def admincontrol_manageuser_post_(request):
form = request.web_input(ch_username="",
ch_full_name="",
ch_catchphrase="",
ch_email="",
ch_birthday="",
ch_gender="",
ch_country="",
remove_social=[])
userid = d.get_int(form.userid)
if request.userid != userid and userid in staff.ADMINS and request.userid not in staff.TECHNICAL:
return d.errorpage(request.userid, errorcode.permission)
profile.do_manage(
request.userid,
userid,
username=form.username.strip() if form.ch_username else None,
full_name=form.full_name.strip() if form.ch_full_name else None,
catchphrase=form.catchphrase.strip() if form.ch_catchphrase else None,
birthday=form.birthday if form.ch_birthday else None,
gender=form.gender if form.ch_gender else None,
country=form.country if form.ch_country else None,
remove_social=form.remove_social,
permission_tag='permission-tag' in form)
raise HTTPSeeOther(location="/admincontrol")
def POST(self):
form = web.input(ch_username="", ch_full_name="", ch_catchphrase="", ch_email="",
ch_birthday="", ch_gender="", ch_country="")
userid = d.get_int(form.userid)
if self.user_id != userid and userid in staff.ADMINS and self.user_id not in staff.TECHNICAL:
return d.errorpage(self.user_id, errorcode.permission)
if form.get('impersonate'):
if self.user_id not in staff.TECHNICAL:
return d.errorpage(self.user_id, errorcode.permission)
sess = web.ctx.weasyl_session
sess.additional_data.setdefault('user-stack', []).append(sess.userid)
sess.additional_data.changed()
sess.userid = userid
sess.save = True
d.append_to_log(
'staff.actions', userid=self.user_id, action='impersonate', target=userid)
raise web.seeother('/')
else:
profile.do_manage(self.user_id, userid,
username=form.username.strip() if form.ch_username else None,
full_name=form.full_name.strip() if form.ch_full_name else None,
catchphrase=form.catchphrase.strip() if form.ch_catchphrase else None,
birthday=form.birthday if form.ch_birthday else None,
gender=form.gender if form.ch_gender else None,
country=form.country if form.ch_country else None)
raise web.seeother("/admincontrol")
def admincontrol_manageuser_post_(request):
form = request.web_input(ch_username="", ch_full_name="", ch_catchphrase="", ch_email="",
ch_birthday="", ch_gender="", ch_country="", remove_social=[])
userid = d.get_int(form.userid)
if request.userid != userid and userid in staff.ADMINS and request.userid not in staff.TECHNICAL:
return d.errorpage(request.userid, errorcode.permission)
profile.do_manage(request.userid, userid,
username=form.username.strip() if form.ch_username else None,
full_name=form.full_name.strip() if form.ch_full_name else None,
catchphrase=form.catchphrase.strip() if form.ch_catchphrase else None,
birthday=form.birthday if form.ch_birthday else None,
gender=form.gender if form.ch_gender else None,
country=form.country if form.ch_country else None,
remove_social=form.remove_social)
raise HTTPSeeOther(location="/admincontrol")
def test_InsufficientPermissions_WeasylError_if_user_does_not_have_tagging_permissions():
# Set up for this test
admin = db_utils.create_user()
userid_owner = db_utils.create_user()
userid_tag_adder = db_utils.create_user()
journalid = db_utils.create_journal(userid_owner)
charid = db_utils.create_character(userid_owner)
submitid = db_utils.create_submission(userid_owner)
profile.do_manage(admin, userid_tag_adder, permission_tag=False)
with pytest.raises(WeasylError) as err:
searchtag.associate(userid_tag_adder, tags, submitid=submitid)
assert err.value.value == "InsufficientPermissions"
with pytest.raises(WeasylError) as err:
searchtag.associate(userid_tag_adder, tags, charid=charid)
assert err.value.value == "InsufficientPermissions"
with pytest.raises(WeasylError) as err:
searchtag.associate(userid_tag_adder, tags, journalid=journalid)
assert err.value.value == "InsufficientPermissions"
def test_remove_social_links(self):
user = db_utils.create_user()
links = [
{
'userid': user,
'link_type': 'Twitter',
'link_value': 'Weasyl',
},
{
'userid': user,
'link_type': 'Email',
'link_value': 'mailto:[email protected]',
},
]
d.engine.execute(d.meta.tables['user_links'].insert().values(links))
profile.do_manage(self.mod, user, remove_social=['Email'])
test_user_profile = profile.select_manage(user)
self.assertEqual(test_user_profile['sorted_user_links'], [('Twitter', ['Weasyl'])])
def POST(self):
form = web.input(ch_username="",
ch_full_name="",
ch_catchphrase="",
ch_email="",
ch_birthday="",
ch_gender="",
ch_country="")
userid = d.get_int(form.userid)
if self.user_id != userid and userid in staff.ADMINS and self.user_id not in staff.TECHNICAL:
return d.errorpage(self.user_id, errorcode.permission)
if form.get('impersonate'):
if self.user_id not in staff.TECHNICAL:
return d.errorpage(self.user_id, errorcode.permission)
sess = web.ctx.weasyl_session
sess.additional_data.setdefault('user-stack',
[]).append(sess.userid)
sess.additional_data.changed()
sess.userid = userid
sess.save = True
d.append_to_log('staff.actions',
userid=self.user_id,
action='impersonate',
target=userid)
raise web.seeother('/')
else:
profile.do_manage(
self.user_id,
userid,
username=form.username.strip() if form.ch_username else None,
full_name=form.full_name.strip()
if form.ch_full_name else None,
catchphrase=form.catchphrase.strip()
if form.ch_catchphrase else None,
birthday=form.birthday if form.ch_birthday else None,
gender=form.gender if form.ch_gender else None,
country=form.country if form.ch_country else None)
raise web.seeother("/admincontrol")
def admincontrol_manageuser_post_(request):
userid = d.get_int(request.params.get('userid', ''))
if request.userid != userid and userid in staff.ADMINS and request.userid not in staff.TECHNICAL:
raise WeasylError('InsufficientPermissions')
profile.do_manage(
request.userid,
userid,
username=request.params.get('username', '').strip()
if 'ch_username' in request.params else None,
full_name=request.params.get('full_name', '').strip()
if 'ch_full_name' in request.params else None,
catchphrase=request.params.get('catchphrase', '').strip()
if 'ch_catchphrase' in request.params else None,
birthday=request.params.get('birthday', '')
if 'ch_birthday' in request.params else None,
gender=request.params.get('gender', '')
if 'ch_gender' in request.params else None,
country=request.params.get('country', '')
if 'ch_country' in request.params else None,
remove_social=request.params.getall('remove_social'),
permission_tag='permission-tag' in request.params)
raise HTTPSeeOther(location="/admincontrol")