0001-api-returns-no-user-if-service-slug-is-unknown-35189.patch
src/authentic2/api_views.py | ||
---|---|---|
629 | 629 |
qs = qs.prefetch_related('attribute_values', 'attribute_values__attribute') |
630 | 630 |
qs = self.request.user.filter_by_perm(['custom_user.view_user'], qs) |
631 | 631 |
# filter users authorized for a specified service |
632 |
if 'service-slug' in self.request.GET and 'service-ou' in self.request.GET:
|
|
632 |
if 'service-slug' in self.request.GET: |
|
633 | 633 |
service_slug = self.request.GET['service-slug'] |
634 |
service_ou = self.request.GET['service-ou']
|
|
634 |
service_ou = self.request.GET.get('service-ou', '')
|
|
635 | 635 |
service = Service.objects.filter( |
636 | 636 |
slug=service_slug, |
637 | 637 |
ou__slug=service_ou |
638 | 638 |
).prefetch_related('authorized_roles').first() |
639 |
if service and service.authorized_roles.all(): |
|
640 |
qs = qs.filter(roles__in=service.authorized_roles.children()) |
|
641 |
qs = qs.distinct() |
|
639 |
if service: |
|
640 |
if service.authorized_roles.all(): |
|
641 |
qs = qs.filter(roles__in=service.authorized_roles.children()) |
|
642 |
qs = qs.distinct() |
|
643 |
else: |
|
644 |
qs = qs.none() |
|
642 | 645 |
new_qs = hooks.call_hooks_first_result('api_modify_queryset', self, qs) |
643 | 646 |
if new_qs is not None: |
644 | 647 |
return new_qs |
tests/conftest.py | ||
---|---|---|
28 | 28 | |
29 | 29 |
from pytest_django.migrations import DisableMigrations |
30 | 30 | |
31 |
from authentic2.models import Service |
|
31 | 32 |
from authentic2.a2_rbac.utils import get_default_ou |
32 | 33 |
from authentic2_idp_oidc.models import OIDCClient |
33 | 34 |
from authentic2.authentication import OIDCUser |
... | ... | |
369 | 370 |
@pytest.fixture |
370 | 371 |
def media(settings, tmpdir): |
371 | 372 |
settings.MEDIA_ROOT = str(tmpdir.mkdir('media')) |
373 | ||
374 | ||
375 |
@pytest.fixture |
|
376 |
def service(db): |
|
377 |
return Service.objects.create( |
|
378 |
ou=get_default_ou(), |
|
379 |
slug='service', |
|
380 |
name='Service') |
tests/test_api.py | ||
---|---|---|
35 | 35 | |
36 | 36 |
from authentic2.a2_rbac.models import Role |
37 | 37 |
from authentic2.a2_rbac.utils import get_default_ou |
38 |
from authentic2.models import Service, Attribute, AttributeValue |
|
38 |
from authentic2.models import Service, Attribute, AttributeValue, AuthorizedRole
|
|
39 | 39 |
from authentic2.utils import good_next_url |
40 | 40 | |
41 | 41 |
from utils import login, basic_authorization_header, get_link_from_mail |
... | ... | |
1373 | 1373 |
params=payload, headers=headers, status=400) |
1374 | 1374 |
assert resp.json['result'] == 0 |
1375 | 1375 |
assert resp.json['errors'] == {'prefered_color': ["This field may not be blank."]} |
1376 | ||
1377 | ||
1378 |
def test_filter_users_by_service(app, admin, simple_user, role_random, service): |
|
1379 |
app.authorization = ('Basic', (admin.username, admin.username)) |
|
1380 | ||
1381 |
resp = app.get('/api/users/') |
|
1382 |
assert len(resp.json['results']) == 2 |
|
1383 | ||
1384 |
resp = app.get('/api/users/?service-slug=xxx') |
|
1385 |
assert len(resp.json['results']) == 0 |
|
1386 | ||
1387 |
resp = app.get('/api/users/?service-slug=service&service-ou=default') |
|
1388 |
assert len(resp.json['results']) == 2 |
|
1389 | ||
1390 |
role_random.members.add(simple_user) |
|
1391 |
AuthorizedRole.objects.get_or_create(service=service, role=role_random) |
|
1392 | ||
1393 |
resp = app.get('/api/users/?service-slug=service&service-ou=default') |
|
1394 |
assert len(resp.json['results']) == 1 |
|
1376 |
- |