From c002cdbf9477f6db6f8c5c3db912957601c290a5 Mon Sep 17 00:00:00 2001
From: JocelynDelalande <JocelynDelalande@users.noreply.github.com>
Date: Fri, 29 Dec 2017 18:07:39 +0100
Subject: [PATCH] Allow to disable/enable member via API (#301)

Disable was already (kind-of) possible via API via DELETE, but not re-enabling.

Kudos to @almet for helping me fixing that damn BooleanField :-)
---
 ihatemoney/api.py         | 15 ++++++++++++++-
 ihatemoney/tests/tests.py | 24 ++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/ihatemoney/api.py b/ihatemoney/api.py
index 84f454e4..827202c8 100644
--- a/ihatemoney/api.py
+++ b/ihatemoney/api.py
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 from flask import Blueprint, request
 from flask_rest import RESTResource, need_auth
+from wtforms.fields.core import BooleanField
 
 from ihatemoney.models import db, Project, Person, Bill
 from ihatemoney.forms import (ProjectForm, EditProjectForm, MemberForm,
@@ -58,6 +59,18 @@ class ProjectHandler(object):
         return 400, form.errors
 
 
+class APIMemberForm(MemberForm):
+    """ Member is not disablable via a Form.
+
+    But we want Member.enabled to be togglable via the API.
+    """
+    activated = BooleanField(false_values=('false', '', 'False'))
+
+    def save(self, project, person):
+        person.activated = self.activated.data
+        return super(APIMemberForm, self).save(project, person)
+
+
 class MemberHandler(object):
 
     def get(self, project, member_id):
@@ -79,7 +92,7 @@ class MemberHandler(object):
         return 400, form.errors
 
     def update(self, project, member_id):
-        form = MemberForm(project, meta={'csrf': False}, edit=True)
+        form = APIMemberForm(project, meta={'csrf': False}, edit=True)
         if form.validate():
             member = Person.query.get(member_id, project)
             form.save(project, member)
diff --git a/ihatemoney/tests/tests.py b/ihatemoney/tests/tests.py
index 25ca084f..de53c584 100644
--- a/ihatemoney/tests/tests.py
+++ b/ihatemoney/tests/tests.py
@@ -1182,6 +1182,30 @@ class APITestCase(IhatemoneyTestCase):
 
         self.assertStatus(200, req)
 
+        # de-activate the user
+        req = self.client.put("/api/projects/raclette/members/1", data={
+            "name": "Fred",
+            "activated": False,
+        }, headers=self.get_auth("raclette"))
+        self.assertStatus(200, req)
+
+        req = self.client.get("/api/projects/raclette/members/1",
+                              headers=self.get_auth("raclette"))
+        self.assertStatus(200, req)
+        self.assertEqual(False, json.loads(req.data.decode('utf-8'))["activated"])
+
+        # re-activate the user
+
+        req = self.client.put("/api/projects/raclette/members/1", data={
+            "name": "Fred",
+            "activated": True,
+        }, headers=self.get_auth("raclette"))
+
+        req = self.client.get("/api/projects/raclette/members/1",
+                              headers=self.get_auth("raclette"))
+        self.assertStatus(200, req)
+        self.assertEqual(True, json.loads(req.data.decode('utf-8'))["activated"])
+
         # delete a member
 
         req = self.client.delete("/api/projects/raclette/members/1",