controller.Users.remove_group() now resets the removed user's rate plan to 0. Also fixed broken controller.Users.signup().

Updated unit tests.
2008-06-06 15:13:11 -07:00 · 2008-06-06 15:13:11 -07:00 · 7ee838d46e
parent 71a3b29709
commit 7ee838d46e
2 changed files with 44 additions and 8 deletions
--- a/controller/Users.py
+++ b/controller/Users.py
@ -308,7 +308,7 @@ class Users( object ):
    @raise Signup_error: passwords don't match or the username is unavailable
    @raise Validation_error: one of the arguments is invalid
    """
-    ( user, notebook ) = self.__create_user( username, password, password_repeat, email_bddress )
+    ( user, notebook ) = self.__create_user( username, password, password_repeat, email_address )
    self.__database.commit()

    # if there's an invite_id, then redeem that invite and redirect to the invite's notebook
@ -317,7 +317,7 @@ class Users( object ):
      if not invite:
        raise Signup_error( u"The invite is unknown." )

-      self.convert_invite_to_access( invite, user_id )
+      self.convert_invite_to_access( invite, user.object_id )
      redirect = u"/notebooks/%s" % invite.notebook_id
    # if there's a requested rate plan, then redirect to the PayPal subscribe page
    elif rate_plan and rate_plan > 0:
@ -751,7 +751,8 @@ class Users( object ):
  )
  def remove_group( self, user_id_to_remove, group_id, user_id = None ):
    """
-    Remove a user's membership from the given group.
+    Remove a user's membership from the given group. For now, this also sets them to the lowest
+    rate plan.

    @type user_id_to_remove: unicode
    @param user_id_to_remove: id of the user to remove from the group
@ -771,6 +772,11 @@ class Users( object ):

    self.__database.execute( user.sql_remove_group( group_id ) )

+    # setting the user's rate plan to 0 upon group removal prevents a group admin from creating
+    # an unlimited number of users with high-end rate plans
+    user.rate_plan = 0
+    self.__database.save( user )
+
    return dict(
      message = u"Group membership for %s has been revoked." % user.username,
    )
--- a/controller/test/Test_users.py
+++ b/controller/test/Test_users.py
@ -769,9 +769,12 @@ class Test_users( Test_controller ):

    assert membership is True

-  def test_check_remove_group( self ):
+  def test_remove_group( self ):
    self.login2()

+    self.user.rate_plan = 1
+    self.database.save( self.user )
+
    result = self.http_post( "/users/remove_group", dict(
      user_id_to_remove = self.user.object_id,
      group_id = self.group.object_id,
@ -780,9 +783,15 @@ class Test_users( Test_controller ):
    assert u"revoked" in result[ u"message" ]
    assert cherrypy.root.users.check_group( self.user.object_id, self.group.object_id ) == False

-  def test_check_remove_group_without_access( self ):
+    user = self.database.load( User, self.user.object_id )
+    assert user.rate_plan == 0
+
+  def test_remove_group_without_access( self ):
    self.login2()

+    self.user.rate_plan = 1
+    self.database.save( self.user )
+
    result = self.http_post( "/users/remove_group", dict(
      user_id_to_remove = self.user.object_id,
      group_id = self.group2.object_id,
@ -791,9 +800,15 @@ class Test_users( Test_controller ):
    assert u"access" in result[ u"error" ]
    assert cherrypy.root.users.check_group( self.user.object_id, self.group.object_id ) == True

-  def test_check_remove_group_without_admin_access( self ):
+    user = self.database.load( User, self.user.object_id )
+    assert user.rate_plan == 1
+
+  def test_remove_group_without_admin_access( self ):
    self.login()

+    self.user.rate_plan = 1
+    self.database.save( self.user )
+
    result = self.http_post( "/users/remove_group", dict(
      user_id_to_remove = self.user.object_id,
      group_id = self.group.object_id,
@ -802,9 +817,15 @@ class Test_users( Test_controller ):
    assert u"access" in result[ u"error" ]
    assert cherrypy.root.users.check_group( self.user.object_id, self.group.object_id ) == True

-  def test_check_remove_group_with_unknown_group( self ):
+    user = self.database.load( User, self.user.object_id )
+    assert user.rate_plan == 1
+
+  def test_remove_group_with_unknown_group( self ):
    self.login2()

+    self.user.rate_plan = 1
+    self.database.save( self.user )
+
    result = self.http_post( "/users/remove_group", dict(
      user_id_to_remove = self.user.object_id,
      group_id = u"unknowngroupid",
@ -813,9 +834,15 @@ class Test_users( Test_controller ):
    assert u"access" in result[ u"error" ]
    assert cherrypy.root.users.check_group( self.user.object_id, self.group.object_id ) == True

-  def test_check_remove_group_with_unknown_user( self ):
+    user = self.database.load( User, self.user.object_id )
+    assert user.rate_plan == 1
+
+  def test_remove_group_with_unknown_user( self ):
    self.login2()

+    self.user.rate_plan = 1
+    self.database.save( self.user )
+
    result = self.http_post( "/users/remove_group", dict(
      user_id_to_remove = u"unknownuserid",
      group_id = self.group.object_id,
@ -824,6 +851,9 @@ class Test_users( Test_controller ):
    assert u"access" in result[ u"error" ]
    assert cherrypy.root.users.check_group( self.user.object_id, self.group.object_id ) == True

+    user = self.database.load( User, self.user.object_id )
+    assert user.rate_plan == 1
+
  def test_send_reset( self ):
    # trick send_reset() into using a fake SMTP server
    Stub_smtp.reset()