Mercurial > kallithea
changeset 3843:ad4a680113b7 beta
Gist: implemented delete of gists by owner, or super admin
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Sat, 11 May 2013 23:19:06 +0200 |
parents | 54bc7a89f090 |
children | ec64c396da8c |
files | rhodecode/controllers/admin/gists.py rhodecode/templates/admin/gists/show.html rhodecode/tests/functional/test_admin_gists.py |
diffstat | 3 files changed, 33 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/rhodecode/controllers/admin/gists.py Sat May 11 22:43:54 2013 +0200 +++ b/rhodecode/controllers/admin/gists.py Sat May 11 23:19:06 2013 +0200 @@ -41,7 +41,7 @@ from rhodecode.lib.auth import LoginRequired, NotAnonymous from rhodecode.lib.utils2 import safe_str, safe_int, time_to_datetime from rhodecode.lib.helpers import Page -from webob.exc import HTTPNotFound +from webob.exc import HTTPNotFound, HTTPForbidden from sqlalchemy.sql.expression import or_ from rhodecode.lib.vcs.exceptions import VCSError @@ -151,6 +151,16 @@ # h.form(url('gist', id=ID), # method='delete') # url('gist', id=ID) + gist = GistModel().get_gist(id) + owner = gist.gist_owner == c.rhodecode_user.user_id + if h.HasPermissionAny('hg.admin')() or owner: + GistModel().delete(gist) + Session().commit() + h.flash(_('Deleted gist %s') % gist.gist_access_id, category='success') + else: + raise HTTPForbidden() + + return redirect(url('gists')) @LoginRequired() def show(self, id, format='html'):
--- a/rhodecode/templates/admin/gists/show.html Sat May 11 22:43:54 2013 +0200 +++ b/rhodecode/templates/admin/gists/show.html Sat May 11 23:19:06 2013 +0200 @@ -48,9 +48,11 @@ <div class="left item last">${c.gist.gist_description}</div> <div class="buttons"> ## only owner should see that - %if c.gist.owner.username == c.rhodecode_user.username: + %if h.HasPermissionAny('hg.admin')() or c.gist.gist_owner == c.rhodecode_user.user_id: ##${h.link_to(_('Edit'),h.url(''),class_="ui-btn")} - ##${h.link_to(_('Delete'),h.url(''),class_="ui-btn red")} + ${h.form(url('gist', id=c.gist.gist_id),method='delete')} + ${h.submit('remove_gist', _('Delete'),class_="ui-btn red",onclick="return confirm('"+_('Confirm to delete this gist')+"');")} + ${h.end_form()} %endif </div> </div>
--- a/rhodecode/tests/functional/test_admin_gists.py Sat May 11 22:43:54 2013 +0200 +++ b/rhodecode/tests/functional/test_admin_gists.py Sat May 11 23:19:06 2013 +0200 @@ -5,11 +5,12 @@ def _create_gist(f_name, content='some gist', lifetime=-1, - description='gist-desc', gist_type='public'): + description='gist-desc', gist_type='public', + owner=TEST_USER_ADMIN_LOGIN): gist_mapping = { f_name: {'content': content} } - user = User.get_by_username(TEST_USER_ADMIN_LOGIN) + user = User.get_by_username(owner) gist = GistModel().create(description, owner=user, gist_mapping=gist_mapping, gist_type=gist_type, lifetime=lifetime) @@ -109,8 +110,21 @@ response = self.app.put(url('gist', id=1)) def test_delete(self): - self.skipTest('not implemented') - response = self.app.delete(url('gist', id=1)) + self.log_user() + gist = _create_gist('delete-me') + response = self.app.delete(url('gist', id=gist.gist_id)) + self.checkSessionFlash(response, 'Deleted gist %s' % gist.gist_id) + + def test_delete_normal_user_his_gist(self): + self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS) + gist = _create_gist('delete-me', owner=TEST_USER_REGULAR_LOGIN) + response = self.app.delete(url('gist', id=gist.gist_id)) + self.checkSessionFlash(response, 'Deleted gist %s' % gist.gist_id) + + def test_delete_normal_user_not_his_own_gist(self): + self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS) + gist = _create_gist('delete-me') + response = self.app.delete(url('gist', id=gist.gist_id), status=403) def test_show(self): gist = _create_gist('gist-show-me')