server/users: prohibit using special ranks

Anonymous is self explanatory.
Nobody is used solely to mark certain operation as unavailable even to
administrators (<- nobody is higher than administrator).

server/szurubooru/func/users.py

@@ -128,6 +128,8 @@ def update_user_rank(user, rank, authenticated_user):
     if not rank in db.User.ALL_RANKS:
         raise InvalidRankError(
             'Rank %r is invalid. Valid ranks: %r' % (rank, db.User.ALL_RANKS))
+    if rank in (db.User.RANK_ANONYMOUS, db.User.RANK_NOBODY):
+        raise InvalidRankError('Rank %r cannot be used.' % (rank))
     if db.User.ALL_RANKS.index(authenticated_user.rank) \
             < db.User.ALL_RANKS.index(rank) and get_user_count() > 0:
         raise errors.AuthError('Trying to set higher rank than your own.')

server/szurubooru/tests/api/test_user_creating.py

@@ -128,6 +128,8 @@ def test_trying_to_become_someone_else(test_ctx):
     ({'rank': None}, users.InvalidRankError),
     ({'rank': ''}, users.InvalidRankError),
     ({'rank': 'bad'}, users.InvalidRankError),
+    ({'rank': 'anonymous'}, users.InvalidRankError),
+    ({'rank': 'nobody'}, users.InvalidRankError),
     ({'email': 'bad'}, users.InvalidEmailError),
     ({'email': 'x@' * 65 + '.com'}, users.InvalidEmailError),
     ({'avatarStyle': None}, users.InvalidAvatarError),

server/szurubooru/tests/api/test_user_updating.py

@@ -79,6 +79,8 @@ def test_updating_user(test_ctx):
     ({'rank': None}, users.InvalidRankError),
     ({'rank': ''}, users.InvalidRankError),
     ({'rank': 'bad'}, users.InvalidRankError),
+    ({'rank': 'anonymous'}, users.InvalidRankError),
+    ({'rank': 'nobody'}, users.InvalidRankError),
     ({'email': 'bad'}, users.InvalidEmailError),
     ({'email': 'x@' * 65 + '.com'}, users.InvalidEmailError),
     ({'avatarStyle': None}, users.InvalidAvatarError),