diff --git a/server/szurubooru/api/user_api.py b/server/szurubooru/api/user_api.py index a36110b1..fd4cc262 100644 --- a/server/szurubooru/api/user_api.py +++ b/server/szurubooru/api/user_api.py @@ -6,7 +6,7 @@ def _serialize_user(authenticated_user, user): ret = { 'id': user.user_id, 'name': user.name, - 'accessRank': user.access_rank, + 'rank': user.rank, 'creationTime': user.creation_time, 'lastLoginTime': user.last_login_time, 'avatarStyle': user.avatar_style @@ -91,9 +91,9 @@ class UserDetailApi(BaseApi): auth.verify_privilege(context.user, 'users:edit:%s:email' % infix) users.update_email(user, context.request['email']) - if 'accessRank' in context.request: + if 'rank' in context.request: auth.verify_privilege(context.user, 'users:edit:%s:rank' % infix) - users.update_rank(user, context.request['accessRank'], context.user) + users.update_rank(user, context.request['rank'], context.user) # TODO: avatar diff --git a/server/szurubooru/db/user.py b/server/szurubooru/db/user.py index 1b0f9be3..06777346 100644 --- a/server/szurubooru/db/user.py +++ b/server/szurubooru/db/user.py @@ -12,7 +12,7 @@ class User(Base): password_hash = sa.Column('password_hash', sa.String(64), nullable=False) password_salt = sa.Column('pasword_salt', sa.String(32)) email = sa.Column('email', sa.String(200), nullable=True) - access_rank = sa.Column('access_rank', sa.String(32), nullable=False) + rank = sa.Column('access_rank', sa.String(32), nullable=False) creation_time = sa.Column('creation_time', sa.DateTime, nullable=False) last_login_time = sa.Column('last_login_time', sa.DateTime) avatar_style = sa.Column('avatar_style', sa.Integer, nullable=False) diff --git a/server/szurubooru/middleware/authenticator.py b/server/szurubooru/middleware/authenticator.py index 0f850271..8c506f9f 100644 --- a/server/szurubooru/middleware/authenticator.py +++ b/server/szurubooru/middleware/authenticator.py @@ -50,6 +50,6 @@ class Authenticator(object): def _create_anonymous_user(self): user = db.User() user.name = None - user.access_rank = 'anonymous' + user.rank = 'anonymous' user.password = None return user diff --git a/server/szurubooru/tests/api/test_user_api.py b/server/szurubooru/tests/api/test_user_api.py index 5d106c20..b2b4b8c5 100644 --- a/server/szurubooru/tests/api/test_user_api.py +++ b/server/szurubooru/tests/api/test_user_api.py @@ -29,7 +29,7 @@ class TestRetrievingUsers(DatabaseTestCase): user2 = util.mock_user('u2', 'mod') self.session.add_all([user1, user2]) util.mock_params(self.context, {'query': '', 'page': 1}) - self.context.user.access_rank = 'regular_user' + self.context.user.rank = 'regular_user' api_ = api.UserListApi() result = api_.get(self.context) self.assertEqual(result['query'], '') @@ -39,7 +39,7 @@ class TestRetrievingUsers(DatabaseTestCase): self.assertEqual([u['name'] for u in result['users']], ['u1', 'u2']) def test_retrieving_multiple_without_privileges(self): - self.context.user.access_rank = 'anonymous' + self.context.user.rank = 'anonymous' util.mock_params(self.context, {'query': '', 'page': 1}) api_ = api.UserListApi() self.assertRaises(errors.AuthError, api_.get, self.context) @@ -47,25 +47,25 @@ class TestRetrievingUsers(DatabaseTestCase): def test_retrieving_single(self): user = util.mock_user('u1', 'regular_user') self.session.add(user) - self.context.user.access_rank = 'regular_user' + self.context.user.rank = 'regular_user' util.mock_params(self.context, {'query': '', 'page': 1}) api_ = api.UserDetailApi() result = api_.get(self.context, 'u1') self.assertEqual(result['user']['id'], user.user_id) self.assertEqual(result['user']['name'], 'u1') - self.assertEqual(result['user']['accessRank'], 'regular_user') + self.assertEqual(result['user']['rank'], 'regular_user') self.assertEqual(result['user']['creationTime'], datetime(1997, 1, 1)) self.assertEqual(result['user']['lastLoginTime'], None) self.assertEqual(result['user']['avatarStyle'], 1) # i.e. integer def test_retrieving_non_existing(self): - self.context.user.access_rank = 'regular_user' + self.context.user.rank = 'regular_user' util.mock_params(self.context, {'query': '', 'page': 1}) api_ = api.UserDetailApi() self.assertRaises(errors.NotFoundError, api_.get, self.context, '-') def