-
-
Notifications
You must be signed in to change notification settings - Fork 85
feat(tests): improve test coverage #234
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
11cf62d
0506252
1b6b706
149ce95
9bdacbd
1c1b662
c17e22c
25acb1b
bdd40ba
a5ccb2c
ac0128f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,32 +1,16 @@ | ||
| from flask import Blueprint, redirect, render_template, request, session | ||
| from flask import Blueprint, render_template, session | ||
|
|
||
| from models import User | ||
| from utils.log import Log | ||
| from utils.route_guards import admin_required | ||
|
|
||
| admin_panel_blueprint = Blueprint("admin_panel", __name__) | ||
|
|
||
|
|
||
| @admin_panel_blueprint.route("/admin") | ||
| @admin_required("admin panel") | ||
| def admin_panel(): | ||
| if "username" in session: | ||
| user = User.query.filter_by(username=session["username"]).first() | ||
| Log.info(f"Admin: {session['username']} reached to the admin panel") | ||
|
|
||
| if not user: | ||
| return redirect("/") | ||
| Log.info("Rendering admin_panel.html: params: None") | ||
|
|
||
| if user.role == "admin": | ||
| Log.info(f"Admin: {session['username']} reached to the admin panel") | ||
|
|
||
| Log.info("Rendering admin_panel.html: params: None") | ||
|
|
||
| return render_template("admin_panel.html") | ||
| else: | ||
| Log.error( | ||
| f"{request.remote_addr} tried to reach admin panel without being admin" | ||
| ) | ||
|
|
||
| return redirect("/") | ||
| else: | ||
| Log.error(f"{request.remote_addr} tried to reach admin panel being logged in") | ||
|
|
||
| return redirect("/") | ||
| return render_template("admin_panel.html") |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,52 +1,34 @@ | ||
| from flask import ( | ||
| Blueprint, | ||
| redirect, | ||
| render_template, | ||
| request, | ||
| session, | ||
| ) | ||
|
|
||
| from models import Comment, User | ||
| from models import Comment | ||
| from utils.log import Log | ||
| from utils.paginate import paginate_query | ||
| from utils.route_guards import admin_required | ||
|
|
||
| admin_panel_comments_blueprint = Blueprint("admin_panel_comments", __name__) | ||
|
|
||
|
|
||
| @admin_panel_comments_blueprint.route("/admin/comments", methods=["GET", "POST"]) | ||
| @admin_required("comment admin panel") | ||
| def admin_panel_comments(): | ||
| if "username" in session: | ||
| user = User.query.filter_by(username=session["username"]).first() | ||
|
|
||
| if not user or user.role != "admin": | ||
| Log.error( | ||
| f"{request.remote_addr} tried to reach comment admin panel without being admin" | ||
| ) | ||
| return redirect("/") | ||
|
|
||
| Log.info(f"Admin: {session['username']} reached to comments admin panel") | ||
|
|
||
| query = Comment.query.order_by(Comment.time_stamp.desc()) | ||
| comments_objects, page, total_pages = paginate_query(query) | ||
|
|
||
| comments = [ | ||
| (c.id, c.post_id, c.comment, c.username, c.time_stamp) | ||
| for c in comments_objects | ||
| ] | ||
|
|
||
| Log.info( | ||
| f"Rendering admin_panel_comments.html: params: comments={len(comments)}" | ||
| ) | ||
|
|
||
| return render_template( | ||
| "admin_panel_comments.html", | ||
| comments=comments, | ||
| page=page, | ||
| total_pages=total_pages, | ||
| ) | ||
| else: | ||
| Log.error( | ||
| f"{request.remote_addr} tried to reach comment admin panel being logged in" | ||
| ) | ||
|
|
||
| return redirect("/") | ||
| Log.info(f"Admin: {session['username']} reached to comments admin panel") | ||
|
|
||
| query = Comment.query.order_by(Comment.time_stamp.desc()) | ||
| comments_objects, page, total_pages = paginate_query(query) | ||
|
|
||
| comments = [ | ||
| (c.id, c.post_id, c.comment, c.username, c.time_stamp) for c in comments_objects | ||
| ] | ||
|
|
||
| Log.info(f"Rendering admin_panel_comments.html: params: comments={len(comments)}") | ||
|
|
||
| return render_template( | ||
| "admin_panel_comments.html", | ||
| comments=comments, | ||
| page=page, | ||
| total_pages=total_pages, | ||
| ) |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,66 +1,51 @@ | ||
| from flask import ( | ||
| Blueprint, | ||
| redirect, | ||
