ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

server: rename 'access ranks' to just 'ranks'

Browse source
This commit is contained in:
rr- 2016-04-06 19:16:44 +02:00
parent 92dd958866
commit 19a357611b
8 changed files with 68 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
server/szurubooru/api/user_api.py
View file

@ -6,7 +6,7 @@ def _serialize_user(authenticated_user, user):
ret = {
'id': user.user_id,
'name': user.name,
'accessRank': user.access_rank,
'rank': user.rank,
'creationTime': user.creation_time,
'lastLoginTime': user.last_login_time,
'avatarStyle': user.avatar_style
@ -91,9 +91,9 @@ class UserDetailApi(BaseApi):
auth.verify_privilege(context.user, 'users:edit:%s:email' % infix)
users.update_email(user, context.request['email'])
if 'accessRank' in context.request:
if 'rank' in context.request:
auth.verify_privilege(context.user, 'users:edit:%s:rank' % infix)
users.update_rank(user, context.request['accessRank'], context.user)
users.update_rank(user, context.request['rank'], context.user)
# TODO: avatar

2
server/szurubooru/db/user.py
View file

@ -12,7 +12,7 @@ class User(Base):
password_hash = sa.Column('password_hash', sa.String(64), nullable=False)
password_salt = sa.Column('pasword_salt', sa.String(32))
email = sa.Column('email', sa.String(200), nullable=True)
access_rank = sa.Column('access_rank', sa.String(32), nullable=False)
rank = sa.Column('access_rank', sa.String(32), nullable=False)
creation_time = sa.Column('creation_time', sa.DateTime, nullable=False)
last_login_time = sa.Column('last_login_time', sa.DateTime)
avatar_style = sa.Column('avatar_style', sa.Integer, nullable=False)

2
server/szurubooru/middleware/authenticator.py
View file

@ -50,6 +50,6 @@ class Authenticator(object):
def _create_anonymous_user(self):
user = db.User()
user.name = None
user.access_rank = 'anonymous'
user.rank = 'anonymous'
user.password = None
return user