test_retrieving_single_without_privileges(self): - self.context.user.access_rank = 'anonymous' + self.context.user.rank = 'anonymous' util.mock_params(self.context, {'query': '', 'page': 1}) api_ = api.UserDetailApi() self.assertRaises(errors.AuthError, api_.get, self.context, '-') @@ -94,7 +94,7 @@ class TestCreatingUser(DatabaseTestCase): self.context.session = self.session self.context.request = {} self.context.user = db.User() - self.context.user.access_rank = 'anonymous' + self.context.user.rank = 'anonymous' def tearDown(self): config.config = self.old_config @@ -109,7 +109,7 @@ class TestCreatingUser(DatabaseTestCase): created_user = self.session.query(db.User).filter_by(name='chewie').one() self.assertEqual(created_user.name, 'chewie') self.assertEqual(created_user.email, 'asd@asd.asd') - self.assertEqual(created_user.access_rank, 'regular_user') + self.assertEqual(created_user.rank, 'regular_user') self.assertTrue(auth.is_valid_password(created_user, 'oks')) self.assertFalse(auth.is_valid_password(created_user, 'invalid')) @@ -184,7 +184,7 @@ class TestUpdatingUser(DatabaseTestCase): admin_user = self.session.query(db.User).filter_by(name='u1').one() self.assertEqual(admin_user.name, 'u1') self.assertEqual(admin_user.email, 'dummy') - self.assertEqual(admin_user.access_rank, 'admin') + self.assertEqual(admin_user.rank, 'admin') def test_updating_non_existing_user(self): admin_user = util.mock_user('u1', 'admin') @@ -200,13 +200,13 @@ class TestUpdatingUser(DatabaseTestCase): 'name': 'chewie', 'email': 'asd@asd.asd', 'password': 'oks', - 'accessRank': 'mod', + 'rank': 'mod', } self.api.put(self.context, 'u1') admin_user = self.session.query(db.User).filter_by(name='chewie').one() self.assertEqual(admin_user.name, 'chewie') self.assertEqual(admin_user.email, 'asd@asd.asd') - self.assertEqual(admin_user.access_rank, 'mod') + self.assertEqual(admin_user.rank, 'mod') self.assertTrue(auth.is_valid_password(admin_user, 'oks')) self.assertFalse(auth.is_valid_password(admin_user, 'invalid')) @@ -229,7 +229,7 @@ class TestUpdatingUser(DatabaseTestCase): self.context.request = {'password': '.'} self.assertRaises( errors.ValidationError, self.api.put, self.context, 'u1') - self.context.request = {'accessRank': '.'} + self.context.request = {'rank': '.'} self.assertRaises( errors.ValidationError, self.api.put, self.context, 'u1') self.context.request = {'email': '.'} @@ -244,7 +244,7 @@ class TestUpdatingUser(DatabaseTestCase): for request in [ {'name': 'whatever'}, {'email': 'whatever'}, - {'accessRank': 'whatever'}, + {'rank': 'whatever'}, {'password': 'whatever'}]: self.context.request = request self.assertRaises( @@ -275,7 +275,7 @@ class TestUpdatingUser(DatabaseTestCase): user2 = util.mock_user('u2', 'mod') self.session.add_all([user1, user2]) self.context.user = user1 - self.context.request = {'accessRank': 'admin'} + self.context.request = {'rank': 'admin'} self.assertRaises( errors.AuthError, self.api.put, self.context, user1.name) self.assertRaises( diff --git a/server/szurubooru/tests/api/util.py b/server/szurubooru/tests/api/util.py index 31e1d20a..26a1ad4b 100644 --- a/server/szurubooru/tests/api/util.py +++ b/server/szurubooru/tests/api/util.py @@ -8,7 +8,7 @@ def mock_user(name, rank='admin'): user.password_salt = 'dummy' user.password_hash = 'dummy' user.email = 'dummy' - user.access_rank = rank + user.rank = rank user.creation_time = datetime(1997, 1, 1) user.avatar_style = db.User.AVATAR_GRAVATAR return user diff --git a/server/szurubooru/tests/search/test_user_search_config.py b/server/szurubooru/tests/search/test_user_search_config.py index d1059ac2..65e6585c 100644 --- a/server/szurubooru/tests/search/test_user_search_config.py +++ b/server/szurubooru/tests/search/test_user_search_config.py @@ -1,6 +1,7 @@ from datetime import datetime from szurubooru import db, errors, search from szurubooru.tests.database_test_case import DatabaseTestCase +from szurubooru.tests.api import util class TestUserSearchExecutor(DatabaseTestCase): def setUp(self): @@ -8,26 +9,14 @@ class TestUserSearchExecutor(DatabaseTestCase): self.search_config = search.UserSearchConfig() self.executor = search.SearchExecutor(self.search_config) - def _create_user(self, name): - user = db.User() - user.name = name - user.password = 'dummy' - user.password_salt = 'dummy' - user.password_hash = 'dummy' - user.email = 'dummy' - user.access_rank = 'dummy' - user.creation_time = datetime.now() - user.avatar_style = db.User.AVATAR_GRAVATAR - return user - def _test(self, query, page, expected_count, expected_user_names): count, users = self.executor.execute(self.session, query, page) self.assertEqual(count, expected_count) self.assertEqual([u.name for u in users], expected_user_names) def test_filter_by_creation_time(self): - user1 = self._create_user('u1') - user2 = self._create_user('u2') + user1 = util.mock_user('u1') + user2 = util.mock_user('u2') user1.creation_time = datetime(2014, 1, 1) user2.creation_time = datetime(2015, 1, 1) self.session.add_all([user1, user2]) @@ -35,8 +24,8 @@ class TestUserSearchExecutor(DatabaseTestCase): self._test('%s:2014' % alias, 1, 1, ['u1']) def test_filter_by_negated_creation_time(self): - user1 = self._create_user('u1') - user2 = self._create_user('u2') + user1 = util.mock_user('u1') + user2 = util.mock_user('u2') user1.creation_time = datetime(2014, 1, 1) user2.creation_time = datetime(2015, 1, 1) self.session.add_all([user1, user2]) @@ -44,9 +33,9 @@ class TestUserSearchExecutor(DatabaseTestCase): self._test('-%s:2014' % alias, 1, 1, ['u2']) def test_filter_by_ranged_creation_time(self): - user1 = self._create_user('u1') - user2 = self._create_user('u2') - user3 = self._create_user('u3') + user1 = util.mock_user('u1') + user2 = util.mock_user('u2') + user3 = util.mock_user('u3') user1.creation_time = datetime(2014, 1, 1) user2.creation_time = datetime(2014, 6, 1) user3.creation_time = datetime(2015, 1, 1) @@ -60,9 +49,9 @@ class TestUserSearchExecutor(DatabaseTestCase): errors.SearchError, self.executor.execute, self.session, '%s:..', 1) def test_filter_by_negated_ranged_creation_time(self): - user1 = self._create_user('u1') - user2 = self._create_user('u2') - user3 = self._create_user('u3') + user1 = util.mock_user('u1') + user2 = util.mock_user('u2') + user3 = util.mock_user('u3') user1.creation_time = datetime(2014, 1, 1) user2.creation_time = datetime(2014, 6, 1) user3.creation_time = datetime(2015, 1, 1) @@ -72,9 +61,9 @@ class TestUserSearchExecutor(DatabaseTestCase): self._test('-%s:2014-06..2015-01-01' % alias, 1, 1, ['u1']) def test_filter_by_composite_creation_time(self): - user1 = self._create_user('u1') - user2 = self._create_user('u2') - user3 = self._create_user('u3') + user1 = util.mock_user('u1') + user2 = util.mock_user('u2') + user3 = util.mock_user('u3') user1.creation_time = datetime(2014, 1, 1) user2.creation_time = datetime(2014, 6, 1) user3.creation_time = datetime(2015, 1, 1) @@ -83,9 +72,9 @@ class TestUserSearchExecutor(DatabaseTestCase): self._test('%s:2014-01,2015' % alias, 1, 2, ['u1', 'u3']) def test_filter_by_negated_composite_creation_time(self): - user1 = self._create_user('u1') - user2 = self._create_user('u2') - user3 = self._create_user('u3') + user1 = util.mock_user('u1') + user2 = util.mock_user('u2') + user3 = util.mock_user('u3') user1.creation_time = datetime(2014, 1, 1) user2.creation_time = datetime(2014, 6, 1) user3.creation_time = datetime(2015, 1, 1) @@ -94,27 +83,27 @@ class TestUserSearchExecutor(DatabaseTestCase): self._test('-%s:2014-01,2015' % alias, 1, 1, ['u2']) def test_filter_by_name(self): - self.session.add(self._create_user('u1')) - self.session.add(self._create_user('u2')) + self.session.add(util.mock_user('u1')) + self.session.add(util.mock_user('u2')) self._test('name:u1', 1, 1, ['u1']) self._test('name:u2', 1, 1, ['u2']) def test_filter_by_negated_name(self): - self.session.add(self._create_user('u1')) - self.session.add(self._create_user('u2')) + self.session.add(util.mock_user('u1')) + self.session.add(util.mock_user('u2')) self._test('-name:u1', 1, 1, ['u2']) self._test('-name:u2', 1, 1, ['u1']) def test_filter_by_composite_name(self): - self.session.add(self._create_user('u1')) - self.session.add(self._create_user('u2')) - self.session.add(self._create_user('u3')) + self.session.add(util.mock_user('u1')) + self.session.add(util.mock_user('u2')) + self.session.add(util.mock_user('u3')) self._test('name:u1,u2', 1, 2, ['u1', 'u2']) def