admin: fix role-filtering of users in pickle mode (#6219)

2014-12-30 16:13:35 +01:00 · 2014-12-30 16:13:35 +01:00 · dd630465b9
parent 641267ecd5
commit dd630465b9
2 changed files with 24 additions and 3 deletions
--- a/tests/test_admin_pages.py
+++ b/tests/test_admin_pages.py
@ -824,10 +824,16 @@ def test_users_filter():
    pub.user_class.wipe()
    PasswordAccount.wipe()
    create_superuser()
+    role = create_role()
    for i in range(50):
        user = pub.user_class(name='foo bar %s' % (i+1))
        user.store()

+    for i in range(5):
+        user = pub.user_class(name='baz bar %s' % (i+1))
+        user.roles = [role.id]
+        user.store()
+
    app = login(get_app(pub))
    resp = app.get('/admin/users/')
    assert 'admin' in resp.body # superuser
@ -837,9 +843,17 @@ def test_users_filter():
    #   resp.forms[0].fields['role'][-1].checked = False
    #   resp = resp.forms[0].submit()
    # therefore we fall back on using the URL
-    resp = app.get('/admin/users/?offset=0&limit=20&q=&filter=true&role=admin')
-    assert 'admin' in resp.body # superuser
+    resp = app.get('/admin/users/?offset=0&limit=100&q=&filter=true&role=admin')
+    assert '>Number of filtered users: 1<' in resp.body
+    assert 'user-is-admin' in resp.body # superuser
+    assert 'foo bar 1' not in resp.body # simple user
+    assert 'baz bar 1' not in resp.body # user with role
+
+    resp = app.get('/admin/users/?offset=0&limit=100&q=&filter=true&role=1')
+    assert '>Number of filtered users: 5<' in resp.body
+    assert 'user-is-admin' not in resp.body # superuser
    assert 'foo bar 10' not in resp.body # simple user
+    assert 'baz bar 1' in resp.body # user with role

 def test_users_search():
    pub.user_class.wipe()
--- a/wcs/admin/users.py
+++ b/wcs/admin/users.py
@ -342,7 +342,14 @@ class UsersDirectory(Directory):
                    st.Equal('is_admin', False), st.Equal('roles', [])]))
            other_roles = [str(x) for x in checked_roles if x not in ('admin', 'none')]
            if other_roles:
-                criterias.append(st.Intersects('roles', other_roles))
+                other_roles_set = set(other_roles)
+                # duplicate all roles as they may be also stored as integers
+                for other_role in other_roles:
+                    try:
+                        other_roles_set.add(int(other_role))
+                    except ValueError:
+                        continue
+                criterias.append(st.Intersects('roles', other_roles_set))
            criterias = [st.Or(criterias)]

        query = get_request().form.get('q')