Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[fix bug 760318] Only staff can be in Staff group.

Update UserProfile post_save signal to force users into the Staff group
iff they have an email address in the AUTO_VOUCH_DOMAINS setting.
  • Loading branch information...
commit f8a00f0d0fdf88159fa0ca6f895cad3ef908fdc7 1 parent e9883f2
James Socol authored
Showing with 55 additions and 8 deletions.
  1. +8 −6 apps/users/models.py
  2. +47 −2 apps/users/tests.py
14 apps/users/models.py
View
@@ -201,12 +201,14 @@ def auto_vouch(sender, instance, raw, using, **kwargs):
@receiver(models.signals.post_save, sender=UserProfile)
def add_to_staff_group(sender, instance, created, **kwargs):
- """Add all mozilla.com users to the "staff" group upon creation."""
- if created:
- email = instance.user.email
- if (any(email.endswith('@' + x) for x in
- settings.AUTO_VOUCH_DOMAINS)):
- instance.groups.add(Group.objects.get(name='staff', system=True))
+ """Keep users in the staff group if they're autovouchable."""
+ email = instance.user.email
+ staff = Group.objects.get(name='staff', system=True)
+ if any(email.endswith('@' + x) for x in
+ settings.AUTO_VOUCH_DOMAINS):
+ instance.groups.add(staff)
+ elif staff in instance.groups.all():
+ instance.groups.remove(staff)
@receiver(dbsignals.post_save, sender=UserProfile)
49 apps/users/tests.py
View
@@ -1,12 +1,13 @@
-from django.contrib.auth.models import User
from django.conf import settings
+from django.contrib.auth.models import User
+from django.test.utils import override_settings
from funfactory.urlresolvers import reverse
from nose.tools import eq_
from pyquery import PyQuery as pq
from common import browserid_mock
-from common.tests import ESTestCase, TestCase
+from common.tests import ESTestCase, TestCase, user
from groups.models import Group
from users.models import UserProfile
@@ -391,3 +392,47 @@ def test_login(self):
r = self.client.post(reverse('register'), info, follow=True)
eq_(r.status_code, 200)
+
+
+@override_settings(AUTO_VOUCH_DOMAINS=('mozilla.com',))
+class AutoVouchTests(TestCase):
+
+ def test_only_autovouch_in_staff(self):
+ """Restrict the staff group to emails in AUTO_VOUCH_DOMAINS."""
+ staff = Group.objects.get_or_create(name='staff', system=True)[0]
+ staff_user = user(email='abcd@mozilla.com')
+ staff_profile = staff_user.get_profile()
+ staff_profile.save()
+ assert staff in staff_profile.groups.all(), (
+ 'Auto-vouched email in staff group by default.')
+
+ staff_profile.groups.remove(staff)
+ staff_profile.save()
+ assert staff in staff_profile.groups.all(), (
+ 'Auto-vouched email cannot be removed from staff group.')
+
+ community_user = user()
+ community_profile = community_user.get_profile()
+ community_profile.save()
+ assert staff not in community_profile.groups.all(), (
+ 'Non-auto-vouched email not automatically in staff group.')
+
+ community_profile.groups.add(staff)
+ community_profile.save()
+ assert staff not in community_profile.groups.all(), (
+ 'Non-auto-vouched email cannot be added to staff group.')
+
+ def test_autovouch_email(self):
+ """Users with emails in AUTO_VOUCH_DOMAINS should be vouched."""
+ auto_user = user(email='abcd@mozilla.com')
+ auto_profile = auto_user.get_profile()
+ auto_profile.save()
+ assert auto_profile.is_vouched, 'Profile should be vouched.'
+ assert auto_profile.vouched_by is None, (
+ 'Profile should not have a voucher.')
+
+ non_auto_user = user()
+ non_auto_profile = non_auto_user.get_profile()
+ non_auto_profile.save()
+ assert not non_auto_profile.is_vouched, (
+ 'Profile should not be vouched.')
Please sign in to comment.
Something went wrong with that request. Please try again.