def test_block_unblock(self, is_user_admin):
self.temporary_login(self.admin)
# test block user when user is not in db
response = self.client.get(
"/user/{user_id}/block".format(user_id="random-user-id"))
self.assert404(response, "Can't find a user with ID: random-user-id")
# make self.admin a moderator
is_user_admin.return_value = True
# admin blocks tester
response = self.client.post(
"user/{user_id}/block".format(user_id=self.user.id),
data=dict(reason="Test blocking user."),
follow_redirects=True,
)
self.assertIn("This user account has been blocked.",
str(response.data))
user = db_users.get_by_id(self.user.id)
self.assertEqual(user["is_blocked"], True)
# testing when admin blocks an already blocked user
response = self.client.post(
"user/{user_id}/block".format(user_id=self.user.id),
data=dict(reason="Test blocking already blocker user."),
follow_redirects=True,
)
self.assertIn("This account is already blocked.", str(response.data))
# test unblock user when user is not in db
response = self.client.get(
"/user/{user_id}/unblock".format(user_id="random-user-id"))
self.assert404(response, "Can't find a user with ID: random-user-id")
# admin unblocks tester
response = self.client.post(
"user/{user_id}/unblock".format(user_id=self.user.id),
data=dict(reason="Test unblocking user."),
follow_redirects=True,
)
self.assertIn("This user account has been unblocked.",
str(response.data))
user = db_users.get_by_id(self.user.id)
self.assertEqual(user["is_blocked"], False)
# testing when admin unblocks a user that is not blocked
response = self.client.post(
"user/{user_id}/unblock".format(user_id=self.user.id),
data=dict(reason="Test unblocking user that is not blocked."),
follow_redirects=True,
)
self.assertIn("This account is not blocked.", str(response.data))
def reviews(user_id):
user_id = str(user_id)
if current_user.is_authenticated and current_user.id == user_id:
user = current_user
else:
user = db_users.get_by_id(user_id)
if not user:
abort(404)
user = User(user)
page = int(request.args.get('page', default=1))
if page < 1:
return redirect(url_for('.reviews'))
limit = 12
offset = (page - 1) * limit
reviews, count = Review.list(user_id=user_id,
sort='created',
limit=limit,
offset=offset,
inc_hidden=current_user.is_admin(),
inc_drafts=current_user.is_authenticated
and current_user.id == user_id)
return render_template('user/reviews.html',
section='reviews',
user=user,
reviews=reviews,
page=page,
limit=limit,
count=count)
def unblock(user_id):
user = db_users.get_by_id(user_id)
if not user:
raise NotFound("Can't find a user with ID: {user_id}".format(user_id=user_id))
db_users.unblock(user['id'])
flash.success(gettext("This user account has been unblocked."))
return redirect(url_for('user.reviews', user_id=user['id']))
def user_entity_handler(user_id):
"""Get profile of a user with a specified UUID.
**Request Example:**
.. code-block:: bash
$ curl https://critiquebrainz.org/ws/1/user/ae5a003f-292c-497e-afbd-8076e9626f2e \\
-X GET
**Response Example:**
.. code-block:: json
{
"user": {
"created": "Wed, 07 May 2014 14:47:03 GMT",
"display_name": "User's Name comes here",
"id": "ae5a003f-292c-497e-afbd-8076e9626f2e",
"karma": 0,
"user_type": "Noob"
}
}
:resheader Content-Type: *application/json*
"""
user = db_users.get_by_id(str(user_id))
if not user:
raise NotFound("Can't find a user with ID: {user_id}".format(user_id=user_id))
inc = Parser.list('uri', 'inc', User.allowed_includes, optional=True) or []
return jsonify(user=User(user).to_dict(inc))
def reviews(user_id):
user_id = str(user_id)
if current_user.is_authenticated and current_user.id == user_id:
user = current_user
else:
user = db_users.get_by_id(user_id)
if not user:
raise NotFound(
"Can't find a user with ID: {user_id}".format(user_id=user_id))
user = User(user)
page = int(request.args.get('page', default=1))
if page < 1:
return redirect(url_for('.reviews'))
limit = 12
offset = (page - 1) * limit
reviews, count = db_review.list_reviews(
user_id=user_id,
sort='published_on',
limit=limit,
offset=offset,
inc_hidden=current_user.is_admin(),
inc_drafts=current_user.is_authenticated
and current_user.id == user_id)
return render_template('user/reviews.html',
section='reviews',
user=user,
reviews=reviews,
page=page,
limit=limit,
count=count)
def info(user_id):
user = db_users.get_by_id(user_id)
if not user:
raise NotFound(
"Can't find a user with ID: {user_id}".format(user_id=user_id))
user = User(user)
return render_template('user/info.html', section='info', user=user)
def test_update(self):
db_users.update(self.user1.id,
user_new_info={
"email": '*****@*****.**',
})
user1 = db_users.get_by_id(self.user1.id)
self.assertEqual(user1['email'], '*****@*****.**')
def unblock(user_id):
user = db_users.get_by_id(user_id)
if not user:
abort(404)
db_users.unblock(user['id'])
flash.success(gettext("This user account has been unblocked."))
return redirect(url_for('user.reviews', user_id=user['id']))
def user_entity_handler(user_id):
"""Get profile of a user with a specified UUID.
