Cannot set username that is similar to an alias we don't own

2020-02-17 11:21:05 +01:00 · 2020-02-17 11:21:05 +01:00 · 3ce5f31411
parent 6a4e0de444
commit 3ce5f31411
2 changed files with 34 additions and 3 deletions
--- a/apps/member/views.py
+++ b/apps/member/views.py
@ -4,6 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 from dal import autocomplete
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.core.exceptions import ValidationError
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import CreateView, ListView, DetailView, UpdateView
 from django.http import HttpResponseRedirect
@ -14,7 +15,7 @@ from django.db.models import Q
 from django_tables2.views import SingleTableView
-
+from note.models import Alias, Note, NoteUser
 from .models import Profile, Club, Membership
 from .forms import  SignUpForm, ProfileForm, ClubForm,MembershipForm, MemberFormSet,FormSetHelper
 from .tables import ClubTable,UserTable
@ -57,13 +58,38 @@ class UserUpdateView(LoginRequiredMixin,UpdateView):
    second_form = ProfileForm
    def get_context_data(self,**kwargs):
        context = super().get_context_data(**kwargs)
-        context["profile_form"] = self.second_form(instance=context['user'].profile)
+        context['user_modified'] = context['user']
        context['user'] = self.request.user
        context["profile_form"] = self.second_form(instance=context['user_modified'].profile)
        return context
    def get_form(self, form_class=None):
        from django.forms import forms
        form: forms.Form = super().get_form(form_class)
        if 'username' not in form.data:
            return form
        new_username = form.data['username']
        note = NoteUser.objects.filter(alias__normalized_name=Alias.normalize(new_username))
        if note.exists() and note.get().user != self.request.user:
            form.add_error('username', _("An alias with a similar name already exists."))
        return form
    def form_valid(self, form):
        profile_form = ProfileForm(data=self.request.POST,instance=self.request.user.profile)
        if form.is_valid() and profile_form.is_valid():
            new_username = form.data['username']
            alias = Alias.objects.filter(name=new_username)
            if not alias.exists():
                similar = Alias.objects.filter(normalized_name=Alias.normalize(new_username))
                if similar.exists():
                    similar.delete()
                note = NoteUser.objects.filter(alias__normalized_name=Alias.normalize(self.request.user.username)).get()
                Alias(name=new_username, note=note).save()
            user = form.save()
            profile  = profile_form.save(commit=False)
            profile.user = user
--- a/apps/note/models/notes.py
+++ b/apps/note/models/notes.py
@ -85,7 +85,7 @@ class Note(PolymorphicModel):
        """
        Verify alias (simulate save)
        """
-        aliases = Alias.objects.filter(name=str(self))
+        aliases = Alias.objects.filter(normalized_name=Alias.normalize(str(self)))
        if aliases.exists():
            # Alias exists, so check if it is linked to this note
            if aliases.first().note != self:
@ -233,3 +233,8 @@ class Alias(models.Model):
                                        'already exists.'))
        except Alias.DoesNotExist:
            pass
    def delete(self, using=None, keep_parents=False):
        if self.name == str(self.note):
            raise ValidationError(_("You can't delete your main alias."))
        return super().delete(using, keep_parents)