implement visible authorisation

This commit is contained in:
weeman 2021-07-02 16:33:48 +02:00
parent 9f4795b9f1
commit 4ca8660b1d
Signed by untrusted user: weeman
GPG Key ID: 34F0524D4DA694A1
2 changed files with 8 additions and 0 deletions

View File

@ -116,6 +116,9 @@ def get_user_profile(user_id):
if profile is None:
return make_response({}, 404)
if not profile.visible and profile.user.id != g.user.id:
return make_response({}, 403)
return make_response({
"profile": profile.to_dict(),
})

View File

@ -139,6 +139,11 @@ class TestProfileEndpoint(ApiTest):
self.assertEqual(second_language.language_id, "es")
self.assertEqual(second_language.level, 2)
def test_get_profile_unauthorised(self):
response = self.client.get("/users/1/profile")
self.assertEqual(response.status_code, 401)
def test_get_profile(self):
login_data = {"username": "peter", "password": "geheim"}
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")