@@ 1511-1568 (lines=58) @@ | ||
1508 | assert res[1]['public_name'] == test_user2.display_name |
|
1509 | assert res[1]['avatar_url'] is None |
|
1510 | ||
1511 | def test_api__get_user__err_403__admin__too_small_acp(self): |
|
1512 | dbsession = get_tm_session(self.session_factory, transaction.manager) |
|
1513 | admin = dbsession.query(models.User) \ |
|
1514 | .filter(models.User.email == '[email protected]') \ |
|
1515 | .one() |
|
1516 | uapi = UserApi( |
|
1517 | current_user=admin, |
|
1518 | session=dbsession, |
|
1519 | config=self.app_config, |
|
1520 | ) |
|
1521 | gapi = GroupApi( |
|
1522 | current_user=admin, |
|
1523 | session=dbsession, |
|
1524 | config=self.app_config, |
|
1525 | ) |
|
1526 | groups = [gapi.get_one_with_name('users')] |
|
1527 | test_user = uapi.create_user( |
|
1528 | email='[email protected]', |
|
1529 | password='pass', |
|
1530 | name='bob', |
|
1531 | groups=groups, |
|
1532 | timezone='Europe/Paris', |
|
1533 | lang='fr', |
|
1534 | do_save=True, |
|
1535 | do_notify=False, |
|
1536 | ) |
|
1537 | test_user2 = uapi.create_user( |
|
1538 | email='[email protected]', |
|
1539 | password='pass', |
|
1540 | name='bob2', |
|
1541 | groups=groups, |
|
1542 | timezone='Europe/Paris', |
|
1543 | lang='fr', |
|
1544 | do_save=True, |
|
1545 | do_notify=False, |
|
1546 | ) |
|
1547 | uapi.save(test_user) |
|
1548 | transaction.commit() |
|
1549 | user_id = int(admin.user_id) |
|
1550 | ||
1551 | self.testapp.authorization = ( |
|
1552 | 'Basic', |
|
1553 | ( |
|
1554 | '[email protected]', |
|
1555 | '[email protected]' |
|
1556 | ) |
|
1557 | ) |
|
1558 | params = { |
|
1559 | 'acp': 't', |
|
1560 | } |
|
1561 | res = self.testapp.get( |
|
1562 | '/api/v2/users/me/known_members', |
|
1563 | status=400, |
|
1564 | params=params |
|
1565 | ) |
|
1566 | assert isinstance(res.json, dict) |
|
1567 | assert 'code' in res.json.keys() |
|
1568 | assert res.json_body['code'] == error.GENERIC_SCHEMA_VALIDATION_ERROR # nopep8 |
|
1569 | ||
1570 | def test_api__get_user__ok_200__normal_user_by_email(self): |
|
1571 | dbsession = get_tm_session(self.session_factory, transaction.manager) |
@@ 5460-5523 (lines=64) @@ | ||
5457 | assert res['user_id'] == admin.user_id |
|
5458 | assert res['profile'] == 'administrators' |
|
5459 | ||
5460 | def test_api__set_user_profile__err_403__other_normal_user(self): |
|
5461 | """ |
|
5462 | Set user profile of user normal user as normal user |
|
5463 | Return 403 error because of no right to do this as simple user |
|
5464 | """ |
|
5465 | dbsession = get_tm_session(self.session_factory, transaction.manager) |
|
5466 | admin = dbsession.query(models.User) \ |
|
5467 | .filter(models.User.email == '[email protected]') \ |
|
5468 | .one() |
|
5469 | uapi = UserApi( |
|
5470 | current_user=admin, |
|
5471 | session=dbsession, |
|
5472 | config=self.app_config, |
|
5473 | ) |
|
5474 | gapi = GroupApi( |
|
5475 | current_user=admin, |
|
5476 | session=dbsession, |
|
5477 | config=self.app_config, |
|
5478 | ) |
|
5479 | groups = [gapi.get_one_with_name('users')] |
|
5480 | test_user = uapi.create_user( |
|
5481 | email='[email protected]', |
|
5482 | password='pass', |
|
5483 | name='bob', |
|
5484 | groups=groups, |
|
5485 | timezone='Europe/Paris', |
