0001-api-returns-no-user-if-service-slug-is-unknown-35189.patch
| src/authentic2/api_views.py | ||
|---|---|---|
| 629 | 629 |
qs = qs.prefetch_related('attribute_values', 'attribute_values__attribute')
|
| 630 | 630 |
qs = self.request.user.filter_by_perm(['custom_user.view_user'], qs) |
| 631 | 631 |
# filter users authorized for a specified service |
| 632 |
if 'service-slug' in self.request.GET and 'service-ou' in self.request.GET:
|
|
| 632 |
if 'service-slug' in self.request.GET: |
|
| 633 | 633 |
service_slug = self.request.GET['service-slug'] |
| 634 |
service_ou = self.request.GET['service-ou']
|
|
| 634 |
service_ou = self.request.GET.get('service-ou', '')
|
|
| 635 | 635 |
service = Service.objects.filter( |
| 636 | 636 |
slug=service_slug, |
| 637 | 637 |
ou__slug=service_ou |
| 638 | 638 |
).prefetch_related('authorized_roles').first()
|
| 639 |
if service and service.authorized_roles.all(): |
|
| 640 |
qs = qs.filter(roles__in=service.authorized_roles.children()) |
|
| 641 |
qs = qs.distinct() |
|
| 639 |
if service: |
|
| 640 |
if service.authorized_roles.all(): |
|
| 641 |
qs = qs.filter(roles__in=service.authorized_roles.children()) |
|
| 642 |
qs = qs.distinct() |
|
| 643 |
else: |
|
| 644 |
qs = qs.none() |
|
| 642 | 645 |
new_qs = hooks.call_hooks_first_result('api_modify_queryset', self, qs)
|
| 643 | 646 |
if new_qs is not None: |
| 644 | 647 |
return new_qs |
| tests/conftest.py | ||
|---|---|---|
| 28 | 28 | |
| 29 | 29 |
from pytest_django.migrations import DisableMigrations |
| 30 | 30 | |
| 31 |
from authentic2.models import Service |
|
| 31 | 32 |
from authentic2.a2_rbac.utils import get_default_ou |
| 32 | 33 |
from authentic2_idp_oidc.models import OIDCClient |
| 33 | 34 |
from authentic2.authentication import OIDCUser |
| ... | ... | |
| 369 | 370 |
@pytest.fixture |
| 370 | 371 |
def media(settings, tmpdir): |
| 371 | 372 |
settings.MEDIA_ROOT = str(tmpdir.mkdir('media'))
|
| 373 | ||
| 374 | ||
| 375 |
@pytest.fixture |
|
| 376 |
def service(db): |
|
| 377 |
return Service.objects.create( |
|
| 378 |
ou=get_default_ou(), |
|
| 379 |
slug='service', |
|
| 380 |
name='Service') |
|
| tests/test_api.py | ||
|---|---|---|
| 35 | 35 | |
| 36 | 36 |
from authentic2.a2_rbac.models import Role |
| 37 | 37 |
from authentic2.a2_rbac.utils import get_default_ou |
| 38 |
from authentic2.models import Service, Attribute, AttributeValue |
|
| 38 |
from authentic2.models import Service, Attribute, AttributeValue, AuthorizedRole
|
|
| 39 | 39 |
from authentic2.utils import good_next_url |
| 40 | 40 | |
| 41 | 41 |
from utils import login, basic_authorization_header, get_link_from_mail |
| ... | ... | |
| 1373 | 1373 |
params=payload, headers=headers, status=400) |
| 1374 | 1374 |
assert resp.json['result'] == 0 |
| 1375 | 1375 |
assert resp.json['errors'] == {'prefered_color': ["This field may not be blank."]}
|
| 1376 | ||
| 1377 | ||
| 1378 |
def test_filter_users_by_service(app, admin, simple_user, role_random, service): |
|
| 1379 |
app.authorization = ('Basic', (admin.username, admin.username))
|
|
| 1380 | ||
| 1381 |
resp = app.get('/api/users/')
|
|
| 1382 |
assert len(resp.json['results']) == 2 |
|
| 1383 | ||
| 1384 |
resp = app.get('/api/users/?service-slug=xxx')
|
|
| 1385 |
assert len(resp.json['results']) == 0 |
|
| 1386 | ||
| 1387 |
resp = app.get('/api/users/?service-slug=service&service-ou=default')
|
|
| 1388 |
assert len(resp.json['results']) == 2 |
|
| 1389 | ||
| 1390 |
role_random.members.add(simple_user) |
|
| 1391 |
AuthorizedRole.objects.get_or_create(service=service, role=role_random) |
|
| 1392 | ||
| 1393 |
resp = app.get('/api/users/?service-slug=service&service-ou=default')
|
|
| 1394 |
assert len(resp.json['results']) == 1 |
|
| 1376 |
- |
|