0001-api-allow-patch-put-API-to-empty-a-role-36918.patch
src/authentic2/api_views.py | ||
---|---|---|
779 | 779 |
if not isinstance(request.data, dict): |
780 | 780 |
raise ValidationError(_('Payload must be a dictionary')) |
781 | 781 | |
782 |
if request.method != 'GET' and not 'data' in request.data: |
|
783 |
raise ValidationError(_("Invalid payload (missing 'data' key)")) |
|
784 | ||
782 | 785 |
for entry in request.data.get('data', ()): |
783 | 786 |
try: |
784 | 787 |
uuid = entry['uuid'] |
... | ... | |
794 | 797 |
raise ValidationError( |
795 | 798 |
_('No known user for UUID %s') % entry['uuid']) |
796 | 799 | |
797 |
if not len(self.members) and \ |
|
798 |
request.method.lower() in self.http_method_names: |
|
800 |
if not len(self.members) and request.method in ('POST', 'DELETE'): |
|
799 | 801 |
raise ValidationError(_('No valid user UUID')) |
800 | 802 | |
801 | 803 |
def post(self, request, *args, **kwargs): |
tests/test_api.py | ||
---|---|---|
775 | 775 |
assert resp.json['errors'] == 'User not allowed to change role' |
776 | 776 | |
777 | 777 | |
778 |
def test_api_role_set_empty_members(app, api_user): |
|
779 |
app.authorization = ('Basic', (api_user.username, api_user.username)) |
|
780 |
ou = get_default_ou() |
|
781 | ||
782 |
User = get_user_model() |
|
783 |
user = User.objects.create(ou=ou, username='john.doe', first_name=u'Jôhn', |
|
784 |
last_name=u'Doe', email='john.doe@example.net') |
|
785 |
user.save() |
|
786 | ||
787 |
Role = get_role_model() |
|
788 |
role = Role.objects.create(name='Role1', ou=ou) |
|
789 |
role.members.add(user) |
|
790 | ||
791 |
status = 200 |
|
792 |
if not api_user.has_perm('a2_rbac.change_role', role): |
|
793 |
status = 403 |
|
794 | ||
795 |
resp = app.put_json( |
|
796 |
'/api/roles/{}/relationships/members/'.format(role.uuid), |
|
797 |
params={'data': []}, status=status) |
|
798 |
if api_user.has_perm('a2_rbac.change_role', role): |
|
799 |
assert len(role.members.all()) == 0 |
|
800 |
else: |
|
801 |
assert len(role.members.all()) == 1 |
|
802 | ||
803 | ||
778 | 804 |
def test_api_role_get_members(app, api_user, role): |
779 | 805 |
app.authorization = ('Basic', (api_user.username, api_user.username)) |
780 | 806 |
authorized = api_user.has_perm('a2_rbac.change_role', role) |
781 |
- |