Merge pull request #3001 from emanuelschuetze/user-profile
Reduced user profile form
This commit is contained in:
commit
2215d7159a
@ -41,6 +41,7 @@ class UserFullSerializer(ModelSerializer):
|
|||||||
"""
|
"""
|
||||||
groups = IdPrimaryKeyRelatedField(
|
groups = IdPrimaryKeyRelatedField(
|
||||||
many=True,
|
many=True,
|
||||||
|
required=False,
|
||||||
queryset=Group.objects.exclude(pk=1),
|
queryset=Group.objects.exclude(pk=1),
|
||||||
help_text=ugettext_lazy('The groups this user belongs to. A user will '
|
help_text=ugettext_lazy('The groups this user belongs to. A user will '
|
||||||
'get all permissions granted to each of '
|
'get all permissions granted to each of '
|
||||||
|
@ -411,55 +411,6 @@ angular.module('OpenSlidesApp.users.site', [
|
|||||||
required: true
|
required: true
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
|
||||||
className: "row",
|
|
||||||
fieldGroup: [
|
|
||||||
{
|
|
||||||
key: 'title',
|
|
||||||
type: 'input',
|
|
||||||
className: "col-xs-2 no-padding-left",
|
|
||||||
templateOptions: {
|
|
||||||
label: gettextCatalog.getString('Title')
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
key: 'first_name',
|
|
||||||
type: 'input',
|
|
||||||
className: "col-xs-5 no-padding",
|
|
||||||
templateOptions: {
|
|
||||||
label: gettextCatalog.getString('Given name')
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
key: 'last_name',
|
|
||||||
type: 'input',
|
|
||||||
className: "col-xs-5 no-padding-right",
|
|
||||||
templateOptions: {
|
|
||||||
label: gettextCatalog.getString('Surname')
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
className: "row",
|
|
||||||
fieldGroup: [
|
|
||||||
{
|
|
||||||
key: 'structure_level',
|
|
||||||
type: 'input',
|
|
||||||
className: "col-xs-9 no-padding-left",
|
|
||||||
templateOptions: {
|
|
||||||
label: gettextCatalog.getString('Structure level'),
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{ key: 'number',
|
|
||||||
type: 'input',
|
|
||||||
className: "col-xs-3 no-padding-left no-padding-right",
|
|
||||||
templateOptions: {
|
|
||||||
label:gettextCatalog.getString('Participant number')
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
key: 'about_me',
|
key: 'about_me',
|
||||||
type: 'editor',
|
type: 'editor',
|
||||||
@ -485,7 +436,7 @@ angular.module('OpenSlidesApp.users.site', [
|
|||||||
return {
|
return {
|
||||||
template: 'static/templates/users/profile-password-form.html',
|
template: 'static/templates/users/profile-password-form.html',
|
||||||
controller: 'UserPasswordCtrl',
|
controller: 'UserPasswordCtrl',
|
||||||
className: 'ngdialog-theme-default wide-form',
|
className: 'ngdialog-theme-default',
|
||||||
closeByEscape: false,
|
closeByEscape: false,
|
||||||
closeByDocument: false,
|
closeByDocument: false,
|
||||||
};
|
};
|
||||||
|
@ -61,16 +61,23 @@ class UserViewSet(ModelViewSet):
|
|||||||
self.check_view_permissions()). Also it is evaluated whether he
|
self.check_view_permissions()). Also it is evaluated whether he
|
||||||
wants to update himself or is manager.
|
wants to update himself or is manager.
|
||||||
"""
|
"""
|
||||||
# Check manager perms
|
# Check permissions.
|
||||||
if (has_perm(request.user, 'users.can_see_extra_data') and
|
if (has_perm(self.request.user, 'users.can_see_name') and
|
||||||
|
has_perm(request.user, 'users.can_see_extra_data') and
|
||||||
has_perm(request.user, 'users.can_manage')):
|
has_perm(request.user, 'users.can_manage')):
|
||||||
|
# The user has all permissions so he may update every user.
|
||||||
if request.data.get('is_active') is False and self.get_object() == request.user:
|
if request.data.get('is_active') is False and self.get_object() == request.user:
|
||||||
# A user can not deactivate himself.
|
# But a user can not deactivate himself.
|
||||||
raise ValidationError({'detail': _('You can not deactivate yourself.')})
|
raise ValidationError({'detail': _('You can not deactivate yourself.')})
|
||||||
else:
|
else:
|
||||||
# Check permissions only to update yourself.
|
# The user does not have all permissions so he may only update himself.
|
||||||
if str(request.user.pk) != self.kwargs['pk']:
|
if str(request.user.pk) != self.kwargs['pk']:
|
||||||
self.permission_denied(request)
|
self.permission_denied(request)
|
||||||
|
# Remove fields that the user is not allowed to change.
|
||||||
|
# The list() is required because we want to use del inside the loop.
|
||||||
|
for key in list(request.data.keys()):
|
||||||
|
if key not in ('username', 'about_me'):
|
||||||
|
del request.data[key]
|
||||||
response = super().update(request, *args, **kwargs)
|
response = super().update(request, *args, **kwargs)
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
@ -207,6 +207,31 @@ class UserUpdate(TestCase):
|
|||||||
|
|
||||||
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
||||||
|
|
||||||
|
def test_update_yourself_non_manager(self):
|
||||||
|
"""
|
||||||
|
Tests that an user can update himself even if he is not a manager.
|
||||||
|
"""
|
||||||
|
user = User.objects.create_user(
|
||||||
|
username='non-admin zeiyeGhaoXoh4awe3xai',
|
||||||
|
password='non-admin chah1hoshohN5Oh7zouj')
|
||||||
|
client = APIClient()
|
||||||
|
client.login(
|
||||||
|
username='non-admin zeiyeGhaoXoh4awe3xai',
|
||||||
|
password='non-admin chah1hoshohN5Oh7zouj')
|
||||||
|
|
||||||
|
response = client.put(
|
||||||
|
reverse('user-detail', args=[user.pk]),
|
||||||
|
{'username': 'New username IeWeipee5mahpi4quupo',
|
||||||
|
'last_name': 'New name fae1Bu1Eyeis9eRox4xu',
|
||||||
|
'about_me': 'New profile text Faemahphi3Hilokangei'})
|
||||||
|
|
||||||
|
self.assertEqual(response.status_code, 200)
|
||||||
|
user = User.objects.get(pk=user.pk)
|
||||||
|
self.assertEqual(user.username, 'New username IeWeipee5mahpi4quupo')
|
||||||
|
self.assertEqual(user.about_me, 'New profile text Faemahphi3Hilokangei')
|
||||||
|
# The user is not allowed to change some other fields (like last_name).
|
||||||
|
self.assertNotEqual(user.last_name, 'New name fae1Bu1Eyeis9eRox4xu')
|
||||||
|
|
||||||
|
|
||||||
class UserDelete(TestCase):
|
class UserDelete(TestCase):
|
||||||
"""
|
"""
|
||||||
|
Loading…
Reference in New Issue
Block a user