|
5486 | lang='fr', |
|
5487 | do_save=True, |
|
5488 | do_notify=False, |
|
5489 | ) |
|
5490 | test_user2 = uapi.create_user( |
|
5491 | email='[email protected]', |
|
5492 | password='pass', |
|
5493 | name='test', |
|
5494 | groups=groups, |
|
5495 | timezone='Europe/Paris', |
|
5496 | lang='fr', |
|
5497 | do_save=True, |
|
5498 | do_notify=False, |
|
5499 | ) |
|
5500 | uapi.save(test_user2) |
|
5501 | uapi.save(test_user) |
|
5502 | transaction.commit() |
|
5503 | user_id = int(test_user.user_id) |
|
5504 | ||
5505 | self.testapp.authorization = ( |
|
5506 | 'Basic', |
|
5507 | ( |
|
5508 | '[email protected]', |
|
5509 | 'pass', |
|
5510 | ) |
|
5511 | ) |
|
5512 | # Set params |
|
5513 | params = { |
|
5514 | 'profile': 'administrators', |
|
5515 | } |
|
5516 | res = self.testapp.put_json( |
|
5517 | '/api/v2/users/{}/profile'.format(user_id), |
|
5518 | params=params, |
|
5519 | status=403, |
|
5520 | ) |
|
5521 | assert res.json_body |
|
5522 | assert 'code' in res.json_body |
|
5523 | assert res.json_body['code'] == error.INSUFFICIENT_USER_PROFILE |
|
5524 | ||
5525 | ||
5526 | class TestSetUserEnableDisableEndpoints(FunctionalTest): |
|
@@ 5700-5755 (lines=56) @@ | ||
5697 | assert res['user_id'] == user_id |
|
5698 | assert res['is_active'] is True |
|
5699 | ||
5700 | def test_api_enable_user__err_403__other_account(self): |
|
5701 | dbsession = get_tm_session(self.session_factory, transaction.manager) |
|
5702 | admin = dbsession.query(models.User) \ |
|
5703 | .filter(models.User.email == '[email protected]') \ |
|
5704 | .one() |
|
5705 | uapi = UserApi( |
|
5706 | current_user=admin, |
|
5707 | session=dbsession, |
|
5708 | config=self.app_config, |
|
5709 | ) |
|
5710 | gapi = GroupApi( |
|
5711 | current_user=admin, |
|
5712 | session=dbsession, |
|
5713 | config=self.app_config, |
|
5714 | ) |
|
5715 | groups = [gapi.get_one_with_name('users')] |
|
5716 | test_user = uapi.create_user( |
|
5717 | email='[email protected]', |
|
5718 | password='pass', |
|
5719 | name='bob', |
|
5720 | groups=groups, |
|
5721 | timezone='Europe/Paris', |
|
5722 | lang='fr', |
|
5723 | do_save=True, |
|
5724 | do_notify=False, |
|
5725 | ) |
|
5726 | test_user2 = uapi.create_user( |
|
5727 | email='[email protected]', |
|
5728 | password='pass', |
|
5729 | name='test2', |
|
5730 | groups=groups, |
|
5731 | timezone='Europe/Paris', |
|
5732 | lang='fr', |
|
5733 | do_save=True, |
|
5734 | do_notify=False, |
|
5735 | ) |
|
5736 | uapi.disable(test_user, do_save=True) |
|
5737 | uapi.save(test_user2) |
|
5738 | uapi.save(test_user) |
|
5739 | transaction.commit() |
|
5740 | user_id = int(test_user.user_id) |
|
5741 | ||
5742 | self.testapp.authorization = ( |
|
5743 | 'Basic', |
|
5744 | ( |
|
5745 | '[email protected]', |
|
5746 | 'pass' |
|
5747 | ) |
|
5748 | ) |
|
5749 | res = self.testapp.put_json( |
|
5750 | '/api/v2/users/{}/enabled'.format(user_id), |
|
5751 | status=403, |
|
5752 | ) |
|
5753 | assert res.json_body |
|
5754 | assert 'code' in res.json_body |
|
5755 | assert res.json_body['code'] == error.INSUFFICIENT_USER_PROFILE |
|
5756 | ||
5757 | def test_api_disable_user__err_403__other_account(self): |
|
5758 | dbsession = get_tm_session(self.session_factory, transaction.manager) |