From be86363dc41e6745caa9dbca305eaa8dfba87440 Mon Sep 17 00:00:00 2001
From: Daniel Grams <grams.daniel@gmail.com>
Date: Thu, 4 May 2023 13:41:27 +0200
Subject: [PATCH] Update admin member of self #460

---
 project/views/admin_unit_member.py    |  3 +++
 tests/views/test_admin_unit_member.py | 35 +++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/project/views/admin_unit_member.py b/project/views/admin_unit_member.py
index d9d1a51..6bad083 100644
--- a/project/views/admin_unit_member.py
+++ b/project/views/admin_unit_member.py
@@ -38,6 +38,9 @@ def manage_admin_unit_member_update(id):
         member.roles.clear()
         add_roles_to_admin_unit_member(member, form.roles.data)
 
+        if member.user_id == current_user.id and not current_user.has_role("admin"):
+            add_roles_to_admin_unit_member(member, ["admin"])
+
         try:
             db.session.commit()
             flash(gettext("Member successfully updated"), "success")
diff --git a/tests/views/test_admin_unit_member.py b/tests/views/test_admin_unit_member.py
index 20fadf9..936bea5 100644
--- a/tests/views/test_admin_unit_member.py
+++ b/tests/views/test_admin_unit_member.py
@@ -33,6 +33,41 @@ def test_update(client, app, utils, seeder):
             assert any(r.name == "admin" for r in member.roles)
 
 
+def test_update_self(client, app, utils: UtilActions, seeder: Seeder):
+    seeder.create_user()
+    user_id = utils.login()
+    admin_unit_id = seeder.create_admin_unit(user_id, "Meine Crew")
+
+    with app.app_context():
+        from project.services.admin_unit import get_member_for_admin_unit_by_user_id
+
+        member = get_member_for_admin_unit_by_user_id(admin_unit_id, user_id)
+        member_id = member.id
+
+    url = "/manage/member/%d/update" % member_id
+    response = client.get(url)
+    assert response.status_code == 200
+
+    with client:
+        response = client.post(
+            url,
+            data={
+                "csrf_token": utils.get_csrf(response),
+                "roles": "event_verifier",
+                "submit": "Submit",
+            },
+        )
+        assert response.status_code == 302
+
+        with app.app_context():
+            from project.services.admin_unit import get_admin_unit_member
+
+            member = get_admin_unit_member(member_id)
+            assert len(member.roles) == 2
+            assert any(r.name == "event_verifier" for r in member.roles)
+            assert any(r.name == "admin" for r in member.roles)
+
+
 def test_update_db_error(client, app, utils, seeder, mocker):
     seeder.create_user()
     user_id = utils.login()