test_filter_by_negated_composite_name(self): - self.session.add(self._create_user('u1')) - self.session.add(self._create_user('u2')) - self.session.add(self._create_user('u3')) + self.session.add(util.mock_user('u1')) + self.session.add(util.mock_user('u2')) + self.session.add(util.mock_user('u3')) self._test('-name:u1,u3', 1, 1, ['u2']) def test_filter_by_ranged_name(self): @@ -123,14 +112,14 @@ class TestUserSearchExecutor(DatabaseTestCase): def test_paging(self): self.executor.page_size = 1 - self.session.add(self._create_user('u1')) - self.session.add(self._create_user('u2')) + self.session.add(util.mock_user('u1')) + self.session.add(util.mock_user('u2')) self._test('', 1, 2, ['u1']) self._test('', 2, 2, ['u2']) def test_order_by_name(self): - self.session.add(self._create_user('u1')) - self.session.add(self._create_user('u2')) + self.session.add(util.mock_user('u1')) + self.session.add(util.mock_user('u2')) self._test('order:name', 1, 2, ['u1', 'u2']) self._test('-order:name', 1, 2, ['u2', 'u1']) self._test('order:name,asc', 1, 2, ['u1', 'u2']) @@ -150,21 +139,21 @@ class TestUserSearchExecutor(DatabaseTestCase): errors.SearchError, self.executor.execute, self.session, query, 1) def test_anonymous(self): - self.session.add(self._create_user('u1')) - self.session.add(self._create_user('u2')) + self.session.add(util.mock_user('u1')) + self.session.add(util.mock_user('u2')) self._test('u1', 1, 1, ['u1']) self._test('u2', 1, 1, ['u2']) def test_negated_anonymous(self): - self.session.add(self._create_user('u1')) - self.session.add(self._create_user('u2')) + self.session.add(util.mock_user('u1')) + self.session.add(util.mock_user('u2')) self._test('-u1', 1, 1, ['u2']) self._test('-u2', 1, 1, ['u1']) def test_combining(self): - user1 = self._create_user('u1') - user2 = self._create_user('u2') - user3 = self._create_user('u3') + user1 = util.mock_user('u1') + user2 = util.mock_user('u2') + user3 = util.mock_user('u3') user1.creation_time = datetime(2014, 1, 1) user2.creation_time = datetime(2014, 6, 1) user3.creation_time = datetime(2015, 1, 1) diff --git a/server/szurubooru/util/auth.py b/server/szurubooru/util/auth.py index 1283301f..2f65b395 100644 --- a/server/szurubooru/util/auth.py +++ b/server/szurubooru/util/auth.py @@ -45,10 +45,10 @@ def verify_privilege(user, privilege_name): all_ranks = config.config['service']['user_ranks'] assert privilege_name in config.config['privileges'] - assert user.access_rank in all_ranks + assert user.rank in all_ranks minimal_rank = config.config['privileges'][privilege_name] good_ranks = all_ranks[all_ranks.index(minimal_rank):] - if user.access_rank not in good_ranks: + if user.rank not in good_ranks: raise errors.AuthError('Insufficient privileges to do this.') def generate_authentication_token(user): diff --git a/server/szurubooru/util/users.py b/server/szurubooru/util/users.py index 0455eb77..4e68ec6a 100644 --- a/server/szurubooru/util/users.py +++ b/server/szurubooru/util/users.py @@ -10,7 +10,7 @@ def create_user(name, password, email): update_name(user, name) update_password(user, password) update_email(user, email) - user.access_rank = config.config['service']['default_user_rank'] + user.rank = config.config['service']['default_user_rank'] user.creation_time = datetime.now() user.avatar_style = db.User.AVATAR_GRAVATAR return user @@ -43,14 +43,14 @@ def update_email(user, email): def update_rank(user, rank, authenticated_user): rank = rank.strip() - available_access_ranks = config.config['service']['user_ranks'] - if not rank in available_access_ranks: + available_ranks = config.config['service']['user_ranks'] + if not rank in available_ranks: raise errors.ValidationError( - 'Bad access rank. Valid access ranks: %r' % available_access_ranks) - if available_access_ranks.index(authenticated_user.access_rank) \ - < available_access_ranks.index(rank): - raise errors.AuthError('Trying to set higher access rank than one has') - user.access_rank = rank + 'Bad rank. Valid ranks: %r' % available_ranks) + if available_ranks.index(authenticated_user.rank) \ + < available_ranks.index(rank): + raise errors.AuthError('Trying to set higher rank than your own') + user.rank = rank def bump_login_time(user): ''' Update user's login time to current date. '''