| render_template, | ||
| request, | ||
| session, | ||
| ) | ||
|
|
||
| from models import Post, User | ||
| from models import Post | ||
| from utils.log import Log | ||
| from utils.paginate import paginate_query | ||
| from utils.route_guards import admin_required | ||
|
|
||
| admin_panel_posts_blueprint = Blueprint("admin_panel_posts", __name__) | ||
|
|
||
|
|
||
| @admin_panel_posts_blueprint.route("/admin/posts", methods=["GET", "POST"]) | ||
| @admin_required("post admin panel") | ||
| def admin_panel_posts(): | ||
| if "username" in session: | ||
| user = User.query.filter_by(username=session["username"]).first() | ||
|
|
||
| if not user or user.role != "admin": | ||
| Log.error( | ||
| f"{request.remote_addr} tried to reach post admin panel without being admin" | ||
| ) | ||
| return redirect("/") | ||
|
|
||
| Log.info(f"Admin: {session['username']} reached to posts admin panel") | ||
|
|
||
| query = Post.query.order_by(Post.time_stamp.desc()) | ||
| posts_objects, page, total_pages = paginate_query(query) | ||
|
|
||
| posts = [ | ||
| ( | ||
| p.id, | ||
| p.title, | ||
| p.tags, | ||
| p.content, | ||
| p.banner, | ||
| p.author, | ||
| p.views, | ||
| p.time_stamp, | ||
| p.last_edit_time_stamp, | ||
| p.category, | ||
| p.url_id, | ||
| p.abstract, | ||
| ) | ||
| for p in posts_objects | ||
| ] | ||
|
|
||
| Log.info( | ||
| f"Rendering dashboard.html: params: posts={len(posts)} and show_posts=True" | ||
| Log.info(f"Admin: {session['username']} reached to posts admin panel") | ||
|
|
||
| query = Post.query.order_by(Post.time_stamp.desc()) | ||
| posts_objects, page, total_pages = paginate_query(query) | ||
|
|
||
| posts = [ | ||
| ( | ||
| p.id, | ||
| p.title, | ||
| p.tags, | ||
| p.content, | ||
| p.banner, | ||
| p.author, | ||
| p.views, | ||
| p.time_stamp, | ||
| p.last_edit_time_stamp, | ||
| p.category, | ||
| p.url_id, | ||
| p.abstract, | ||
| ) | ||
|
|
||
| return render_template( | ||
| "dashboard.html", | ||
| posts=posts, | ||
| show_posts=True, | ||
| page=page, | ||
| total_pages=total_pages, | ||
| ) | ||
| else: | ||
| Log.error( | ||
| f"{request.remote_addr} tried to reach post admin panel being logged in" | ||
| ) | ||
|
|
||
| return redirect("/") | ||
| for p in posts_objects | ||
| ] | ||
|
|
||
| Log.info( | ||
| f"Rendering dashboard.html: params: posts={len(posts)} and show_posts=True" | ||
| ) | ||
|
|
||
| return render_template( | ||
| "dashboard.html", | ||
| posts=posts, | ||
| show_posts=True, | ||
| page=page, | ||
| total_pages=total_pages, | ||
| ) |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,7 @@ | ||
| from flask import ( | ||
| Blueprint, | ||
| redirect, | ||
| render_template, | ||
| request, | ||
| render_template, | ||
| session, | ||
| ) | ||
|
|
||
|
|
@@ -11,77 +10,54 @@ | |
| from utils.delete import delete_user | ||
| from utils.log import Log | ||
| from utils.paginate import paginate_query | ||
| from utils.route_guards import admin_required | ||
|
|
||
| admin_panel_users_blueprint = Blueprint("admin_panel_users", __name__) | ||
|
|
||
|
|
||
| @admin_panel_users_blueprint.route("/admin/users", methods=["GET", "POST"]) | ||
| @admin_required("user admin panel") | ||
| def admin_panel_users(): | ||
| if "username" in session: | ||
| Log.info(f"Admin: {session['username']} reached to users admin panel") | ||
|
|
||
| user = User.query.filter_by(username=session["username"]).first() | ||
| Log.info(f"Admin: {session['username']} reached to users admin panel") | ||
|
|
||
| if not user: | ||
| return redirect("/") | ||
|
|
||
| if user.role != "admin": | ||
| Log.error( | ||
| f"{request.remote_addr} tried to reach user admin panel without being admin" | ||
| if request.method == "POST": | ||
| if "user_delete_button" in request.form: | ||
| Log.info( | ||
| f"Admin: {session['username']} deleted user: {request.form['username']}" | ||
| ) | ||
| return redirect("/") | ||
|
|
||
| if request.method == "POST": | ||
| if "user_delete_button" in request.form: | ||
| Log.info( | ||
| f"Admin: {session['username']} deleted user: {request.form['username']}" | ||
| ) | ||
|
|
||
| delete_user(request.form["username"]) | ||
|
|
||
