Projet

Général

Profil

0001-api-allow-patch-put-API-to-empty-a-role-36918.patch

Frédéric Péters, 14 octobre 2019 19:15

Télécharger (2,77 ko)

Voir les différences: 

Subject: [PATCH] api: allow patch/put API to empty a role (#36918)


 src/authentic2/api_views.py |  5 ++++-
 tests/test_api.py           | 26 ++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)
src/authentic2/api_views.py
779 779 
        if not isinstance(request.data, dict):
780 780 
            raise ValidationError(_('Payload must be a dictionary'))
781 781 

  		




  
  782
  
    
        if not 'data' in request.data:

  		




  
  783
  
    
            raise ValidationError(_("Invalid payload (missing 'data' key)"))

  		




  
  784
  
    

  		




  782
  785
  
    
        for entry in request.data.get('data', ()):

  		




  783
  786
  
    
            try:

  		




  784
  787
  
    
                uuid = entry['uuid']

  		




  ......




  795
  798
  
    
                        _('No known user for UUID %s') % entry['uuid'])

  		




  796
  799
  
    

  		




  797
  800
  
    
        if not len(self.members) and \

  		




  798
  
  
    
                request.method.lower() in self.http_method_names:

  		




  
  801
  
    
                request.method.lower() in ('post', 'delete'):

  		




  799
  802
  
    
            raise ValidationError(_('No valid user UUID'))

  		




  800
  803
  
    

  		




  801
  804
  
    
    def post(self, request, *args, **kwargs):

  		












  

    
      tests/test_api.py
    
  





  775
  775
  
    
        assert resp.json['errors'] == 'User not allowed to change role'

  		




  776
  776
  
    

  		




  777
  777
  
    

  		




  
  778
  
    
def test_api_role_set_empty_members(app, api_user):

  		




  
  779
  
    
    app.authorization = ('Basic', (api_user.username, api_user.username))

  		




  
  780
  
    
    ou = get_default_ou()

  		




  
  781
  
    

  		




  
  782
  
    
    User = get_user_model()

  		




  
  783
  
    
    user = User.objects.create(ou=ou, username='john.doe', first_name=u'Jôhn',

  		




  
  784
  
    
                               last_name=u'Doe', email='john.doe@example.net')

  		




  
  785
  
    
    user.save()

  		




  
  786
  
    

  		




  
  787
  
    
    Role = get_role_model()

  		




  
  788
  
    
    role = Role.objects.create(name='Role1', ou=ou)

  		




  
  789
  
    
    role.members.add(user)

  		




  
  790
  
    

  		




  
  791
  
    
    status = 200

  		




  
  792
  
    
    if not api_user.has_perm('a2_rbac.change_role', role):

  		




  
  793
  
    
        status = 403

  		




  
  794
  
    

  		




  
  795
  
    
    resp = app.put_json(

  		




  
  796
  
    
            '/api/roles/{}/relationships/members/'.format(role.uuid),

  		




  
  797
  
    
            params={'data': []}, status=status)

  		




  
  798
  
    
    if api_user.has_perm('a2_rbac.change_role', role):

  		




  
  799
  
    
        assert len(role.members.all()) == 0

  		




  
  800
  
    
    else:

  		




  
  801
  
    
        assert len(role.members.all()) == 1

  		




  
  802
  
    

  		




  
  803
  
    

  		




  778
  804
  
    
def test_api_role_get_members(app, api_user, role):

  		




  779
  805
  
    
    app.authorization = ('Basic', (api_user.username, api_user.username))

  		




  780
  806
  
    
    authorized = api_user.has_perm('a2_rbac.change_role', role)

  		




  781
  
  
    
-