diff --git a/intervention/forms/modalForms.py b/intervention/forms/modalForms.py index 36667f89..7adc6864 100644 --- a/intervention/forms/modalForms.py +++ b/intervention/forms/modalForms.py @@ -36,7 +36,7 @@ class ShareModalForm(BaseModalForm): user_select = forms.ModelMultipleChoiceField( label=_("Add user to share with"), label_suffix="", - help_text=_("Multiple selection possible - You can only select users which do not already have access"), + help_text=_("Multiple selection possible - You can only select users which do not already have access. Enter the full username."), required=False, queryset=User.objects.all(), widget=autocomplete.ModelSelect2Multiple( diff --git a/konova/autocompletes.py b/konova/autocompletes.py index f0fb0fe0..241143c0 100644 --- a/konova/autocompletes.py +++ b/konova/autocompletes.py @@ -70,7 +70,7 @@ class ShareUserAutocomplete(Select2QuerySetView): def get_queryset(self): if self.request.user.is_anonymous: return User.objects.none() - exclude_user_ids = self.forwarded.get("users", [None]) + exclude_user_ids = self.forwarded.get("users", []) _exclude = {"id__in": exclude_user_ids} qs = User.objects.all().exclude( **_exclude @@ -78,8 +78,9 @@ class ShareUserAutocomplete(Select2QuerySetView): "username" ) if self.q: + # Due to privacy concerns only a full username match will return the proper user entry qs = qs.filter( - username__istartswith=self.q + username=self.q ) return qs diff --git a/konova/tests/test_autocompletes.py b/konova/tests/test_autocompletes.py new file mode 100644 index 00000000..47df3dc3 --- /dev/null +++ b/konova/tests/test_autocompletes.py @@ -0,0 +1,59 @@ +""" +Author: Michel Peltriaux +Organization: Struktur- und Genehmigungsdirektion Nord, Rhineland-Palatinate, Germany +Contact: michel.peltriaux@sgdnord.rlp.de +Created on: 14.12.21 + +""" +import json + +from django.urls import reverse + +from konova.tests.test_views import BaseTestCase +from django.test.client import Client + + +class AutocompleteTestCase(BaseTestCase): + @classmethod + def setUpTestData(cls): + super().setUpTestData() + cls.client = Client() + + def test_user_autocomplete(self): + self.client.login(username=self.superuser.username, password=self.superuser_pw) + user_autocomplete_url = reverse("share-user-autocomplete") + username = self.user.username + + # Provide the full name --> success + data = { + "q": username + } + response = self.client.get( + user_autocomplete_url, + data, + ) + content = json.loads(response.content) + self.assertEqual(username, content["results"][0]["text"]) + self.assertEqual(str(self.user.id), content["results"][0]["id"]) + + # Provide only the first letter --> no result + data = { + "q": username[0] + } + response = self.client.get( + user_autocomplete_url, + data, + ) + content = json.loads(response.content) + self.assertEqual([], content["results"]) + + # Provide full name + too much --> no result + data = { + "q": username + "t" + } + response = self.client.get( + user_autocomplete_url, + data, + ) + content = json.loads(response.content) + self.assertEqual([], content["results"]) diff --git a/locale/de/LC_MESSAGES/django.mo b/locale/de/LC_MESSAGES/django.mo index bea21be2..94f1f426 100644 Binary files a/locale/de/LC_MESSAGES/django.mo and b/locale/de/LC_MESSAGES/django.mo differ diff --git a/locale/de/LC_MESSAGES/django.po b/locale/de/LC_MESSAGES/django.po index b194437a..fdf4fc98 100644 --- a/locale/de/LC_MESSAGES/django.po +++ b/locale/de/LC_MESSAGES/django.po @@ -1289,10 +1289,10 @@ msgstr "Nutzer direkt hinzufügen" #: intervention/forms/modalForms.py:39 msgid "" "Multiple selection possible - You can only select users which do not already " -"have access" +"have access. Enter the full username." msgstr "" "Mehrfachauswahl möglich - Sie können nur Nutzer wählen, für die der Eintrag " -"noch nicht freigegeben wurde" +"noch nicht freigegeben wurde. Geben Sie den ganzen Nutzernamen an." #: intervention/forms/modalForms.py:55 msgid "Remove check to remove access for this user"