28
server/szurubooru/tests/api/test_user_api.py
View file

@ -29,7 +29,7 @@ class TestRetrievingUsers(DatabaseTestCase):
user2 = util.mock_user('u2', 'mod')
self.session.add_all([user1, user2])
util.mock_params(self.context, {'query': '', 'page': 1})
self.context.user.access_rank = 'regular_user'
self.context.user.rank = 'regular_user'
api_ = api.UserListApi()
result = api_.get(self.context)
self.assertEqual(result['query'], '')
@ -39,7 +39,7 @@ class TestRetrievingUsers(DatabaseTestCase):
self.assertEqual([u['name'] for u in result['users']], ['u1', 'u2'])
def test_retrieving_multiple_without_privileges(self):
self.context.user.access_rank = 'anonymous'
self.context.user.rank = 'anonymous'
util.mock_params(self.context, {'query': '', 'page': 1})
api_ = api.UserListApi()
self.assertRaises(errors.AuthError, api_.get, self.context)
@ -47,25 +47,25 @@ class TestRetrievingUsers(DatabaseTestCase):
def test_retrieving_single(self):
user = util.mock_user('u1', 'regular_user')
self.session.add(user)
self.context.user.access_rank = 'regular_user'
self.context.user.rank = 'regular_user'
util.mock_params(self.context, {'query': '', 'page': 1})
api_ = api.UserDetailApi()
result = api_.get(self.context, 'u1')
self.assertEqual(result['user']['id'], user.user_id)
self.assertEqual(result['user']['name'], 'u1')
self.assertEqual(result['user']['accessRank'], 'regular_user')
self.assertEqual(result['user']['rank'], 'regular_user')
self.assertEqual(result['user']['creationTime'], datetime(1997, 1, 1))
self.assertEqual(result['user']['lastLoginTime'], None)
self.assertEqual(result['user']['avatarStyle'], 1) # i.e. integer
def test_retrieving_non_existing(self):
self.context.user.access_rank = 'regular_user'
self.context.user.rank = 'regular_user'
util.mock_params(self.context, {'query': '', 'page': 1})
api_ = api.UserDetailApi()
self.assertRaises(errors.NotFoundError, api_.get, self.context, '-')
def test_retrieving_single_without_privileges(self):
self.context.user.access_rank = 'anonymous'
self.context.user.rank = 'anonymous'
util.mock_params(self.context, {'query': '', 'page': 1})
api_ = api.UserDetailApi()
self.assertRaises(errors.AuthError, api_.get, self.context, '-')
@ -94,7 +94,7 @@ class TestCreatingUser(DatabaseTestCase):
self.context.session = self.session
self.context.request = {}
self.context.user = db.User()
self.context.user.access_rank = 'anonymous'
self.context.user.rank = 'anonymous'
def tearDown(self):
config.config = self.old_config
@ -109,7 +109,7 @@ class TestCreatingUser(DatabaseTestCase):
created_user = self.session.query(db.User).filter_by(name='chewie').one()
self.assertEqual(created_user.name, 'chewie')
self.assertEqual(created_user.email, 'asd@asd.asd')
self.assertEqual(created_user.access_rank, 'regular_user')
self.assertEqual(created_user.rank, 'regular_user')
self.assertTrue(auth.is_valid_password(created_user, 'oks'))
self.assertFalse(auth.is_valid_password(created_user, 'invalid'))
@ -184,7 +184,7 @@ class TestUpdatingUser(DatabaseTestCase):
admin_user = self.session.query(db.User).filter_by(name='u1').one()
self.assertEqual(admin_user.name, 'u1')
self.assertEqual(admin_user.email, 'dummy')
self.assertEqual(admin_user.access_rank, 'admin')
self.assertEqual(admin_user.rank, 'admin')
def test_updating_non_existing_user(self):
admin_user = util.mock_user('u1', 'admin')
@ -200,13 +200,13 @@ class TestUpdatingUser(DatabaseTestCase):
'name': 'chewie',
'email': 'asd@asd.asd',
'password': 'oks',
'accessRank': 'mod',
'rank': 'mod',
}
self.api.put(self.context, 'u1')
admin_user = self.session.query(db.User).filter_by(name='chewie').one()
self.assertEqual(admin_user.name, 'chewie')
self.assertEqual(admin_user.email, 'asd@asd.asd')
self.assertEqual(admin_user.access_rank, 'mod')
self.assertEqual(admin_user.rank, 'mod')
self.assertTrue(auth.is_valid_password(admin_user, 'oks'))
self.assertFalse(auth.is_valid_password(admin_user, 'invalid'))
@ -229,7 +229,7 @@ class TestUpdatingUser(DatabaseTestCase):
self.context.request = {'password': '.'}
self.assertRaises(
errors.ValidationError, self.api.put, self.context, 'u1')
self.context.request = {'accessRank': '.'}
self.context.request = {'rank': '.'}
self.assertRaises(
errors.ValidationError, self.api.put, self.context, 'u1')
self.context.request = {'email': '.'}
@ -244,7 +244,7 @@ class TestUpdatingUser(DatabaseTestCase):
for request in [
{'name': 'whatever'},
{'email': 'whatever'},
{'accessRank': 'whatever'},
{'rank': 'whatever'},
{'password': 'whatever'}]:
self.context.request = request
self.assertRaises(
@ -275,7 +275,7 @@ class TestUpdatingUser(DatabaseTestCase):
user2 = util.mock_user('u2', 'mod')
self.session.add_all([user1, user2])
self.context.user = user1
self.context.request = {'accessRank': 'admin'}
self.context.request = {'rank': 'admin'}
self.assertRaises(
errors.AuthError, self.api.put, self.context, user1.name)
self.assertRaises(

2
server/szurubooru/tests/api/util.py
View file

@ -8,7 +8,7 @@ def mock_user(name, rank='admin'):
user.password_salt = 'dummy'
user.password_hash = 'dummy'
user.email = 'dummy'
user.access_rank = rank
user.rank = rank
user.creation_time = datetime(1997, 1, 1)
user.avatar_style = db.User.AVATAR_GRAVATAR
return user

