@ class Users( object ):
|
|||
|
||||
self.__database.execute( user.sql_remove_group( group_id ) )
|
||||
|
||||
# setting the user's rate plan to 0 upon group removal prevents a group admin from creating
|
||||
# an unlimited number of users with high-end rate plans
|
||||
user.rate_plan = 0
|
||||
self.__database.save( user )
|
||||
|
||||
return dict(
|
||||
message = u"Group membership for %s has been revoked." % user.username,
|
||||
)
|
||||
|
|
|
@ -769,9 +769,12 @@ class Test_users( Test_controller ):
|
|||
|
||||
assert membership is True
|
||||
|
||||
def test_check_remove_group( self ):
|
||||
def test_remove_group( self ):
|
||||
self.login2()
|
||||
|
||||
self.user.rate_plan = 1
|
||||
self.database.save( self.user )
|
||||
|
||||
result = self.http_post( "/users/remove_group", dict(
|
||||
user_id_to_remove = self.user.object_id,
|
||||
group_id = self.group.object_id,
|
||||
|
@ -780,9 +783,15 @@ class Test_users( Test_controller ):
|
|||
assert u"revoked" in result[ u"message" ]
|
||||
assert cherrypy.root.users.check_group( self.user.object_id, self.group.object_id ) == False
|
||||
|
||||
def test_check_remove_group_without_access( self ):
|
||||
user = self.database.load( User, self.user.object_id )
|
||||
assert user.rate_plan == 0
|
||||
|
||||
def test_remove_group_without_access( self ):
|
||||
self.login2()
|
||||
|
||||
self.user.rate_plan = 1
|
||||
self.database.save( self.user )
|
||||
|
||||
result = self.http_post( "/users/remove_group", dict(
|
||||
user_id_to_remove = self.user.object_id,
|
||||
group_id = self.group2.object_id,
|
||||
|
@ -791,9 +800,15 @@ class Test_users( Test_controller ):
|
|||
assert u"access" in result[ u"error" ]
|
||||
assert cherrypy.root.users.check_group( self.user.object_id, self.group.object_id ) == True
|
||||
|
||||
def test_check_remove_group_without_admin_access( self ):
|
||||
user = self.database.load( User, self.user.object_id )
|
||||
assert user.rate_plan == 1
|
||||
|
||||
def test_remove_group_without_admin_access( self ):
|
||||
self.login()
|
||||
|
||||
self.user.rate_plan = 1
|
||||
self.database.save( self.user )
|
||||
|
||||
result = self.http_post( "/users/remove_group", dict(
|
||||
user_id_to_remove = self.user.object_id,
|
||||
group_id = self.group.object_id,
|
||||
|
@ -802,9 +817,15 @@ class Test_users( Test_controller ):
|
|||
assert u"access" in result[ u"error" ]
|
||||
assert cherrypy.root.users.check_group( self.user.object_id, self.group.object_id ) == True
|
||||
|
||||
def test_check_remove_group_with_unknown_group( self ):
|
||||
user = self.database.load( User, self.user.object_id )
|
||||
assert user.rate_plan == 1
|
||||
|
||||
def test_remove_group_with_unknown_group( self ):
|
||||
self.login2()
|
||||
|
||||
self.user.rate_plan = 1
|
||||
self.database.save( self.user )
|
||||
|
||||
result = self.http_post( "/users/remove_group", dict(
|
||||
user_id_to_remove = self.user.object_id,
|
||||
group_id = u"unknowngroupid",
|
||||
|
@ -813,9 +834,15 @@ class Test_users( Test_controller ):
|
|||
assert u"access" in result[ u"error" ]
|
||||
assert cherrypy.root.users.check_group( self.user.object_id, self.group.object_id ) == True
|
||||
|
||||
def test_check_remove_group_with_unknown_user( self ):
|
||||
user = self.database.load( User, self.user.object_id )
|
||||
assert user.rate_plan == 1
|
||||
|
||||
def test_remove_group_with_unknown_user( self ):
|
||||
self.login2()
|
||||
|
||||
self.user.rate_plan = 1
|
||||
self.database.save( self.user )
|
||||
|
||||
result = self.http_post( "/users/remove_group", dict(
|
||||
user_id_to_remove = u"unknownuserid",
|
||||
group_id = self.group.object_id,
|
||||
|
@ -824,6 +851,9 @@ class Test_users( Test_controller ):
|
|||
assert u"access" in result[ u"error" ]
|
||||
assert cherrypy.root.users.check_group( self.user.object_id, self.group.object_id ) == True
|
||||
|
||||
user = self.database.load( User, self.user.object_id )
|
||||
assert user.rate_plan == 1
|
||||
|
||||
def test_send_reset( self ):
|
||||
# trick send_reset() into using a fake SMTP server
|
||||
Stub_smtp.reset()
|
||||
|
|
Reference in New Issue