= Person admin pages =

Admistrators can access a subset of any IPerson's fields from the UI.
The PersonAdministerView is registered under the +review name.

    >>> from canonical.launchpad.webapp.authorization import check_permission
    >>> from canonical.launchpad.webapp.interfaces import IOpenLaunchBag

    >>> login('foo.bar@canonical.com')
    >>> admin = getUtility(IOpenLaunchBag).user
    >>> user = factory.makePerson(
    ...     name='a-user', email="zaphod@example.place")
    >>> view = create_initialized_view(user, '+review')
    >>> check_permission('launchpad.Admin', view)
    True
    >>> print view.errors
    []
    >>> view.field_names
    ['name', 'displayname',
     'personal_standing', 'personal_standing_reason']
    >>> view.label
    'Review person'

The template for the view is shared with the +reviewaccount view, so
the is_viewing_person view property is provide to verify that the context
is an IPerson or IAccount.

    >>> view.is_viewing_person
    True

The PersonAdministerView allows Launchpad admins to change some
of a user's attributes.

    >>> old_password = user.password
    >>> form = {
    ...     'field.name': 'zaphod',
    ...     'field.displayname': 'Zaphod Beeblebrox',
    ...     'field.personal_standing': 'POOR',
    ...     'field.personal_standing_reason': "Zaphod's just this guy.",
    ...     'field.actions.change': 'Change',
    ...     }
    >>> view = create_initialized_view(user, '+review', form=form)
    >>> print view.errors
    []
    >>> print user.name
    zaphod
    >>> print user.displayname
    Zaphod Beeblebrox
    >>> user.personal_standing
    <DBItem PersonalStanding.POOR, ...>
    >>> print user.personal_standing_reason
    Zaphod's just this guy.

Non administrators cannot access the +review view

    >>> login_person(user)
    >>> view = create_initialized_view(user, '+review')
    >>> check_permission('launchpad.Admin', view)
    False


== Reviewing a person's account ==

The +reviewaccount allows admins to see and edit user account information.
Non-admins cannot access it.

    >>> view = create_initialized_view(user, '+reviewaccount')
    >>> check_permission('launchpad.Admin', view)
    False

An admin can see a user's account information.

    >>> login_person(admin)
    >>> view = create_initialized_view(
    ...     user, '+reviewaccount', principal=admin)
    >>> check_permission('launchpad.Admin', view)
    True
    >>> print view.errors
    []
    >>> view.field_names
    ['displayname', 'password', 'status', 'status_comment']
    >>> view.label
    "Review person's account"

The context is an IAccount, so the is_viewing_person property is False.

    >>> view.context
    <Account ...>
    >>> view.is_viewing_person
    False

The view displays non-editable user information too so that the admin does
not need to look in the db.

    >>> view.email_addresses
    [u'zaphod@example.place']

The admin can change the user's account information.

    >>> old_password = user.password
    >>> form = {
    ...     'field.displayname': 'The Zaphod Beeblebrox',
    ...     'field.password': 'secret1',
    ...     'field.password_dupe': 'secret1',
    ...     'field.status': 'ACTIVE',
    ...     'field.actions.change': 'Change',
    ...     }
    >>> view = create_initialized_view(user, '+reviewaccount', form=form)
    >>> print view.errors
    []
    >>> user.password != old_password
    True
    >>> print user.displayname
    Zaphod Beeblebrox

An admin can suspend a user's account using the +reviewaccount view. When
an account is suspended, the preferred email address is disabled and the
password is changed too.

    >>> user.account_status
    <DBItem AccountStatus.ACTIVE, ...>
    >>> print user.account_status_comment
    None

    >>> old_password = user.password
    >>> form = {
    ...     'field.displayname': 'Zaphod Beeblebrox',
    ...     'field.status': 'SUSPENDED',
    ...     'field.status_comment': "Wanted by the galactic police.",
    ...     'field.actions.change': 'Change',
    ...     }
    >>> view = create_initialized_view(user, '+reviewaccount', form=form)
    >>> print view.errors
    []
    >>> transaction.commit()
    >>> user.account_status
    <DBItem AccountStatus.SUSPENDED, ...>
    >>> print user.account_status_comment
    Wanted by the galactic police.
    >>> user.password != old_password
    True
    >>> print user.preferredemail
    None

An admin can reactivate a disabled user's account too. Unlike the act of
suspension, reactivation does not change the user's password or email
addresses; the user must use the reset password feature to restore these.

    >>> old_password = user.password
    >>> form = {
    ...     'field.displayname': 'Zaphod Beeblebrox',
    ...     'field.status': 'ACTIVE',
    ...     'field.status_comment': "Zaphod's a hoopy frood.",
    ...     'field.actions.change': 'Change',
    ...     }
    >>> view = create_initialized_view(user, '+reviewaccount', form=form)
    >>> print view.errors
    []
    >>> user.account_status
    <DBItem AccountStatus.ACTIVE, ...>
    >>> print user.account_status_comment
    Zaphod's a hoopy frood.
    >>> user.password == old_password
    True
    >>> print user.preferredemail
    None