Permalink
Browse files

Added separate column for user ban status in the user table. Also

improved the unittests to not log out from the admin panel when traversing
the links.
  • Loading branch information...
1 parent 2bd34e0 commit e2f1e4febc19784f04e0a894eaa4002c504d637c @mitsuhiko committed Oct 4, 2009
View
@@ -2,3 +2,4 @@ Schema changes from first release to development version. This will
later be integrated into a proper update script:
alter table user_messages add column type varchar(10) after text;
+alter table users add column type boolean after is_admin;
@@ -141,7 +141,7 @@ def first_login(self, request):
form = OpenIDRegistrationForm()
if request.method == 'POST' and form.validate():
- user = User(form['username'], form['email'], '!')
+ user = User(form['username'], form['email'])
user.openid_logins.add(identity_url)
self.after_register(request, user)
session.commit()
@@ -120,6 +120,9 @@ SMTP_USE_TLS = False
#: in the LANGUAGE_SECTIONS list.
DEFAULT_LANGUAGE = 'en'
+#: if a user is unbanned, should he pick a new password?
+REQUIRE_NEW_PASSWORD_ON_UNBAN = False
+
#: the languages for which sections exist. Ideally we also have
#: translations of the application for these languages, but if a
#: language is missing in the UI it falls back to english.
View
@@ -100,10 +100,6 @@ def active_in(self, locale):
return self.filter(User.id.in_(select([ua.user_id],
ua.locale == str(locale))))
- def banned(self):
- """Returns all the banned users."""
- return self.filter_by(pw_hash=None)
-
class User(RemoteObject):
"""Represents a user on the system."""
@@ -124,6 +120,7 @@ def __init__(self, username, email, password=None, is_admin=False):
self.real_name = u''
self.is_admin = is_admin
self.is_active = True
+ self.is_banned = False
self.last_login = None
if password is not None:
self.set_password(password)
@@ -158,11 +155,6 @@ def is_moderator(self):
settings.REPUTATION_MAP['IS_MODERATOR']
@property
- def is_banned(self):
- """If the user does not have a password he's marked as banned."""
- return self.pw_hash is None
-
- @property
def display_name(self):
return self.real_name or self.username
View
@@ -28,7 +28,9 @@
# the email of the user. If an external auth system is used, the
# login code should update that information automatically on login
Column('email', String(200), index=True),
- # the password hash. Probably only used for the builtin auth system.
+ # the password hash. This might not be used by every auth system.
+ # the OpenID auth for example does not use it at all. But also
+ # external auth systems might not store the password here.
Column('pw_hash', String(60)),
# the realname of the user
Column('real_name', String(200)),
@@ -46,6 +48,8 @@
Column('platin_badges', Integer, nullable=False),
# true if the user is an administrator
Column('is_admin', Boolean, nullable=False),
+ # true if the user is banned
+ Column('is_banned', Boolean, nullable=False),
# the date of the last login
Column('last_login', DateTime),
# the user's activation key. If this is NULL, the user is already
@@ -20,7 +20,7 @@
<ul class="userlist">
{%- for user in banned_users %}
<li>{{ render_user(user, avatar_size=26) }}
- <span class="action">[<a href="{{ url_for('admin.unban', user=user.username)
+ <span class="action">[<a href="{{ url_for('admin.unban_user', user=user.username)
}}">{{ _('lift the ban') }}</a>]</span>
{%- else %}
<li>{{ _('No users are currently banned.') }}
@@ -4,11 +4,14 @@
Hi {{ user }}!
Your ban on {{ site }} was lifted.
+{%- endtrans %}
+
+{%- if settings.REQUIRE_NEW_PASSWORD_ON_UNBAN %}{% trans %}
In order to login again you have to follow the following
link and pick a new password:
-{{ reset_url }}
+{{ reset_url }}{% endtrans %}{% endif %}
-See you soon on {{ site }}
+{% trans site=settings.WEBSITE_TITLE %}See you soon on {{ site }}
{%- endtrans %}{% endblock %}
@@ -27,7 +27,9 @@ def test_only_valid_links(self):
"""Make sure that all links are valid"""
settings.LANGUAGE_SECTIONS = ['en']
user = models.User('user1', 'user1@example.com', 'default')
- user.active = True
+ user.is_admin = True
+ banned_user = models.User('user2', 'user2@example.com', 'default')
+ banned_user.is_banned = True
topic = models.Topic('en', 'This is a test topic', 'Foobar', user)
post1 = models.Post(topic, user, 'meh1')
post2 = models.Post(topic, user, 'meh2')
@@ -40,7 +42,9 @@ def visit(url):
if not url.startswith(BASE_URL) or url in visited_links:
return
visited_links.add(url)
- path = url.split('/', 3)[-1]
+ path = '/' + url.split('/', 3)[-1]
+ if path.startswith('/logout?'):
+ return
response = self.client.get(path, follow_redirects=True)
self.assertEqual(response.status_code, 200)
for link in response.html.xpath('//a[@href]'):
@@ -8,6 +8,7 @@
:copyright: (c) 2009 by Plurk Inc., see AUTHORS for more details.
:license: BSD, see LICENSE for more details.
"""
+from solace import settings
from solace.i18n import _
from solace.application import url_for
from solace.templating import render_template
@@ -22,7 +23,7 @@ def ban_user(user):
if user.is_banned:
return
- user.pw_hash = None
+ user.is_banned = True
send_email(_(u'User account banned'),
render_template('mails/user_banned.txt', user=user),
user.email)
@@ -37,9 +38,9 @@ def unban_user(user):
if not user.is_banned:
return
- # special password value that will never validate but does not
- # trigger a "user is deativated".
- user.pw_hash = '!'
+ if settings.REQUIRE_NEW_PASSWORD_ON_UNBAN:
+ user.is_active = False
+ user.is_banned = False
reset_url = url_for('core.reset_password', email=user.email,
key=user.password_reset_key, _external=True)
send_email(_(u'Your ban was lifted'),
@@ -39,7 +39,7 @@ def status(request):
def bans(request):
"""Manages banned users"""
form = BanUserForm()
- query = User.query.banned()
+ query = User.query.filter_by(is_banned=True)
pagination = Pagination(request, query, request.args.get('page', type=int))
if request.method == 'POST' and form.validate():

0 comments on commit e2f1e4f

Please sign in to comment.