kallithea Changeset - 2aaa05ee969a

Changeset - 2aaa05ee969a

Parent rev.

Child rev.

[Not reviewed]

default

0 4 0

Mads Kiilerich - 9 years ago 2016-08-04 14:23:36
madski@unity3d.com

routing: use POST to 'update_user' instead of PUT

4 files changed with 3 insertions and 4 deletions:

kallithea/config/routing.py

kallithea/controllers/admin/users.py

kallithea/templates/admin/users/user_edit_profile.html

kallithea/tests/functional/test_admin_users.py

0 comments (0 inline, 0 general)

kallithea/config/routing.py

➞

Show inline comments

@@ @@ -157,49 +157,49 @@ def make_map(config): @@
         m.connect("edit_repo_group_perms_update", "/repo_groups/{group_name:.*?}/edit/permissions",
                   action="update_perms",
                   conditions=dict(method=["POST"], function=check_group))
         m.connect("edit_repo_group_perms_delete", "/repo_groups/{group_name:.*?}/edit/permissions/delete",
                   action="delete_perms",
                   conditions=dict(method=["POST"], function=check_group))
         m.connect("delete_repo_group", "/repo_groups/{group_name:.*?}/delete",
                   action="delete", conditions=dict(method=["POST"],
                                                    function=check_group_skip_path))
     #ADMIN USER ROUTES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/users') as m:
         m.connect("users", "/users",
                   action="create", conditions=dict(method=["POST"]))
         m.connect("users", "/users",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_users", "/users.{format}",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("new_user", "/users/new",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("update_user", "/users/{id}",
-                  action="update", conditions=dict(method=["PUT"]))
+                  action="update", conditions=dict(method=["POST"]))
         m.connect("delete_user", "/users/{id}/delete",
                   action="delete", conditions=dict(method=["POST"]))
         m.connect("edit_user", "/users/{id}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         #EXTRAS USER ROUTES
         m.connect("edit_user_advanced", "/users/{id}/edit/advanced",
                   action="edit_advanced", conditions=dict(method=["GET"]))
         m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",
                   action="edit_api_keys", conditions=dict(method=["GET"]))
         m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",
                   action="add_api_key", conditions=dict(method=["POST"]))
         m.connect("edit_user_api_keys_delete", "/users/{id}/edit/api_keys/delete",
                   action="delete_api_key", conditions=dict(method=["POST"]))
         m.connect("edit_user_perms", "/users/{id}/edit/permissions",
                   action="edit_perms", conditions=dict(method=["GET"]))
         m.connect("edit_user_perms", "/users/{id}/edit/permissions",
                   action="update_perms", conditions=dict(method=["PUT"]))
         m.connect("edit_user_emails", "/users/{id}/edit/emails",
                   action="edit_emails", conditions=dict(method=["GET"]))
         m.connect("edit_user_emails", "/users/{id}/edit/emails",

kallithea/controllers/admin/users.py

➞

Show inline comments

@@ @@ -152,49 +152,48 @@ class UsersController(BaseController): @@
     def update(self, id):
         user_model = UserModel()
         user = user_model.get(id)
         _form = UserForm(edit=True, old_data={'user_id': id,
                                               'email': user.email})()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             skip_attrs = ['extern_type', 'extern_name',
                          ] + auth_modules.get_managed_fields(user)
             user_model.update(id, form_result, skip_attrs=skip_attrs)
             usr = form_result['username']
             action_logger(self.authuser, 'admin_updated_user:%s' % usr,
                           None, self.ip_addr, self.sa)
             h.flash(_('User updated successfully'), category='success')
             Session().commit()
         except formencode.Invalid as errors:
             defaults = errors.value
             e = errors.error_dict or {}
             defaults.update({
                 'create_repo_perm': user_model.has_perm(id,
                                                         'hg.create.repository'),
                 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),
                 '_method': 'put'
             })
             return htmlfill.render(
                 self._render_edit_profile(user),
                 defaults=defaults,
                 errors=e,
                 prefix_error=False,
                 encoding="UTF-8",
                 force_defaults=False)
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during update of user %s') \
                     % form_result.get('username'), category='error')
         raise HTTPFound(location=url('edit_user', id=id))
     def delete(self, id):
         usr = User.get_or_404(id)
         try:
             UserModel().delete(usr)
             Session().commit()
             h.flash(_('Successfully deleted user'), category='success')
         except (UserOwnsReposException, DefaultUserException) as e:
             h.flash(e, category='warning')
         except Exception:
             log.error(traceback.format_exc())

kallithea/templates/admin/users/user_edit_profile.html

➞

Show inline comments

-${h.form(url('update_user', id=c.user.user_id),method='put')}
 ${h.form(url('update_user', id=c.user.user_id))}
 <div class="form">
         <div class="field">
            <div class="gravatar_box">
                 ${h.gravatar_div(c.user.email)}
                 <p>
                 %if c.visual.use_gravatar:
                 <strong>${_('Change avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>
                 <br/>${_('Using')} ${c.user.email}
                 %else:
                 <strong>${_('Avatars are disabled')}</strong>
                 <br/>${c.user.email or _('Missing email, please update this user email address.')}
                         ##show current ip just if we show ourself
                         %if c.authuser.username == c.user.username:
                             [${_('Current IP')}: ${c.ip_addr}]
                         %endif
                 %endif
            </div>
         </div>
         <div class="fields">
              <div class="field">
                 <div class="label">
                     <label for="username">${_('Username')}:</label>
                 </div>

kallithea/tests/functional/test_admin_users.py

➞

Show inline comments

@@ @@ -131,49 +131,49 @@ class TestAdminUsersController(TestContr @@
         self.log_user()
         usr = fixture.create_user(self.test_user_1, password='qweqwe',
                                   email='testme@example.com',
                                   extern_type='internal',
                                   extern_name=self.test_user_1,
                                   skip_if_exists=True)
         Session().commit()
         params = usr.get_api_data(True)
         params.update({'password_confirmation': ''})
         params.update({'new_password': ''})
         params.update(attrs)
         if name == 'email':
             params['emails'] = [attrs['email']]
         if name == 'extern_type':
             #cannot update this via form, expected value is original one
             params['extern_type'] = "internal"
         if name == 'extern_name':
             #cannot update this via form, expected value is original one
             params['extern_name'] = self.test_user_1
             # special case since this user is not
                                           # logged in yet his data is not filled
                                           # so we use creation data
         params.update({'_authentication_token': self.authentication_token()})
-        response = self.app.put(url('user', id=usr.user_id), params)
+        response = self.app.post(url('update_user', id=usr.user_id), params)
         self.checkSessionFlash(response, 'User updated successfully')
         params.pop('_authentication_token')
         updated_user = User.get_by_username(self.test_user_1)
         updated_params = updated_user.get_api_data(True)
         updated_params.update({'password_confirmation': ''})
         updated_params.update({'new_password': ''})
         assert params == updated_params
     def test_delete(self):
         self.log_user()
         username = 'newtestuserdeleteme'
         fixture.create_user(name=username)
         new_user = Session().query(User) \
             .filter(User.username == username).one()
         response = self.app.post(url('delete_user', id=new_user.user_id),
             params={'_authentication_token': self.authentication_token()})
         self.checkSessionFlash(response, 'Successfully deleted user')
     def test_delete_repo_err(self):

0 comments (0 inline, 0 general)