From e630a71393643cbfc5f9601da77509d26dd52588 Mon Sep 17 00:00:00 2001
From: Paul Marillonnet <pmarillonnet@entrouvert.com>
Date: Fri, 9 Feb 2018 18:33:42 +0100
Subject: [PATCH] WIP api_views: display the list of roles for a user #21485

---
 src/authentic2/api_views.py |  5 +++++
 tests/conftest.py           | 14 ++++++++++++++
 tests/test_api.py           | 47 ++++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 65 insertions(+), 1 deletion(-)

diff --git a/src/authentic2/api_views.py b/src/authentic2/api_views.py
index 928cb8e4..2b331b1a 100644
--- a/src/authentic2/api_views.py
+++ b/src/authentic2/api_views.py
@@ -311,6 +311,11 @@ class BaseUserSerializer(serializers.ModelSerializer):
         queryset=get_ou_model().objects.all(),
         slug_field='slug',
         required=False, default=get_default_ou)
+    roles = serializers.SlugRelatedField(
+        slug_field='slug',
+        many=True,
+        read_only=True,
+        required=False)
     date_joined = serializers.DateTimeField(read_only=True)
     last_login = serializers.DateTimeField(read_only=True)
     send_registration_email = serializers.BooleanField(write_only=True, required=False,
diff --git a/tests/conftest.py b/tests/conftest.py
index e968d341..3c556148 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -97,6 +97,15 @@ def user_ou2(db, ou2):
 
 
 @pytest.fixture
+def user_rando(db, ou_rando, role_random, role_misc):
+    user = create_user(username='jean.doux', first_name=u'Jëan', last_name=u'Doûx',
+                       email='jean.doux@example.net', ou=ou_rando)
+    user.roles.add(role_random)
+    user.roles.add(role_misc)
+    return user
+
+
+@pytest.fixture
 def admin_ou1(db, ou1):
     user = create_user(username='admin.ou1', first_name=u'Admin', last_name=u'OU1',
                        email='admin.ou1@example.net', ou=ou1)
@@ -139,6 +148,11 @@ def simple_role(db):
 
 
 @pytest.fixture
+def role_misc(db, ou_rando):
+    return Role.objects.create(name='misc', slug='misc', ou=ou_rando)
+
+
+@pytest.fixture
 def role_random(db, ou_rando):
     return Role.objects.create(name='rando', slug='rando', ou=ou_rando)
 
diff --git a/tests/test_api.py b/tests/test_api.py
index 96085590..94efc806 100644
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -141,6 +141,51 @@ def test_api_users_list(app, user):
     assert resp.json['next'] is None
 
 
+def test_api_users_fetch_roles(settings, app, api_user, user_rando):
+    from django.contrib.auth import get_user_model
+    from authentic2.models import Attribute, AttributeValue
+    app.authorization = ('Basic', (api_user.username, api_user.username))
+
+    resp = app.get('/api/users/%s/' % user_rando.uuid)
+
+    assert len(resp.json['roles']) == 2
+
+
+def test_api_users_readonly_fields(settings, app, api_user, role_random, role_misc):
+    from django.contrib.auth import get_user_model
+    from authentic2.models import Attribute, AttributeValue
+    app.authorization = ('Basic', (api_user.username, api_user.username))
+
+    payload = {
+        'username': 'john.doe',
+        'first_name': 'John',
+        'last_name': 'Doe',
+        'email': 'john.doe@example.net',
+        'password': 'password',
+        'roles': ['rando', 'misc'],
+    }
+
+    if api_user.is_superuser:
+        status = 201
+    elif api_user.roles.exists():
+        status = 201
+        payload['ou'] = api_user.ou.slug
+    else:
+        status = 403
+
+    resp = app.post_json('/api/users/', params=payload, status=status)
+    if api_user.is_superuser or api_user.roles.exists():
+        assert resp.json['first_name'] == payload['first_name']
+        assert resp.json['last_name'] == payload['last_name']
+        assert resp.json['email'] == payload['email']
+        assert resp.json['username'] == payload['username']
+        assert resp.json['uuid']
+        assert resp.json['id']
+
+        # Test empty roles attribute
+        assert resp.json['roles'] == []
+
+
 def test_api_users_create(settings, app, api_user):
     from django.contrib.auth import get_user_model
     from authentic2.models import Attribute, AttributeValue
@@ -188,7 +233,7 @@ def test_api_users_create(settings, app, api_user):
     if api_user.is_superuser or api_user.roles.exists():
         assert set(['ou', 'id', 'uuid', 'is_staff', 'is_superuser', 'first_name', 'last_name',
                     'date_joined', 'last_login', 'username', 'password', 'email', 'is_active',
-                    'title', 'modified', 'email_verified']) == set(resp.json.keys())
+                    'title', 'modified', 'email_verified', 'roles']) == set(resp.json.keys())
         assert resp.json['first_name'] == payload['first_name']
         assert resp.json['last_name'] == payload['last_name']
         assert resp.json['email'] == payload['email']
-- 
2.11.0