| if "user_role_change_button" in request.form: | ||
| Log.info( | ||
| f"Admin: {session['username']} changed {request.form['username']}'s role" | ||
| ) | ||
| delete_user(request.form["username"]) | ||
|
|
||
| change_user_role(request.form["username"]) | ||
|
|
||
| if user.role == "admin": | ||
| query = User.query | ||
| users_objects, page, total_pages = paginate_query(query) | ||
|
|
||
| users = [ | ||
| ( | ||
| u.user_id, | ||
| u.username, | ||
| u.email, | ||
| u.password, | ||
| u.profile_picture, | ||
| u.role, | ||
| u.points, | ||
| u.time_stamp, | ||
| u.is_verified, | ||
| ) | ||
| for u in users_objects | ||
| ] | ||
|
|
||
| Log.info(f"Rendering admin_panel_users.html: params: users={len(users)}") | ||
|
|
||
| return render_template( | ||
| "admin_panel_users.html", | ||
| users=users, | ||
| page=page, | ||
| total_pages=total_pages, | ||
| ) | ||
| else: | ||
| Log.error( | ||
| f"{request.remote_addr} tried to reach user admin panel without being admin" | ||
| if "user_role_change_button" in request.form: | ||
| Log.info( | ||
| f"Admin: {session['username']} changed {request.form['username']}'s role" | ||
| ) | ||
|
|
||
| return redirect("/") | ||
| else: | ||
| Log.error( | ||
| f"{request.remote_addr} tried to reach user admin panel being logged in" | ||
| change_user_role(request.form["username"]) | ||
|
|
||
| query = User.query | ||
| users_objects, page, total_pages = paginate_query(query) | ||
|
|
||
| users = [ | ||
| ( | ||
| u.user_id, | ||
| u.username, | ||
| u.email, | ||
| u.password, | ||
| u.profile_picture, | ||
| u.role, | ||
| u.points, | ||
| u.time_stamp, | ||
| u.is_verified, | ||
| ) | ||
| for u in users_objects | ||
| ] | ||
|
Comment on lines
+41
to
+54
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🏁 Script executed: git ls-files | grep -E "(admin_panel|routes)" | head -20Repository: DogukanUrker/FlaskBlog Length of output: 603 🏁 Script executed: fd 'admin_panel_users' --type fRepository: DogukanUrker/FlaskBlog Length of output: 134 🏁 Script executed: cat -n app/routes/admin_panel_users.py 2>/dev/null | head -60Repository: DogukanUrker/FlaskBlog Length of output: 2117 🏁 Script executed: cat -n app/templates/admin_panel_users.htmlRepository: DogukanUrker/FlaskBlog Length of output: 5791 Remove password from the user tuple passed to template — it's never used and exposes unnecessary sensitive data. Line 46 includes 🔒 Proposed fix users = [
(
u.user_id,
u.username,
u.email,
- u.password,
u.profile_picture,
u.role,
u.points,
u.time_stamp,
u.is_verified,
)
for u in users_objects
]Update the template indices: after removing
🤖 Prompt for AI Agents |
||
|
|
||
| Log.info(f"Rendering admin_panel_users.html: params: users={len(users)}") | ||
|
|
||
| return redirect("/") | ||
| return render_template( | ||
| "admin_panel_users.html", | ||
| users=users, | ||
| page=page, | ||
| total_pages=total_pages, | ||
| ) | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Return values from
delete_userandchange_user_roleare silently discarded — redirects won't fire.Both
delete_user()andchange_user_role()can returnredirect(...)responses (seeapp/utils/delete.pylines 67–86 andapp/utils/change_user_role.pylines 25–27). Since their return values are not propagated here, the code falls through to the query/render block on lines 38–63. This means:redirect("/")fromchange_user_roleis lost — the page re-renders, and subsequent requests will fail because the@admin_requiredguard will reject the now-non-admin user.🐛 Proposed fix — propagate redirect responses
if request.method == "POST": if "user_delete_button" in request.form: Log.info( f"Admin: {session['username']} deleted user: {request.form['username']}" ) - delete_user(request.form["username"]) + result = delete_user(request.form["username"]) + if result: + return result - if "user_role_change_button" in request.form: + elif "user_role_change_button" in request.form: Log.info( f"Admin: {session['username']} changed {request.form['username']}'s role" ) - change_user_role(request.form["username"]) + result = change_user_role(request.form["username"]) + if result: + return result📝 Committable suggestion
🤖 Prompt for AI Agents