**Request Example:**
.. code-block:: bash
$ curl https://critiquebrainz.org/ws/1/user/ae5a003f-292c-497e-afbd-8076e9626f2e \\
-X GET
**Response Example:**
.. code-block:: json
{
"user": {
"created": "Wed, 07 May 2014 14:47:03 GMT",
"display_name": "User's Name comes here",
"id": "ae5a003f-292c-497e-afbd-8076e9626f2e",
"karma": 0,
"user_type": "Noob"
}
}
:resheader Content-Type: *application/json*
"""
user = db_users.get_by_id(str(user_id))
if not user:
raise NotFound(
"Can't find a user with ID: {user_id}".format(user_id=user_id))
inc = Parser.list('uri', 'inc', User.allowed_includes, optional=True) or []
return jsonify(user=User(user).to_dict(inc))
def to_dict(review, confidential=False):
review["user"] = User(db_users.get_by_id(review.pop("user_id")))
review["user"] = review["user"].to_dict(confidential=confidential)
review["id"] = str(review["id"])
review["entity_id"] = str(review["entity_id"])
review["last_updated"] = review["last_revision"]["timestamp"]
review["last_revision"]["review_id"] = str(
review["last_revision"]["review_id"])
return review
def to_dict(review, confidential=False, connection=None):
if connection is not None:
review["user"] = User(db_users.get_user_by_id(connection, review.pop("user_id")))
else:
review["user"] = User(db_users.get_by_id(review.pop("user_id")))
review["user"] = review["user"].to_dict(confidential=confidential)
review["id"] = str(review["id"])
review["entity_id"] = str(review["entity_id"])
review["last_updated"] = review["last_revision"]["timestamp"]
review["last_revision"]["review_id"] = str(review["last_revision"]["review_id"])
return review
def block(user_id):
user = db_users.get_by_id(user_id)
if not user:
raise NotFound("Can't find a user with ID: {user_id}".format(user_id=user_id))
if user['is_blocked']:
flash.info(gettext("This account is already blocked."))
return redirect(url_for('user.reviews', user_id=user['id']))
form = AdminActionForm()
if form.validate_on_submit():
db_users.block(user['id'])
db_moderation_log.create(admin_id=current_user.id, action=ACTION_BLOCK_USER,
reason=form.reason.data, user_id=user['id'])
flash.success(gettext("This user account has been blocked."))
return redirect(url_for('user.reviews', user_id=user['id']))
return render_template('log/action.html', user=user, form=form, action=ACTION_BLOCK_USER)
def get_authorized_user(self, scopes):
authorization = request.headers.get('Authorization')
if self.validate_authorization_header(authorization) is False:
raise NotAuthorized
access_token = authorization.split()[1]
token = self.fetch_access_token(access_token)
if token is None:
raise exceptions.InvalidToken
if token["expires"] < datetime.now():
raise exceptions.InvalidToken
for scope in scopes:
if scope not in db_oauth_token.get_scopes(token["id"]):
raise exceptions.InvalidToken
user = User(db_users.get_by_id(token["user_id"]))
return user
def unblock(user_id):
user = db_users.get_by_id(user_id)
if not user:
raise NotFound("Can't find a user with ID: {user_id}".format(user_id=user_id))
if not user['is_blocked']:
flash.info(gettext("This account is not blocked."))
return redirect(url_for('user.reviews', user_id=user['id']))
form = AdminActionForm()
if form.validate_on_submit():
db_users.unblock(user['id'])
db_moderation_log.create(admin_id=current_user.id, action=AdminActions.ACTION_UNBLOCK_USER,
reason=form.reason.data, user_id=user['id'])
flash.success(gettext("This user account has been unblocked."))
return redirect(url_for('user.reviews', user_id=user['id']))
return render_template('log/action.html', user=user, form=form, action=AdminActions.ACTION_UNBLOCK_USER.value)
def reviews(user_id):
user_id = str(user_id)
if current_user.is_authenticated and current_user.id == user_id:
user = current_user
else:
user = db_users.get_by_id(user_id)
if not user:
raise NotFound("Can't find a user with ID: {user_id}".format(user_id=user_id))
user = User(user)
page = int(request.args.get('page', default=1))
if page < 1:
return redirect(url_for('.reviews'))
limit = 12
offset = (page - 1) * limit
reviews, count = db_review.list_reviews(user_id=user_id, sort='published_on', limit=limit, offset=offset,
inc_hidden=current_user.is_admin(),
inc_drafts=current_user.is_authenticated and current_user.id == user_id)
return render_template('user/reviews.html', section='reviews', user=user,
reviews=reviews, page=page, limit=limit, count=count)
def load_user(user_id):
user = db_users.get_by_id(user_id)
if not user:
return None
return User(user)
def test_get_by_id(self):
user = db_users.get_by_id(self.user1.id)
self.assertEqual(user['display_name'], "test")
self.assertEqual(user['musicbrainz_username'], "tester_1")
def test_update(self):
db_users.update(self.user1.id, user_new_info={
"email": '*****@*****.**',
})
user1 = db_users.get_by_id(self.user1.id)
self.assertEqual(user1['email'], '*****@*****.**')
def test_get_by_id(self):
user = db_users.get_by_id(self.user1.id)
self.assertEqual(user['display_name'], "test")
self.assertEqual(user['musicbrainz_username'], "tester_1")
def load_user(user_id):
user = db_users.get_by_id(user_id)
if user:
return User(user)
else:
return None
def info(user_id):
user = db_users.get_by_id(user_id)
if not user:
raise NotFound("Can't find a user with ID: {user_id}".format(user_id=user_id))
user = User(user)
return render_template('user/info.html', section='info', user=user)
def load_user(user_id):
user = db_users.get_by_id(user_id)
if not user:
return None
return User(user)
def info(user_id):
user = db_users.get_by_id(user_id)
if not user:
abort(404)
user = User(user)
return render_template('user/info.html', section='info', user=user)
