def test_is_last_admin_yes(self, users, token): """ Last admin should not be able to change himself. """ user = User.find_by_identity('*****@*****.**') assert User.is_last_admin(user, 'member', 'y') is True assert User.is_last_admin(user, 'admin', 'y') is False assert User.is_last_admin(user, 'admin', None) is True assert User.is_last_admin(user, 'member', None) is True
def test_is_last_admin_no(self, users, token): """ Not the last admin should be able to change himself. """ user = User.find_by_identity('*****@*****.**') params = { 'role': 'admin', 'email': '*****@*****.**', 'password': '******' } new_user = User(**params) new_user.save() assert User.is_last_admin(user, 'member', 'y') is False assert User.is_last_admin(user, 'admin', None) is False assert User.is_last_admin(user, 'member', None) is False
def users_edit(id): user = User.query.get(id) form = UserForm(obj=user) if form.validate_on_submit(): if User.is_last_admin(user, request.form.get('role'), request.form.get('active')): flash(_('You are the last admin, you cannot do that.'), 'error') return redirect(url_for('admin.users')) form.populate_obj(user) if user.username == '': user.username = None user.save() flash(_('User has been saved successfully.'), 'success') return redirect(url_for('admin.users')) return render_template('admin/user/edit.jinja2', form=form, user=user)