oly
/
hackspace
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Better user profile view checking

This commit is contained in:
Oliver Marks 2018-03-08 21:46:38 +00:00
parent f7fb3f5cf7
commit a22bc22538
4 changed files with 52 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mhackspace/users/tests/test_urls.py
View File

@ -9,14 +9,6 @@ class TestUserURLs(TestCase):
def setUp(self):
self.user = self.make_user()
def test_list_reverse(self):
"""users:list should reverse to /users/."""
self.assertEqual(reverse('users:list'), '/users/')
def test_list_resolve(self):
"""/users/ should resolve to users:list."""
self.assertEqual(resolve('/users/').view_name, 'users:list')
def test_redirect_reverse(self):
"""users:redirect should reverse to /users/~redirect/."""
self.assertEqual(reverse('users:redirect'), '/users/~redirect/')

43
mhackspace/users/tests/test_views.py
View File

@ -1,9 +1,11 @@
from django.test import RequestFactory
from django.http import Http404
from test_plus.test import TestCase
from ..views import (
UserRedirectView,
UserDetailView,
UserUpdateView
)
@ -12,9 +14,50 @@ class BaseUserTestCase(TestCase):
def setUp(self):
self.user = self.make_user()
self.userTwo = self.make_user(username='username2')
self.factory = RequestFactory()
class TestUserDetailView(BaseUserTestCase):
def setUp(self):
super(TestUserDetailView, self).setUp()
self.client.login(
username=self.user.username,
password=self.user.password) # defined in fixture or with factory in setUp()
def test_view_not_logged_in_404s(self):
self.client.logout()
response = self.client.get('/users/', {'username': self.user.username}, follow=True)
self.assertEqual(
response.status_code,
404
)
def test_user_profile_does_not_exist_404s(self):
response = self.client.get('/users/', {'username': 'does-not-exist'}, follow=True)
self.assertEqual(
response.status_code,
404
)
def test_view_anothers_profile_404s(self):
response = self.client.get(
'/users/',
{'username': self.userTwo.username},
follow=True)
self.assertEqual(
response.status_code,
404
)
def test_view_users_own_profile_succeeds(self):
response = self.client.get('/users/%s' % self.user.username, follow=True)
self.assertEqual(
response.status_code,
200
)
class TestUserRedirectView(BaseUserTestCase):
def test_get_redirect_url(self):

5
mhackspace/users/urls.py
View File

@ -8,11 +8,6 @@ from . import views
urlpatterns = [
url('^access-cards/', include(access_card_patterns, namespace='rfid')),
url(
regex=r'^$',
view=views.UserListView.as_view(),
name='list'
),
url(
regex=r'^~redirect/$',
view=views.UserRedirectView.as_view(),

17
mhackspace/users/views.py
View File

@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
from __future__ import absolute_import, unicode_literals
from django.http import Http404
from django.core.urlresolvers import reverse
from django.views.generic import DetailView, ListView, RedirectView, UpdateView
from django.contrib.auth.mixins import LoginRequiredMixin
@ -18,6 +18,14 @@ class UserDetailView(LoginRequiredMixin, DetailView):
slug_field = 'username'
slug_url_kwarg = 'username'
def get_object(self):
user = super(UserDetailView, self).get_object()
# Disallow users to view others profiles
if user.username == self.request.user.username:
return user
raise Http404()
def get_context_data(self, **kwargs):
# xxx will be available in the template as the related objects
context = super(UserDetailView, self).get_context_data(**kwargs)
@ -64,10 +72,3 @@ class UserUpdateView(LoginRequiredMixin, UpdateView):
blurb_model.save()
return super(UserUpdateView, self).form_valid(form)
class UserListView(LoginRequiredMixin, ListView):
model = User
# These next two lines tell the view to index lookups by username
slug_field = 'username'
slug_url_kwarg = 'username'