summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Callaghan <dcallagh@redhat.com>2017-10-05 18:06:49 +1000
committerDan Callaghan <dcallagh@redhat.com>2017-10-12 06:28:29 +0000
commit9c90d5581c3fd0cf8ee680882b97cde939a8f28d (patch)
tree3cafe37f337ad5fdb5ba77a72c5c54f4b4f6a5d5
parent6a3a93ff6e544b9251cc91a0534455a51f59b133 (diff)
disallow giving systems to deleted users
-rw-r--r--IntegrationTests/src/bkr/inttest/server/selenium/test_systems.py14
-rw-r--r--Server/bkr/server/CSV_import_export.py3
-rw-r--r--Server/bkr/server/systems.py3
3 files changed, 20 insertions, 0 deletions
diff --git a/IntegrationTests/src/bkr/inttest/server/selenium/test_systems.py b/IntegrationTests/src/bkr/inttest/server/selenium/test_systems.py
index 592ac6c..62f2581 100644
--- a/IntegrationTests/src/bkr/inttest/server/selenium/test_systems.py
+++ b/IntegrationTests/src/bkr/inttest/server/selenium/test_systems.py
@@ -768,3 +768,17 @@ class SystemHTTPTest(DatabaseTestCase):
with session.begin():
session.expire_all()
self.assertEquals(system.power.power_quiescent_period, 0)
+
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1497881
+ def test_cannot_give_to_deleted_user(self):
+ with session.begin():
+ system = data_setup.create_system()
+ deleted_user = data_setup.create_user()
+ deleted_user.removed = datetime.datetime.utcnow()
+ s = requests.Session()
+ requests_login(s)
+ response = patch_json(get_server_base() + 'systems/%s/' % system.fqdn,
+ session=s, data={'owner': {'user_name': deleted_user.user_name}})
+ self.assertEquals(response.status_code, 400)
+ self.assertEquals(response.text,
+ 'Cannot change owner to deleted user %s' % deleted_user.user_name)
diff --git a/Server/bkr/server/CSV_import_export.py b/Server/bkr/server/CSV_import_export.py
index 41fcb26..db90fc6 100644
--- a/Server/bkr/server/CSV_import_export.py
+++ b/Server/bkr/server/CSV_import_export.py
@@ -380,6 +380,9 @@ class CSV_System(CSV):
if not owner:
raise ValueError("%s: Invalid User %s" %
(system.fqdn, data['owner']))
+ if owner.removed:
+ raise ValueError('%s: user %s is deleted'
+ % (system.fqdn, owner.user_name))
else:
owner = None
if system.owner != owner:
diff --git a/Server/bkr/server/systems.py b/Server/bkr/server/systems.py
index 445ea04..3b4bd68 100644
--- a/Server/bkr/server/systems.py
+++ b/Server/bkr/server/systems.py
@@ -360,6 +360,9 @@ def _update_system(system, data={}):
new_owner = User.by_user_name(data['owner'].get('user_name'))
if new_owner is None:
raise BadRequest400('No such user %s' % data['owner'].get('user_name'))
+ if new_owner.removed:
+ raise BadRequest400('Cannot change owner to deleted user %s'
+ % new_owner.user_name)
record_activity(u'Owner', system.owner, new_owner)
system.owner = new_owner
changed = True