From 021434147324dedbd438d0130552bc9425e74088 Mon Sep 17 00:00:00 2001 From: rr- Date: Sun, 8 May 2016 18:02:19 +0200 Subject: [PATCH] server/users: prohibit using special ranks Anonymous is self explanatory. Nobody is used solely to mark certain operation as unavailable even to administrators (<- nobody is higher than administrator). --- server/szurubooru/func/users.py | 2 ++ server/szurubooru/tests/api/test_user_creating.py | 2 ++ server/szurubooru/tests/api/test_user_updating.py | 2 ++ 3 files changed, 6 insertions(+) diff --git a/server/szurubooru/func/users.py b/server/szurubooru/func/users.py index e8eefe3..d57af4c 100644 --- a/server/szurubooru/func/users.py +++ b/server/szurubooru/func/users.py @@ -128,6 +128,8 @@ def update_user_rank(user, rank, authenticated_user): if not rank in db.User.ALL_RANKS: raise InvalidRankError( 'Rank %r is invalid. Valid ranks: %r' % (rank, db.User.ALL_RANKS)) + if rank in (db.User.RANK_ANONYMOUS, db.User.RANK_NOBODY): + raise InvalidRankError('Rank %r cannot be used.' % (rank)) if db.User.ALL_RANKS.index(authenticated_user.rank) \ < db.User.ALL_RANKS.index(rank) and get_user_count() > 0: raise errors.AuthError('Trying to set higher rank than your own.') diff --git a/server/szurubooru/tests/api/test_user_creating.py b/server/szurubooru/tests/api/test_user_creating.py index 0c4a462..d92b955 100644 --- a/server/szurubooru/tests/api/test_user_creating.py +++ b/server/szurubooru/tests/api/test_user_creating.py @@ -128,6 +128,8 @@ def test_trying_to_become_someone_else(test_ctx): ({'rank': None}, users.InvalidRankError), ({'rank': ''}, users.InvalidRankError), ({'rank': 'bad'}, users.InvalidRankError), + ({'rank': 'anonymous'}, users.InvalidRankError), + ({'rank': 'nobody'}, users.InvalidRankError), ({'email': 'bad'}, users.InvalidEmailError), ({'email': 'x@' * 65 + '.com'}, users.InvalidEmailError), ({'avatarStyle': None}, users.InvalidAvatarError), diff --git a/server/szurubooru/tests/api/test_user_updating.py b/server/szurubooru/tests/api/test_user_updating.py index 43da5ff..4dbb321 100644 --- a/server/szurubooru/tests/api/test_user_updating.py +++ b/server/szurubooru/tests/api/test_user_updating.py @@ -79,6 +79,8 @@ def test_updating_user(test_ctx): ({'rank': None}, users.InvalidRankError), ({'rank': ''}, users.InvalidRankError), ({'rank': 'bad'}, users.InvalidRankError), + ({'rank': 'anonymous'}, users.InvalidRankError), + ({'rank': 'nobody'}, users.InvalidRankError), ({'email': 'bad'}, users.InvalidEmailError), ({'email': 'x@' * 65 + '.com'}, users.InvalidEmailError), ({'avatarStyle': None}, users.InvalidAvatarError),