paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 21:43:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

custom profile fields: Fix error handling for admin clearing values.

Browse Source 
This commit fixes an error in the logic for allowing admins to edit any
user's CPF (custom profile field) values. The logic allowing users to
edit their own CPF values is however sound. What happens is that of all
the CPF types, for "choice fields" as well as "URL" and "date fields",
when the value is reset/deleted/cleared by the admin in the Admin UI
(organization settings), the frontend would send a null (empty string)
value to the backend for that custom profile field (as this is, after
all, the new value in this case). This would then triggers the backend
validators to return an error message.

We fix this by using the method check_remove_custom_profile_field_value,
that both code paths (user editing their own CPFs and admin editing a
user's CPF) can call.
This commit is contained in:
Hemanth V. Alluri
2019-01-15 16:51:14 +05:30
committed by Tim Abbott
parent 716bcad393
commit 7d07dc66fd
2 changed files with 72 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
zerver/views/users.py
View File

@@ -19,7 +19,7 @@ from zerver.lib.actions import do_change_avatar_fields, do_change_bot_owner, \
do_create_user, do_deactivate_user, do_reactivate_user, do_regenerate_api_key, \
check_change_full_name, notify_created_bot, do_update_outgoing_webhook_service, \
do_update_bot_config_data, check_change_bot_full_name, do_change_is_guest, \
do_update_user_custom_profile_data
do_update_user_custom_profile_data, check_remove_custom_profile_field_value
from zerver.lib.avatar import avatar_url, get_gravatar_url, get_avatar_field
from zerver.lib.bot_config import set_bot_config
from zerver.lib.exceptions import JsonableError, CannotDeactivateLastUserError
@@ -113,8 +113,15 @@ def update_user_backend(request: HttpRequest, user_profile: UserProfile, user_id
check_change_full_name(target, full_name, user_profile)
if profile_data is not None:
validate_user_custom_profile_data(target.realm.id, profile_data)
do_update_user_custom_profile_data(target, profile_data)
clean_profile_data = []
for entry in profile_data:
if not entry["value"]:
field_id = entry["id"]
check_remove_custom_profile_field_value(target, field_id)
else:
clean_profile_data.append(entry)
validate_user_custom_profile_data(target.realm.id, clean_profile_data)
do_update_user_custom_profile_data(target, clean_profile_data)
return json_success()