Merge pull request '48_Share_with_full_known_users' (#51) from 48_Share_with_full_known_users into master

Reviewed-on: SGD-Nord/konova#51

intervention/forms/modalForms.py

@@ -36,7 +36,7 @@ class ShareModalForm(BaseModalForm):
     user_select = forms.ModelMultipleChoiceField(
         label=_("Add user to share with"),
         label_suffix="",
-        help_text=_("Multiple selection possible - You can only select users which do not already have access"),
+        help_text=_("Multiple selection possible - You can only select users which do not already have access. Enter the full username."),
         required=False,
         queryset=User.objects.all(),
         widget=autocomplete.ModelSelect2Multiple(

konova/autocompletes.py

@@ -70,7 +70,7 @@ class ShareUserAutocomplete(Select2QuerySetView):
     def get_queryset(self):
         if self.request.user.is_anonymous:
             return User.objects.none()
-        exclude_user_ids = self.forwarded.get("users", [None])
+        exclude_user_ids = self.forwarded.get("users", [])
         _exclude = {"id__in": exclude_user_ids}
         qs = User.objects.all().exclude(
             **_exclude
@@ -78,8 +78,9 @@ class ShareUserAutocomplete(Select2QuerySetView):
             "username"
         )
         if self.q:
+            # Due to privacy concerns only a full username match will return the proper user entry
             qs = qs.filter(
-                username__istartswith=self.q
+                username=self.q
             )
         return qs
 

konova/tests/test_autocompletes.py

@@ -0,0 +1,59 @@
+"""
+Author: Michel Peltriaux
+Organization: Struktur- und Genehmigungsdirektion Nord, Rhineland-Palatinate, Germany
+Contact: michel.peltriaux@sgdnord.rlp.de
+Created on: 14.12.21
+
+"""
+import json
+
+from django.urls import reverse
+
+from konova.tests.test_views import BaseTestCase
+from django.test.client import Client
+
+
+class AutocompleteTestCase(BaseTestCase):
+    @classmethod
+    def setUpTestData(cls):
+        super().setUpTestData()
+        cls.client = Client()
+
+    def test_user_autocomplete(self):
+        self.client.login(username=self.superuser.username, password=self.superuser_pw)
+        user_autocomplete_url = reverse("share-user-autocomplete")
+        username = self.user.username
+
+        # Provide the full name --> success
+        data = {
+            "q": username
+        }
+        response = self.client.get(
+            user_autocomplete_url,
+            data,
+        )
+        content = json.loads(response.content)
+        self.assertEqual(username, content["results"][0]["text"])
+        self.assertEqual(str(self.user.id), content["results"][0]["id"])
+
+        # Provide only the first letter --> no result
+        data = {
+            "q": username[0]
+        }
+        response = self.client.get(
+            user_autocomplete_url,
+            data,
+        )
+        content = json.loads(response.content)
+        self.assertEqual([], content["results"])
+
+        # Provide full name + too much --> no result
+        data = {
+            "q": username + "t"
+        }
+        response = self.client.get(
+            user_autocomplete_url,
+            data,
+        )
+        content = json.loads(response.content)
+        self.assertEqual([], content["results"])

locale/de/LC_MESSAGES/django.po

@@ -1289,10 +1289,10 @@ msgstr "Nutzer direkt hinzufügen"
 #: intervention/forms/modalForms.py:39
 msgid ""
 "Multiple selection possible - You can only select users which do not already "
-"have access"
+"have access. Enter the full username."
 msgstr ""
 "Mehrfachauswahl möglich - Sie können nur Nutzer wählen, für die der Eintrag "
-"noch nicht freigegeben wurde"
+"noch nicht freigegeben wurde. Geben Sie den ganzen Nutzernamen an."
 
 #: intervention/forms/modalForms.py:55
 msgid "Remove check to remove access for this user"