allow redirect after user edition (#28779)

2018-12-18 16:37:33 +01:00 · 2018-12-18 16:37:33 +01:00 · f71dfaf15d
parent 0ad3bf4dfe
commit f71dfaf15d
3 changed files with 47 additions and 2 deletions
--- a/src/authentic2/manager/templates/authentic2/manager/user_edit.html
+++ b/src/authentic2/manager/templates/authentic2/manager/user_edit.html
@ -7,3 +7,8 @@
  <a href="{% url 'a2-manager-user-detail' pk=object.pk %}">{{ object.get_full_name }}</a>
  <a href="#">{% trans "Edit" %}</a>
 {% endblock %}
+
+{% block hidden_inputs %}
+    {{ block.super }}
+    {% if next %}<input type="hidden" name="next" value="{{ next }}">{% endif %}
+{% endblock %}
--- a/src/authentic2/manager/user_views.py
+++ b/src/authentic2/manager/user_views.py
@ -22,7 +22,7 @@ import tablib

 from authentic2.constants import SWITCH_USER_SESSION_KEY
 from authentic2.models import Attribute, AttributeValue, PasswordReset
-from authentic2.utils import switch_user, send_password_reset_mail, redirect, send_email_change_email
+from authentic2.utils import switch_user, send_password_reset_mail, redirect, select_next_url
 from authentic2.a2_rbac.utils import get_default_ou
 from authentic2 import hooks
 from django_rbac.utils import get_role_model, get_role_parenting_model, get_ou_model
@ -295,7 +295,6 @@ class UserEditView(OtherActionsMixin, ActionMixin, BaseEditView):
    form_class = UserEditForm
    permissions = ['custom_user.change_user']
    fields = ['username', 'ou', 'first_name', 'last_name']
-    success_url = '..'
    slug_field = 'uuid'
    action = _('Change')
    title = _('Edit user')
@ -311,6 +310,22 @@ class UserEditView(OtherActionsMixin, ActionMixin, BaseEditView):
            fields.append('is_superuser')
        return fields

+    def _get_next_url(self):
+        return select_next_url(
+            self.request,
+            default=reverse('a2-manager-user-detail', kwargs={'pk': self.object.pk}),
+            include_post=True)
+
+    def get_context_data(self, **kwargs):
+        context = super(UserEditView, self).get_context_data(**kwargs)
+        next_url = self._get_next_url()
+        context['next'] = next_url
+        context['cancel_url'] = next_url
+        return context
+
+    def get_success_url(self):
+        return self._get_next_url()
+
    def form_valid(self, form):
        response = super(UserEditView, self).form_valid(form)
        hooks.call_hooks('event', name='manager-edit-user', user=self.request.user,
--- a/tests/test_manager.py
+++ b/tests/test_manager.py
@ -780,3 +780,28 @@ def test_manager_add_user_querystring(superuser_or_admin, app, ou1):
    response = app.get(url)

    assert querystring in response.location
+
+
+def test_manager_edit_user_next(app, simple_user, superuser_or_admin):
+    next_url = u'/example.nowhere.null/'
+    url = u'/manage/users/%s/edit/?next=%s' % (simple_user.pk, next_url)
+    login(app, superuser_or_admin, '/manage/')
+    response = app.get(url)
+
+    # cancel if not handled through form submission
+    assert response.pyquery.remove_namespaces()('a.cancel').attr('href') == next_url
+
+    form = response.form
+    form.set('last_name', 'New name')
+    assert urlparse(form.submit().location).path == next_url
+
+
+def test_manager_edit_user_next_form_error(superuser_or_admin, app, ou1, simple_user):
+    next_url = u'/example.nowhere.null/'
+    url = u'/manage/users/%s/edit/?next=%s' % (simple_user.pk, next_url)
+    login(app, superuser_or_admin, '/manage/')
+    response = app.get(url)
+    form = response.form
+    form.set('email', 'jd')  # erroneous
+    resp = form.submit()
+    assert '<input type="hidden" name="next" value="%s">' % next_url in resp.ubody