From 6ddbb5b321d455c246ff241557c403bd826b700a Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Fri, 5 Feb 2021 17:43:34 +0100 Subject: [PATCH] api: do not clobber HTTP verb methods in viewsets (#50919) --- src/authentic2/api_views.py | 6 +++--- tests/test_api.py | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/authentic2/api_views.py b/src/authentic2/api_views.py index a4a6f356..b2791325 100644 --- a/src/authentic2/api_views.py +++ b/src/authentic2/api_views.py @@ -783,9 +783,9 @@ class UsersAPI(api_mixins.GetOrCreateMixinView, HookMixin, ExceptionHandlerMixin return new_qs return qs - # only do partial updates - def put(self, request, *args, **kwargs): - return self.patch(request, *args, **kwargs) + def update(self, request, *args, **kwargs): + kwargs['partial'] = True + return super().update(request, *args, **kwargs) def check_perm(self, perm, ou): if ou: diff --git a/tests/test_api.py b/tests/test_api.py index d3aa1ac0..ef3c6eee 100644 --- a/tests/test_api.py +++ b/tests/test_api.py @@ -2225,3 +2225,8 @@ def test_api_statistics_no_crash_older_drf(app, admin): headers = basic_authorization_header(admin) expected_status = 200 if drf_version > '3.9' else 404 resp = app.get('/api/statistics/login/?time_interval=month', headers=headers, status=expected_status) + + +def test_find_duplicates_put(app, admin, settings): + app.authorization = ('Basic', (admin.username, admin.username)) + app.put_json('/api/users/find_duplicates/', params={'first_name': 'Eleonore', 'last_name': 'aeiou'}, status=405) -- 2.30.0