Verified Commit 13217be9 authored by Kevin Morris's avatar Kevin Morris
Browse files

fix: don't check suspension for ownership changes

People can change comaintainer ownership to suspended users if they
want to.

Suspended users cannot login, so there is no breach of security
here. It does make sense to allow ownership to be changed, imo.

Closes #339



Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
parent e2a17fef
......@@ -399,10 +399,7 @@ class ComaintainershipEventNotification(Notification):
self._pkgbase = db.query(PackageBase.Name).filter(
PackageBase.ID == pkgbase_id).first().Name
user = db.query(User).filter(
and_(User.ID == uid,
User.Suspended == 0)
).with_entities(
user = db.query(User).filter(User.ID == uid).with_entities(
User.Email,
User.LangPreference
).first()
......
......@@ -37,6 +37,15 @@ class Email:
if autoparse:
self._parse()
@staticmethod
def reset() -> None:
# Cleanup all email files for this test suite.
prefix = Email.email_prefix(suite=True)
files = os.listdir(Email.TEST_DIR)
for file in files:
if file.startswith(prefix):
os.remove(os.path.join(Email.TEST_DIR, file))
@staticmethod
def email_prefix(suite: bool = False) -> str:
"""
......
......@@ -299,6 +299,21 @@ You were removed from the co-maintainer list of {pkgbase.Name} [1].
assert email.body == expected
def test_suspended_ownership_change(user: User, pkgbases: List[PackageBase]):
with db.begin():
user.Suspended = 1
pkgbase = pkgbases[0]
notif = notify.ComaintainerAddNotification(user.ID, pkgbase.ID)
notif.send()
assert Email.count() == 1
Email.reset() # Clear the Email pool
notif = notify.ComaintainerRemoveNotification(user.ID, pkgbase.ID)
notif.send()
assert Email.count() == 1
def test_delete(user: User, user2: User, pkgbases: List[PackageBase]):
pkgbase = pkgbases[0]
notif = notify.DeleteNotification(user2.ID, pkgbase.ID)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment