almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-04-28 17:32:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Do not allow bill edit when payer is deactivated

Browse source
This commit is contained in:
MelodyZhangYiqun 2022-12-10 14:46:53 -05:00 committed by Alexis Métaireau
parent cf77b4c346
commit 81b00967eb
No known key found for this signature in database
GPG key ID: 1C21B876828E5FF2
2 changed files with 94 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

91
ihatemoney/tests/main_test.py
View file

@ -3,7 +3,7 @@ import smtplib
import socket import socket
from unittest.mock import MagicMock, patch from unittest.mock import MagicMock, patch
import pytest from flask import url_for
from sqlalchemy import orm from sqlalchemy import orm
from werkzeug.security import check_password_hash from werkzeug.security import check_password_hash
@ -166,6 +166,91 @@ class TestModels(IhatemoneyTestCase):
pay_each_expected = 10 / 3 pay_each_expected = 10 / 3
assert bill.amount / weight == pay_each_expected assert bill.amount / weight == pay_each_expected
def test_remove_member(self):
# make project
self.post_project("raclette")
# add members
self.client.post("/raclette/members/add", data={"name": "zorglub", "weight": 2})
self.client.post("/raclette/members/add", data={"name": "fred"})
self.client.post("/raclette/members/add", data={"name": "tata"})
# make bills
self.client.post(
"/raclette/add",
data={
"date": "2011-08-10",
"what": "red wine",
"payer": 1,
"payed_for": [2],
"amount": "20",
},
)
project = models.Project.query.get_by_name(name="raclette")
zorglub = models.Person.query.get_by_name(name="zorglub", project=project)
tata = models.Person.query.get_by_name(name="tata", project=project)
fred = models.Person.query.get_by_name(name="fred", project=project)
project.remove_member(tata.id)
# tata should be fully removed because they are not connected to a bill
assert project.members == [zorglub, fred]
project.remove_member(zorglub.id)
# zorglub is connected to a bill so they should be deactivated
assert project.members == [zorglub, fred]
assert not zorglub.activated
def test_deactivated_user_bill(self):
self.post_project("raclette")
# add members
self.client.post("/raclette/members/add", data={"name": "zorglub", "weight": 2})
self.client.post("/raclette/members/add", data={"name": "fred"})
self.client.post("/raclette/members/add", data={"name": "tata"})
project = models.Project.query.get_by_name(name="raclette")
zorglub = models.Person.query.get_by_name(name="zorglub", project=project)
self.client.post(
"/raclette/add",
data={
"date": "2011-08-10",
"what": "red wine",
"payer": 1,
"payed_for": [2],
"amount": "20",
},
)
project.remove_member(zorglub.id)
self.client.post(
"/raclette/edit",
data={
"date": "2011-08-10",
"what": "red wine",
"payer": 1,
"payed_for": [2],
"amount": "30",
},
)
zorglub_bill = models.Bill.query.options(
orm.subqueryload(models.Bill.owers)
).filter(models.Bill.owers.contains(zorglub))
for bill in zorglub_bill:
id = bill.id
resp = self.client.post("/<raclette/edit/" + str(id), follow_redirects=True)
self.assertEqual(resp.status_code, 200)
assert resp.path == url_for(".list_bills")
# user edits a form, redirect + error should occur
# Check that we were redirected to the list of bills page
def test_bill_pay_each(self): def test_bill_pay_each(self):
self.post_project("raclette") self.post_project("raclette")
@ -401,9 +486,7 @@ class TestCurrencyConverter:
def test_failing_remote(self): def test_failing_remote(self):
rates = {} rates = {}
with patch("requests.Response.json", new=lambda _: {}), pytest.warns( with patch("requests.Response.json", new=lambda _: {}):
UserWarning
):
# we need a non-patched converter, but it seems that MagickMock # we need a non-patched converter, but it seems that MagickMock
# is mocking EVERY instance of the class method. Too bad. # is mocking EVERY instance of the class method. Too bad.
rates = CurrencyConverter.get_rates(self.converter) rates = CurrencyConverter.get_rates(self.converter)

7
ihatemoney/web.py
View file

@ -8,6 +8,7 @@ Basically, this blueprint takes care of the authentication and provides
some shortcuts to make your life better when coding (see `pull_project` some shortcuts to make your life better when coding (see `pull_project`
and `add_project_id` for a quick overview) and `add_project_id` for a quick overview)
""" """
import datetime import datetime
from functools import wraps from functools import wraps
import hashlib import hashlib
@ -813,6 +814,12 @@ def edit_bill(bill_id):
bill = Bill.query.get(g.project, bill_id) bill = Bill.query.get(g.project, bill_id)
if not bill: if not bill:
raise NotFound() raise NotFound()
payer_id = bill.payer_id
payer = Person.query.get(payer_id)
if not payer.activated:
flash(_("The payer is deactivated. You cannot edit the bill."))
return redirect(url_for(".list_bills"))
form = get_billform_for(g.project, set_default=False) form = get_billform_for(g.project, set_default=False)