Privacy/Usability updates (#75)

* Use less intrusive oauth scopes, add login redirect method * Remove debugging prints, add missing __init__ * Work towards new privacy policy * Fix judging state icons on code jam management page * Jammer profile retraction and punishments based on jam status * Linting * [Jams] Deny profile saving for users < 13 years, and finish removal page * Fix tests * Clean up and address Volcyy's review * Add proper login redirection to require_roles decorator * Fix template is_staff() and add staff link to navigation * Address lemon's review * Linting * Privacy page formatting * Privacy page formatting
author: Gareth Coles <[email protected]> 2018-05-20 23:29:17 +0100
committer: GitHub <[email protected]> 2018-05-20 23:29:17 +0100
commit: 449d52caf4010ed112f1928bf6b5234bcfb9a339 (patch)
tree: 3ce59258a68fcb4174610b157f3a3ae9c50be02a /pysite/views/main/jams/profile.py
parent: Tests directory (#73) (diff)
1 files changed, 14 insertions, 6 deletions
diff --git a/pysite/views/main/jams/profile.py b/pysite/views/main/jams/profile.py
index ce8dfdf1..d8a663f7 100644
--- a/pysite/views/main/jams/profile.py
+++ b/pysite/views/main/jams/profile.py
@@ -5,10 +5,10 @@ from werkzeug.exceptions import BadRequest
 
 from pysite.base_route import RouteView
 from pysite.decorators import csrf
-from pysite.mixins import DBMixin, OauthMixin
+from pysite.mixins import DBMixin, OAuthMixin
 
 
-class JamsProfileView(RouteView, DBMixin, OauthMixin):
+class JamsProfileView(RouteView, DBMixin, OAuthMixin):
     path = "/jams/profile"
     name = "jams.profile"
 
@@ -16,12 +16,14 @@ class JamsProfileView(RouteView, DBMixin, OauthMixin):
 
     def get(self):
         if not self.user_data:
-            return redirect(url_for("discord.login"))
+            return self.redirect_login()
 
         participant = self.db.get(self.table_name, self.user_data["user_id"])
+        existing = True
 
         if not participant:
             participant = {"id": self.user_data["user_id"]}
+            existing = False
 
         form = request.args.get("form")
 
@@ -32,13 +34,13 @@ class JamsProfileView(RouteView, DBMixin, OauthMixin):
                 pass  # Someone trying to have some fun I guess
 
         return self.render(
-            "main/jams/profile.html", participant=participant, form=form
+            "main/jams/profile.html", participant=participant, form=form, existing=existing
         )
 
     @csrf
     def post(self):
         if not self.user_data:
-            return redirect(url_for("discord.login"))
+            return self.redirect_login()
 
         participant = self.db.get(self.table_name, self.user_data["user_id"])
 
@@ -56,6 +58,12 @@ class JamsProfileView(RouteView, DBMixin, OauthMixin):
         dob = datetime.datetime.strptime(dob, "%Y-%m-%d")
         dob = dob.replace(tzinfo=datetime.timezone.utc)
 
+        now = datetime.datetime.now(tz=datetime.timezone.utc)
+        then = now.replace(year=now.year - 13)
+
+        if then < dob:
+            raise BadRequest()  # They're too young, but this is validated on the form
+
         participant["dob"] = dob
         participant["github_username"] = github_username
         participant["timezone"] = timezone
@@ -73,5 +81,5 @@ class JamsProfileView(RouteView, DBMixin, OauthMixin):
                 return redirect(url_for("main.jams.join", jam=form))
 
         return self.render(
-            "main/jams/profile.html", participant=participant, done=True
+            "main/jams/profile.html", participant=participant, done=True, existing=True
         )
author	Gareth Coles <[email protected]>	2018-05-20 23:29:17 +0100
committer	GitHub <[email protected]>	2018-05-20 23:29:17 +0100
commit	449d52caf4010ed112f1928bf6b5234bcfb9a339 (patch)
tree	3ce59258a68fcb4174610b157f3a3ae9c50be02a /pysite/views/main/jams/profile.py
parent	Tests directory (#73) (diff)