Skip to content

Commit

Permalink
pep8, refactor UserPatch.reply()
Browse files Browse the repository at this point in the history
  • Loading branch information
@csenger
csenger committed Apr 23, 2019
1 parent a7ffbad commit d72d4d3
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 71 deletions.
141 changes: 73 additions & 68 deletions src/plone/restapi/services/users/update.py
View file
Expand Up @@ -54,6 +54,70 @@ def _change_user_password(self, user, value):
acl_users = getToolByName(self.context, 'acl_users')
acl_users.userSetPassword(user.getUserId(), value)

def update_as_manager(self, user, user_settings_to_update):
for key, value in user_settings_to_update.items():
if key == 'password':
self._change_user_password(user, value)
elif key == 'username':
set_own_login_name(user, value)
else:
if key == 'portrait' and value.get('data'):
self.set_member_portrait(user, value)
user.setMemberProperties(mapping={key: value})

roles = user_settings_to_update.get('roles', {})
if roles:
to_add = [key for key, enabled in roles.items() if enabled]
to_remove = [key for key, enabled in roles.items()
if not enabled]

target_roles = set(user.getRoles()) - set(to_remove)
target_roles = target_roles | set(to_add)

acl_users = getToolByName(self.context, 'acl_users')
acl_users.userFolderEditUser(
principal_id=user.id,
password=None,
roles=target_roles,
domains=user.getDomains(),
)

groups = user_settings_to_update.get('groups', {})
if groups:
to_add = [key for key, enabled in groups.items() if enabled]
to_remove = [key for key, enabled in groups.items()
if not enabled]
groups_tool = getToolByName(self.context, 'portal_groups')
current = groups_tool.getGroupsForPrincipal(user)
for group in to_add:
if group not in current:
groups_tool.addPrincipalToGroup(user.id, group)
for group in to_remove:
if group in current:
groups_tool.removePrincipalFromGroup(user.id, group)

def update_own_settings(self, user, user_settings_to_update):
if not self.can_manage_users:
if 'roles' in user_settings_to_update:
return self._error(
403, 'Forbidden',
'You can\'t update your roles')
if 'groups' in user_settings_to_update:
return self._error(
403, 'Forbidden',
'You can\'t update your groups')

for key, value in user_settings_to_update.items():
security = getAdapter(self.context, ISecuritySchema)
if key == 'password' and \
security.enable_user_pwd_choice and \
self.can_set_own_password:
self._change_user_password(user, value)
else:
if key == 'portrait' and value.get('data'):
self.set_member_portrait(user, value)
user.setMemberProperties(mapping={key: value})

def reply(self):
user_settings_to_update = json.loads(self.request.get('BODY', '{}'))
user = self._get_user(self._get_user_id)
Expand All @@ -63,81 +127,22 @@ def reply(self):
alsoProvides(self.request,
plone.protect.interfaces.IDisableCSRFProtection)

security = getAdapter(self.context, ISecuritySchema)
self.request.response.setStatus(204)

if self.can_manage_users:
for key, value in user_settings_to_update.items():
if key == 'password':
self._change_user_password(user, value)
elif key == 'username':
set_own_login_name(user, value)
else:
if key == 'portrait' and value.get('data'):
self.set_member_portrait(user, value)
user.setMemberProperties(mapping={key: value})

roles = user_settings_to_update.get('roles', {})
if roles:
to_add = [key for key, enabled in roles.items() if enabled]
to_remove = [key for key, enabled in roles.items()
if not enabled]

target_roles = set(user.getRoles()) - set(to_remove)
target_roles = target_roles | set(to_add)

acl_users = getToolByName(self.context, 'acl_users')
acl_users.userFolderEditUser(
principal_id=user.id,
password=None,
roles=target_roles,
domains=user.getDomains(),
)

groups = user_settings_to_update.get('groups', {})
if groups:
to_add = [key for key, enabled in groups.items() if enabled]
to_remove = [key for key, enabled in groups.items()
if not enabled]
groups_tool = getToolByName(self.context, 'portal_groups')
current = groups_tool.getGroupsForPrincipal(user)
for group in to_add:
if group not in current:
groups_tool.addPrincipalToGroup(user.id, group)
for group in to_remove:
if group in current:
groups_tool.removePrincipalFromGroup(user.id, group)
return self.update_as_manager(user, user_settings_to_update)

elif self._get_current_user == self._get_user_id:
if not self.can_manage_users:
if 'roles' in user_settings_to_update:
return self._error(
403, 'Forbidden',
'You can\'t update your roles')
if 'groups' in user_settings_to_update:
return self._error(
403, 'Forbidden',
'You can\'t update your groups')

for key, value in user_settings_to_update.items():
if key == 'password' and \
security.enable_user_pwd_choice and \
self.can_set_own_password:
self._change_user_password(user, value)
else:
if key == 'portrait' and value.get('data'):
self.set_member_portrait(user, value)
user.setMemberProperties(mapping={key: value})
return self.update_own_settings(user, user_settings_to_update)

if self._is_anonymous:
return self._error(401, 'Unauthorized',
'You are not authorized to perform this '
'action')
else:
if self._is_anonymous:
return self._error(401, 'Unauthorized',
'You are not authorized to perform this '
'action')
else:
return self._error(403, 'Forbidden', 'You can\'t update the '
'properties of this user')
return self._error(403, 'Forbidden', 'You can\'t update the '
'properties of this user')

self.request.response.setStatus(204)
return None

@property
Expand Down
4 changes: 1 addition & 3 deletions src/plone/restapi/tests/test_services_users.py
View file
Expand Up @@ -370,13 +370,12 @@ def test_get_user_groups_expander(self):
self.assertEqual(response.status_code, 200)
response = response.json()
components = response['@components']
self.assertTrue('user-groups' in components)
self.assertTrue('user-groups' in components)
self.assertTrue('groups' in components['user-groups'])
expanded_groups = components['user-groups']['groups']
self.assertEqual(1, len(expanded_groups))
self.assertEqual(u'ploneteam', expanded_groups[0]['id'])


def test_get_user_as_anonymous(self):
response = self.anon_api_session.get('/@users/noam')
self.assertEqual(response.status_code, 401)
Expand Down Expand Up @@ -1097,4 +1096,3 @@ def test_add_user_with_groups(self):
self.assertEqual('howard', user.id)
groups = api.group.get_groups(user=user)
self.assertTrue('ploneteam' in [group.id for group in groups])

0 comments on commit d72d4d3

Please sign in to comment.