0001-api-mark-role-restricted-api-user-as-non-anonymous-5.patch
tests/api/test_carddef.py | ||
---|---|---|
253 | 253 |
resp = get_app(pub).get(sign_uri('/api/cards/test/list', orig='test', key='12345')) |
254 | 254 |
assert len(resp.json['data']) == 1 |
255 | 255 | |
256 |
resp = get_app(pub).get(sign_uri('/api/cards/test/%s/' % formdata.id, orig='test', key='12345')) |
|
257 |
assert resp.json['id'] == str(formdata.id) |
|
258 | ||
256 | 259 |
# restricted to another role, do not get it |
257 | 260 |
role2 = pub.role_class(name='second') |
258 | 261 |
role2.store() |
... | ... | |
261 | 264 |
resp = get_app(pub).get(sign_uri('/api/cards/test/list', orig='test', key='12345'), status=403) |
262 | 265 |
assert resp.json['err_desc'] == 'unsufficient roles' |
263 | 266 | |
267 |
resp = get_app(pub).get( |
|
268 |
sign_uri('/api/cards/test/%s/' % formdata.id, orig='test', key='12345'), status=403 |
|
269 |
) |
|
270 |
assert resp.json['err_desc'] == 'unsufficient roles' |
|
271 | ||
264 | 272 | |
265 | 273 |
def test_cards_http_auth_access(pub, local_user): |
266 | 274 |
pub.role_class.wipe() |
wcs/api_access.py | ||
---|---|---|
87 | 87 |
id = Ellipsis # make sure it fails all over the place if used |
88 | 88 |
is_admin = False |
89 | 89 |
is_api_user = True |
90 |
anonymous = False |
|
90 | 91 | |
91 | 92 |
def can_go_in_backoffice(self): |
92 | 93 |
return False |
93 |
- |