Corrige une erreur si la durée d'une sanction temporaire est manquante

Et rend obligatoire la durée des sanctions temporaires pour valider le formulaire.
zestedesavoir · Feb 10, 2024 · 3eed6a6 · 3eed6a6
1 parent e2aeccd
commit 3eed6a6
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 13 deletions.
diff --git a/templates/member/profile.html b/templates/member/profile.html
@@ -711,6 +711,7 @@ <h3>{% trans 'Sanctions' %}</h3>
                                            name="ls-jrs"
                                            class="expand"
                                            placeholder="{% trans 'Durée de la lecture seule, en jours' %}"
+                                           required="required"
                                            min="1">
                                     {% csrf_token %}
                                     <button type="submit"
@@ -795,12 +796,13 @@ <h3>{% trans 'Sanctions' %}</h3>
                                     <input type="number"
                                            name="ban-jrs"
                                            class="expand"
+                                           required="required"
                                            placeholder="{% trans 'Durée du bannissement, en jours' %}"
                                            min="1">
                                     {% csrf_token %}
                                     <button type="submit"
                                             name="ban-temp"
-                                            class="btn  btn-submit">
+                                            class="btn btn-submit">
                                         {% trans "Confirmer" %}
                                     </button>
                                 </form>

diff --git a/zds/member/tests/views/tests_moderation.py b/zds/member/tests/views/tests_moderation.py
@@ -90,6 +90,20 @@ def test_ls_followed_by_unls(self):
         self.assertEqual(result.status_code, 200)
         self.assertEqual(nb_users + 1, len(result.context["members"]))  # LS guy still shows up, good
 
+    def test_temp_ban_missing_duration(self):
+        # Test error is caught when the duration for temporary sanction is missing in submitted form.
+        staff = StaffProfileFactory()
+        self.client.force_login(staff.user)
+
+        profile = ProfileFactory()
+        ls_text = "Texte de test pour LS TEMP"
+        result = self.client.post(
+            reverse("member-modify-profile", kwargs={"user_pk": profile.user.id}),
+            {"ls-temp": "", "ls-text": ls_text},
+            follow=False,
+        )
+        self.assertEqual(result.status_code, 302)
+
     def test_temp_ls_followed_by_unls(self):
         """
         Test various sanctions.

diff --git a/zds/member/views/moderation.py b/zds/member/views/moderation.py
@@ -7,7 +7,7 @@
 from django.core.exceptions import PermissionDenied, ValidationError
 from django.core.validators import validate_ipv46_address
 from django.db import transaction
-from django.http import Http404, HttpResponseBadRequest
+from django.http import Http404
 from django.shortcuts import redirect, render, get_object_or_404
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
@@ -178,19 +178,24 @@ def modify_profile(request, user_pk):
 
     try:
         ban = state.get_sanction(request.user, profile.user)
-    except ValueError:
-        raise HttpResponseBadRequest
+    except (ValueError, TypeError):
+        # These exception can be raised if content of the POST parameters are
+        # not correctly (eg, empty string instead of integer), making the
+        # object state having invalid data. The validity of parameters should
+        # be checked when creating the `state` object above.
+        messages.error(request, _("Une erreur est survenue lors de la récupération de la sanction."))
+    else:
+        state.apply_sanction(profile, ban)
 
-    state.apply_sanction(profile, ban)
+        if "un-ls" in request.POST or "un-ban" in request.POST:
+            msg = state.get_message_unsanction()
+        else:
+            msg = state.get_message_sanction()
 
-    if "un-ls" in request.POST or "un-ban" in request.POST:
-        msg = state.get_message_unsanction()
-    else:
-        msg = state.get_message_sanction()
+        msg = msg.format(
+            ban.user, ban.moderator, ban.type, state.get_detail(), ban.note, settings.ZDS_APP["site"]["literal_name"]
+        )
 
-    msg = msg.format(
-        ban.user, ban.moderator, ban.type, state.get_detail(), ban.note, settings.ZDS_APP["site"]["literal_name"]
-    )
+        state.notify_member(ban, msg)
 
-    state.notify_member(ban, msg)
     return redirect(profile.get_absolute_url())