0001-api-mark-role-restricted-api-user-as-non-anonymous-5.patch
| tests/api/test_carddef.py | ||
|---|---|---|
| 253 | 253 |
resp = get_app(pub).get(sign_uri('/api/cards/test/list', orig='test', key='12345'))
|
| 254 | 254 |
assert len(resp.json['data']) == 1 |
| 255 | 255 | |
| 256 |
resp = get_app(pub).get(sign_uri('/api/cards/test/%s/' % formdata.id, orig='test', key='12345'))
|
|
| 257 |
assert resp.json['id'] == str(formdata.id) |
|
| 258 | ||
| 256 | 259 |
# restricted to another role, do not get it |
| 257 | 260 |
role2 = pub.role_class(name='second') |
| 258 | 261 |
role2.store() |
| ... | ... | |
| 261 | 264 |
resp = get_app(pub).get(sign_uri('/api/cards/test/list', orig='test', key='12345'), status=403)
|
| 262 | 265 |
assert resp.json['err_desc'] == 'unsufficient roles' |
| 263 | 266 | |
| 267 |
resp = get_app(pub).get( |
|
| 268 |
sign_uri('/api/cards/test/%s/' % formdata.id, orig='test', key='12345'), status=403
|
|
| 269 |
) |
|
| 270 |
assert resp.json['err_desc'] == 'unsufficient roles' |
|
| 271 | ||
| 264 | 272 | |
| 265 | 273 |
def test_cards_http_auth_access(pub, local_user): |
| 266 | 274 |
pub.role_class.wipe() |
| wcs/api_access.py | ||
|---|---|---|
| 87 | 87 |
id = Ellipsis # make sure it fails all over the place if used |
| 88 | 88 |
is_admin = False |
| 89 | 89 |
is_api_user = True |
| 90 |
anonymous = False |
|
| 90 | 91 | |
| 91 | 92 |
def can_go_in_backoffice(self): |
| 92 | 93 |
return False |
| 93 |
- |
|