forked from kompetenzinventar/ki-backend
implement visible authorisation
This commit is contained in:
parent
9f4795b9f1
commit
4ca8660b1d
@ -116,6 +116,9 @@ def get_user_profile(user_id):
|
|||||||
if profile is None:
|
if profile is None:
|
||||||
return make_response({}, 404)
|
return make_response({}, 404)
|
||||||
|
|
||||||
|
if not profile.visible and profile.user.id != g.user.id:
|
||||||
|
return make_response({}, 403)
|
||||||
|
|
||||||
return make_response({
|
return make_response({
|
||||||
"profile": profile.to_dict(),
|
"profile": profile.to_dict(),
|
||||||
})
|
})
|
||||||
|
@ -139,6 +139,11 @@ class TestProfileEndpoint(ApiTest):
|
|||||||
self.assertEqual(second_language.language_id, "es")
|
self.assertEqual(second_language.language_id, "es")
|
||||||
self.assertEqual(second_language.level, 2)
|
self.assertEqual(second_language.level, 2)
|
||||||
|
|
||||||
|
def test_get_profile_unauthorised(self):
|
||||||
|
|
||||||
|
response = self.client.get("/users/1/profile")
|
||||||
|
self.assertEqual(response.status_code, 401)
|
||||||
|
|
||||||
def test_get_profile(self):
|
def test_get_profile(self):
|
||||||
login_data = {"username": "peter", "password": "geheim"}
|
login_data = {"username": "peter", "password": "geheim"}
|
||||||
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
|
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
|
||||||
|
Loading…
Reference in New Issue
Block a user