def test_update_with_keystone_can_edit_user_false(self):
user = self.users.get(id="1")
api.user_get(IsA(http.HttpRequest),
'1',
admin=True).AndReturn(user)
api.tenant_list(IgnoreArg(), admin=True).AndReturn(self.tenants.list())
api.keystone_can_edit_user().AndReturn(False)
api.keystone_can_edit_user().AndReturn(False)
api.user_update_tenant(IsA(http.HttpRequest),
user.id,
self.tenant.id).AndReturn(None)
api.keystone.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id).AndReturn(None)
self.mox.ReplayAll()
formData = {'method': 'UpdateUserForm',
'id': user.id,
'name': user.name,
'tenant_id': self.tenant.id, }
res = self.client.post(USER_UPDATE_URL, formData)
self.assertNoFormErrors(res)
self.assertMessageCount(warning=1)
def handle(self, request, data):
failed, succeeded = [], []
user_is_editable = api.keystone_can_edit_user()
user = data.pop('id')
tenant = data.pop('tenant_id')
if user_is_editable:
password = data.pop('password')
data.pop('confirm_password', None)
if user_is_editable:
# Update user details
msg_bits = (_('name'), _('email'))
try:
api.keystone.user_update(request, user, **data)
succeeded.extend(msg_bits)
except:
failed.extend(msg_bits)
exceptions.handle(request, ignore=True)
# Update default tenant
msg_bits = (_('primary project'),)
try:
api.user_update_tenant(request, user, tenant)
succeeded.extend(msg_bits)
except:
failed.append(msg_bits)
exceptions.handle(request, ignore=True)
# Check for existing roles
# Show a warning if no role exists for the tenant
user_roles = api.keystone.roles_for_user(request, user, tenant)
if not user_roles:
messages.warning(request,
_('The user %s has no role defined for' +
' that project.')
% data.get('name', None))
if user_is_editable:
# If present, update password
# FIXME(gabriel): password change should be its own form and view
if password:
msg_bits = (_('password'),)
try:
api.user_update_password(request, user, password)
succeeded.extend(msg_bits)
except:
failed.extend(msg_bits)
exceptions.handle(request, ignore=True)
if succeeded:
messages.success(request, _('User has been updated successfully.'))
if failed:
failed = map(force_unicode, failed)
messages.error(request,
_('Unable to update %(attributes)s for the user.')
% {"attributes": ", ".join(failed)})
return True
def allowed(self, request, datum):
if not api.keystone_can_edit_user() or \
(datum and datum.id == request.user.id):
return False
return True
def allowed(self, request, user):
if api.keystone_can_edit_user():
return True
return False
def allowed(self, request, user):
if api.keystone_can_edit_user():
return True
return False
def __init__(self, request, *args, **kwargs):
super(UpdateUserForm, self).__init__(request, *args, **kwargs)
if api.keystone_can_edit_user() is False:
for field in ('name', 'email', 'password', 'confirm_password'):
self.fields.pop(field)
def __init__(self, request, *args, **kwargs):
super(UpdateUserForm, self).__init__(request, *args, **kwargs)
if api.keystone_can_edit_user() is False:
for field in ('name', 'email', 'password', 'confirm_password'):
self.fields.pop(field)