Merge branch 'fix-account-links' into pu

2025-02-03 10:43:03 +01:00 · 2021-12-04 00:25:57 -08:00 · 2021-12-04 00:25:57 -08:00 · f8bef16d32
commit f8bef16d32
parent bfa916c7b2 973dbf0482
3 changed files with 53 additions and 33 deletions
--- a/aurweb/routers/accounts.py
+++ b/aurweb/routers/accounts.py
@ -329,13 +329,23 @@ async def account_register_post(request: Request,
    return render_template(request, "register.html", context)


-def cannot_edit(request, user):
-    """ Return a 401 HTMLResponse if the request user doesn't
-    have authorization, otherwise None. """
-    has_dev_cred = request.user.has_credential(creds.ACCOUNT_EDIT_DEV,
-                                               approved=[user])
-    if not has_dev_cred:
-        return HTMLResponse(status_code=HTTPStatus.UNAUTHORIZED)
+def cannot_edit(request: Request, user: models.User) \
+        -> typing.Optional[RedirectResponse]:
+    """
+    Decide if `request.user` cannot edit `user`.
+
+    If the request user can edit the target user, None is returned.
+    Otherwise, a redirect is returned to /account/{user.Username}.
+
+    :param request: FastAPI request
+    :param user: Target user to be edited
+    :return: RedirectResponse if approval != granted else None
+    """
+    approved = request.user.has_credential(creds.ACCOUNT_EDIT, approved=[user])
+    if not approved and (to := "/"):
+        if user:
+            to = f"/account/{user.Username}"
+        return RedirectResponse(to, status_code=HTTPStatus.SEE_OTHER)
    return None