Merge pull request #3001 from emanuelschuetze/user-profile

Reduced user profile form
This commit is contained in:
Emanuel Schütze 2017-02-24 16:04:39 +01:00 committed by GitHub
commit 2215d7159a
4 changed files with 38 additions and 54 deletions

View File

@ -41,6 +41,7 @@ class UserFullSerializer(ModelSerializer):
""" """
groups = IdPrimaryKeyRelatedField( groups = IdPrimaryKeyRelatedField(
many=True, many=True,
required=False,
queryset=Group.objects.exclude(pk=1), queryset=Group.objects.exclude(pk=1),
help_text=ugettext_lazy('The groups this user belongs to. A user will ' help_text=ugettext_lazy('The groups this user belongs to. A user will '
'get all permissions granted to each of ' 'get all permissions granted to each of '

View File

@ -411,55 +411,6 @@ angular.module('OpenSlidesApp.users.site', [
required: true required: true
}, },
}, },
{
className: "row",
fieldGroup: [
{
key: 'title',
type: 'input',
className: "col-xs-2 no-padding-left",
templateOptions: {
label: gettextCatalog.getString('Title')
}
},
{
key: 'first_name',
type: 'input',
className: "col-xs-5 no-padding",
templateOptions: {
label: gettextCatalog.getString('Given name')
}
},
{
key: 'last_name',
type: 'input',
className: "col-xs-5 no-padding-right",
templateOptions: {
label: gettextCatalog.getString('Surname')
}
}
]
},
{
className: "row",
fieldGroup: [
{
key: 'structure_level',
type: 'input',
className: "col-xs-9 no-padding-left",
templateOptions: {
label: gettextCatalog.getString('Structure level'),
}
},
{ key: 'number',
type: 'input',
className: "col-xs-3 no-padding-left no-padding-right",
templateOptions: {
label:gettextCatalog.getString('Participant number')
}
}
]
},
{ {
key: 'about_me', key: 'about_me',
type: 'editor', type: 'editor',
@ -485,7 +436,7 @@ angular.module('OpenSlidesApp.users.site', [
return { return {
template: 'static/templates/users/profile-password-form.html', template: 'static/templates/users/profile-password-form.html',
controller: 'UserPasswordCtrl', controller: 'UserPasswordCtrl',
className: 'ngdialog-theme-default wide-form', className: 'ngdialog-theme-default',
closeByEscape: false, closeByEscape: false,
closeByDocument: false, closeByDocument: false,
}; };

View File

@ -61,16 +61,23 @@ class UserViewSet(ModelViewSet):
self.check_view_permissions()). Also it is evaluated whether he self.check_view_permissions()). Also it is evaluated whether he
wants to update himself or is manager. wants to update himself or is manager.
""" """
# Check manager perms # Check permissions.
if (has_perm(request.user, 'users.can_see_extra_data') and if (has_perm(self.request.user, 'users.can_see_name') and
has_perm(request.user, 'users.can_see_extra_data') and
has_perm(request.user, 'users.can_manage')): has_perm(request.user, 'users.can_manage')):
# The user has all permissions so he may update every user.
if request.data.get('is_active') is False and self.get_object() == request.user: if request.data.get('is_active') is False and self.get_object() == request.user:
# A user can not deactivate himself. # But a user can not deactivate himself.
raise ValidationError({'detail': _('You can not deactivate yourself.')}) raise ValidationError({'detail': _('You can not deactivate yourself.')})
else: else:
# Check permissions only to update yourself. # The user does not have all permissions so he may only update himself.
if str(request.user.pk) != self.kwargs['pk']: if str(request.user.pk) != self.kwargs['pk']:
self.permission_denied(request) self.permission_denied(request)
# Remove fields that the user is not allowed to change.
# The list() is required because we want to use del inside the loop.
for key in list(request.data.keys()):
if key not in ('username', 'about_me'):
del request.data[key]
response = super().update(request, *args, **kwargs) response = super().update(request, *args, **kwargs)
return response return response

View File

@ -207,6 +207,31 @@ class UserUpdate(TestCase):
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_update_yourself_non_manager(self):
"""
Tests that an user can update himself even if he is not a manager.
"""
user = User.objects.create_user(
username='non-admin zeiyeGhaoXoh4awe3xai',
password='non-admin chah1hoshohN5Oh7zouj')
client = APIClient()
client.login(
username='non-admin zeiyeGhaoXoh4awe3xai',
password='non-admin chah1hoshohN5Oh7zouj')
response = client.put(
reverse('user-detail', args=[user.pk]),
{'username': 'New username IeWeipee5mahpi4quupo',
'last_name': 'New name fae1Bu1Eyeis9eRox4xu',
'about_me': 'New profile text Faemahphi3Hilokangei'})
self.assertEqual(response.status_code, 200)
user = User.objects.get(pk=user.pk)
self.assertEqual(user.username, 'New username IeWeipee5mahpi4quupo')
self.assertEqual(user.about_me, 'New profile text Faemahphi3Hilokangei')
# The user is not allowed to change some other fields (like last_name).
self.assertNotEqual(user.last_name, 'New name fae1Bu1Eyeis9eRox4xu')
class UserDelete(TestCase): class UserDelete(TestCase):
""" """