From 1b9b01e3ec02be8b6fe95f64f4d5ec48c471e21a Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Thu, 1 Oct 2020 07:50:51 +0200
Subject: [PATCH] manager: simplify user's authorizations view (#47203)

---
 src/authentic2/manager/forms.py                            | 3 +--
 .../authentic2/manager/user_authorizations_table.html      | 2 +-
 src/authentic2/manager/user_views.py                       | 7 +++----
 tests/test_user_manager.py                                 | 6 +++---
 4 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/src/authentic2/manager/forms.py b/src/authentic2/manager/forms.py
index 1994a4e7e..475e0607b 100644
--- a/src/authentic2/manager/forms.py
+++ b/src/authentic2/manager/forms.py
@@ -151,8 +151,7 @@ class ChooseUserRoleForm(LimitQuerysetFormMixin, CssClass, forms.Form):
 
 
 class ChooseUserAuthorizationsForm(CssClass, forms.Form):
-    auth_id = fields.ChooseUserAuthorizationsField(label=_('Add a service consent'))
-    action = forms.CharField(initial='add', widget=forms.HiddenInput)
+    authorization = fields.ChooseUserAuthorizationsField()
 
 
 class ChoosePermissionForm(CssClass, forms.Form):
diff --git a/src/authentic2/manager/templates/authentic2/manager/user_authorizations_table.html b/src/authentic2/manager/templates/authentic2/manager/user_authorizations_table.html
index 3f879452e..cd2c77686 100644
--- a/src/authentic2/manager/templates/authentic2/manager/user_authorizations_table.html
+++ b/src/authentic2/manager/templates/authentic2/manager/user_authorizations_table.html
@@ -10,7 +10,7 @@
 <td class="remove-icon-column">
   <a class="{% if not table.context.view.can_manage_authorizations %} disabled {% else %} js-remove-object {% endif %}"
      data-confirm="{% blocktrans with client=row.record.client username=table.context.object.get_full_name %}Do you really want to remove &quot;{{ client }}&quot; service granted access to &quot;{{ username }}&quot; profile data &nbsp;?{% endblocktrans %}"
-     href="#" data-pk-arg="auth_id">
+     href="#" data-pk-arg="authorization">
     <span class="icon-remove-sign"></span>
   </a>
 </td>
diff --git a/src/authentic2/manager/user_views.py b/src/authentic2/manager/user_views.py
index 7fdc9a847..a17a4605d 100644
--- a/src/authentic2/manager/user_views.py
+++ b/src/authentic2/manager/user_views.py
@@ -851,7 +851,7 @@ su = UserSuView.as_view()
 
 
 class UserAuthorizationsView(FormNeedsRequest, BaseFormView, SingleObjectMixin,
-                            BaseTableView, PermissionMixin):
+                             BaseTableView, PermissionMixin):
     permissions = ['custom_user.view_user']
     template_name = 'authentic2/manager/user_authorizations.html'
     title = _('Consent Management')
@@ -872,9 +872,8 @@ class UserAuthorizationsView(FormNeedsRequest, BaseFormView, SingleObjectMixin,
 
     def form_valid(self, form):
         response = super(UserAuthorizationsView, self).form_valid(form)
-        auth_id = form.cleaned_data['auth_id']
-        action = form.cleaned_data['action']
-        if action == 'remove' and self.can_manage_authorizations:
+        auth_id = form.cleaned_data['authorization']
+        if self.can_manage_authorizations:
             qs = OIDCAuthorization.objects.filter(user=self.get_object())
             qs = qs.filter(id=auth_id.pk)
             qs.delete()
diff --git a/tests/test_user_manager.py b/tests/test_user_manager.py
index e6414c19b..764cc6ed5 100644
--- a/tests/test_user_manager.py
+++ b/tests/test_user_manager.py
@@ -888,7 +888,7 @@ def test_manager_user_authorizations(app, superuser, simple_user):
     assert 'You are not authorized to see this page' in resp.text
     resp = app.get(user_authorizations_url, status=403)
     assert 'You are not authorized to see this page' in resp.text
-    params = {'action': 'remove', 'auth_id': auth.pk, 'csrfmiddlewaretoken': '???'}
+    params = {'authorization': auth.pk, 'csrfmiddlewaretoken': '???'}
     resp = app.post(user_authorizations_url, params=params, status=302)
     assert OIDCAuthorization.objects.count() == 1
 
@@ -901,7 +901,7 @@ def test_manager_user_authorizations(app, superuser, simple_user):
     assert resp.html.find('td', {'class': 'remove-icon-column'}).a['class'] == ['disabled']
     # cannot click it's JS :/
     token = str(resp.context['csrf_token'])
-    params = {'action': 'remove', 'auth_id': auth.pk, 'csrfmiddlewaretoken': token}
+    params = {'authorization': auth.pk, 'csrfmiddlewaretoken': token}
     resp = app.post(user_authorizations_url, params=params, status=302)
     assert OIDCAuthorization.objects.count() == 1
 
@@ -914,7 +914,7 @@ def test_manager_user_authorizations(app, superuser, simple_user):
     assert resp.html.find('td', {'class': 'remove-icon-column'}).a['class'] == ['js-remove-object']
     # cannot click it's JS :/
     token = str(resp.context['csrf_token'])
-    params = {'action': 'remove', 'auth_id': auth.pk, 'csrfmiddlewaretoken': token}
+    params = {'authorization': auth.pk, 'csrfmiddlewaretoken': token}
     resp = app.post(user_authorizations_url, params=params, status=302)
     assert OIDCAuthorization.objects.count() == 0
     resp = resp.follow()