87
server/szurubooru/tests/search/test_user_search_config.py
View file

@ -1,6 +1,7 @@
from datetime import datetime
from szurubooru import db, errors, search
from szurubooru.tests.database_test_case import DatabaseTestCase
from szurubooru.tests.api import util
class TestUserSearchExecutor(DatabaseTestCase):
def setUp(self):
@ -8,26 +9,14 @@ class TestUserSearchExecutor(DatabaseTestCase):
self.search_config = search.UserSearchConfig()
self.executor = search.SearchExecutor(self.search_config)
def _create_user(self, name):
user = db.User()
user.name = name
user.password = 'dummy'
user.password_salt = 'dummy'
user.password_hash = 'dummy'
user.email = 'dummy'
user.access_rank = 'dummy'
user.creation_time = datetime.now()
user.avatar_style = db.User.AVATAR_GRAVATAR
return user
def _test(self, query, page, expected_count, expected_user_names):
count, users = self.executor.execute(self.session, query, page)
self.assertEqual(count, expected_count)
self.assertEqual([u.name for u in users], expected_user_names)
def test_filter_by_creation_time(self):
user1 = self._create_user('u1')
user2 = self._create_user('u2')
user1 = util.mock_user('u1')
user2 = util.mock_user('u2')
user1.creation_time = datetime(2014, 1, 1)
user2.creation_time = datetime(2015, 1, 1)
self.session.add_all([user1, user2])
@ -35,8 +24,8 @@ class TestUserSearchExecutor(DatabaseTestCase):
self._test('%s:2014' % alias, 1, 1, ['u1'])
def test_filter_by_negated_creation_time(self):
user1 = self._create_user('u1')
user2 = self._create_user('u2')
user1 = util.mock_user('u1')
user2 = util.mock_user('u2')
user1.creation_time = datetime(2014, 1, 1)
user2.creation_time = datetime(2015, 1, 1)
self.session.add_all([user1, user2])
@ -44,9 +33,9 @@ class TestUserSearchExecutor(DatabaseTestCase):
self._test('-%s:2014' % alias, 1, 1, ['u2'])
def test_filter_by_ranged_creation_time(self):
user1 = self._create_user('u1')
user2 = self._create_user('u2')
user3 = self._create_user('u3')
user1 = util.mock_user('u1')
user2 = util.mock_user('u2')
user3 = util.mock_user('u3')
user1.creation_time = datetime(2014, 1, 1)
user2.creation_time = datetime(2014, 6, 1)
user3.creation_time = datetime(2015, 1, 1)
@ -60,9 +49,9 @@ class TestUserSearchExecutor(DatabaseTestCase):
errors.SearchError, self.executor.execute, self.session, '%s:..', 1)
def test_filter_by_negated_ranged_creation_time(self):
user1 = self._create_user('u1')
user2 = self._create_user('u2')
user3 = self._create_user('u3')
user1 = util.mock_user('u1')
user2 = util.mock_user('u2')
user3 = util.mock_user('u3')
user1.creation_time = datetime(2014, 1, 1)
user2.creation_time = datetime(2014, 6, 1)
user3.creation_time = datetime(2015, 1, 1)
@ -72,9 +61,9 @@ class TestUserSearchExecutor(DatabaseTestCase):
self._test('-%s:2014-06..2015-01-01' % alias, 1, 1, ['u1'])
def test_filter_by_composite_creation_time(self):
user1 = self._create_user('u1')
user2 = self._create_user('u2')
user3 = self._create_user('u3')
user1 = util.mock_user('u1')
user2 = util.mock_user('u2')
user3 = util.mock_user('u3')
user1.creation_time = datetime(2014, 1, 1)
user2.creation_time = datetime(2014, 6, 1)
user3.creation_time = datetime(2015, 1, 1)
@ -83,9 +72,9 @@ class TestUserSearchExecutor(DatabaseTestCase):
self._test('%s:2014-01,2015' % alias, 1, 2, ['u1', 'u3'])
def test_filter_by_negated_composite_creation_time(self):
user1 = self._create_user('u1')
user2 = self._create_user('u2')
user3 = self._create_user('u3')
user1 = util.mock_user('u1')
user2 = util.mock_user('u2')
user3 = util.mock_user('u3')
user1.creation_time = datetime(2014, 1, 1)
user2.creation_time = datetime(2014, 6, 1)
user3.creation_time = datetime(2015, 1, 1)
@ -94,27 +83,27 @@ class TestUserSearchExecutor(DatabaseTestCase):
self._test('-%s:2014-01,2015' % alias, 1, 1, ['u2'])
def test_filter_by_name(self):
self.session.add(self._create_user('u1'))
self.session.add(self._create_user('u2'))
self.session.add(util.mock_user('u1'))
self.session.add(util.mock_user('u2'))
self._test('name:u1', 1, 1, ['u1'])
self._test('name:u2', 1, 1, ['u2'])
def test_filter_by_negated_name(self):
self.session.add(self._create_user('u1'))
self.session.add(self._create_user('u2'))
self.session.add(util.mock_user('u1'))
self.session.add(util.mock_user('u2'))
self._test('-name:u1', 1, 1, ['u2'])
self._test('-name:u2', 1, 1, ['u1'])
def test_filter_by_composite_name(self):
self.session.add(self._create_user('u1'))
self.session.add(self._create_user('u2'))
self.session.add(self._create_user('u3'))
self.session.add(util.mock_user('u1'))
self.session.add(util.mock_user('u2'))
self.session.add(util.mock_user('u3'))
self._test('name:u1,u2', 1, 2, ['u1', 'u2'])
def test_filter_by_negated_composite_name(self):
self.session.add(self._create_user('u1'))
self.session.add(self._create_user('u2'))
self.session.add(self._create_user('u3'))
self.session.add(util.mock_user('u1'))
self.session.add(util.mock_user('u2'))
self.session.add(util.mock_user('u3'))
self._test('-name:u1,u3', 1, 1, ['u2'])
def test_filter_by_ranged_name(self):
@ -123,14 +112,14 @@ class TestUserSearchExecutor(DatabaseTestCase):
def test_paging(self):
self.executor.page_size = 1
self.session.add(self._create_user('u1'))
self.session.add(self._create_user('u2'))
self.session.add(util.mock_user('u1'))
self.session.add(util.mock_user('u2'))
self._test('', 1, 2, ['u1'])
self._test('', 2, 2, ['u2'])
def test_order_by_name(self):
self.session.add(self._create_user('u1'))
self.session.add(self._create_user('u2'))
self.session.add(util.mock_user('u1'))
self.session.add(util.mock_user('u2'))
self._test('order:name', 1, 2, ['u1', 'u2'])
self._test('-order:name', 1, 2, ['u2', 'u1'])
self._test('order:name,asc', 1, 2, ['u1', 'u2'])
@ -150,21 +139,21 @@ class TestUserSearchExecutor(DatabaseTestCase):
errors.SearchError, self.executor.execute, self.session, query, 1)
def test_anonymous(self):
self.session.add(self._create_user('u1'))
self.session.add(self._create_user('u2'))
self.session.add(util.mock_user('u1'))
self.session.add(util.mock_user('u2'))
self._test('u1', 1, 1, ['u1'])
self._test('u2', 1, 1, ['u2'])
def test_negated_anonymous(self):
self.session.add(self._create_user('u1'))
self.session.add(self._create_user('u2'))
self.session.add(util.mock_user('u1'))
self.session.add(util.mock_user('u2'))
self._test('-u1', 1, 1, ['u2'])
self._test('-u2', 1, 1, ['u1'])
def test_combining(self):
user1 = self._create_user('u1')
user2 = self._create_user('u2')
user3 = self._create_user('u3')
user1 = util.mock_user('u1')
user2 = util.mock_user('u2')
user3 = util.mock_user('u3')
user1.creation_time = datetime(2014, 1, 1)
user2.creation_time = datetime(2014, 6, 1)
user3.creation_time = datetime(2015, 1, 1)

4
server/szurubooru/util/auth.py
View file

@ -45,10 +45,10 @@ def verify_privilege(user, privilege_name):
all_ranks = config.config['service']['user_ranks']
assert privilege_name in config.config['privileges']
assert user.access_rank in all_ranks
assert user.rank in all_ranks
minimal_rank = config.config['privileges'][privilege_name]
good_ranks = all_ranks[all_ranks.index(minimal_rank):]
if user.access_rank not in good_ranks:
if user.rank not in good_ranks:
raise errors.AuthError('Insufficient privileges to do this.')
def generate_authentication_token(user):

16
server/szurubooru/util/users.py
View file

@ -10,7 +10,7 @@ def create_user(name, password, email):
update_name(user, name)
update_password(user, password)
update_email(user, email)
user.access_rank = config.config['service']['default_user_rank']
user.rank = config.config['service']['default_user_rank']
user.creation_time = datetime.now()
user.avatar_style = db.User.AVATAR_GRAVATAR
return user
@ -43,14 +43,14 @@ def update_email(user, email):
def update_rank(user, rank, authenticated_user):
rank = rank.strip()
available_access_ranks = config.config['service']['user_ranks']
if not rank in available_access_ranks:
available_ranks = config.config['service']['user_ranks']
if not rank in available_ranks:
raise errors.ValidationError(
'Bad access rank. Valid access ranks: %r' % available_access_ranks)
if available_access_ranks.index(authenticated_user.access_rank) \
< available_access_ranks.index(rank):
raise errors.AuthError('Trying to set higher access rank than one has')
user.access_rank = rank
'Bad rank. Valid ranks: %r' % available_ranks)
if available_ranks.index(authenticated_user.rank) \
< available_ranks.index(rank):
raise errors.AuthError('Trying to set higher rank than your own')
user.rank = rank
def bump_login_time(user):
''' Update user's login time to current date. '''