frlan/ki-backend
0
0
Fork 0
forked from kompetenzinventar/ki-backend
Code Issues Pull Requests Projects Releases Wiki Activity

implement visible authorisation

Browse Source
This commit is contained in:
weeman 2021-07-02 16:33:48 +02:00
parent 9f4795b9f1
commit 4ca8660b1d
Signed by untrusted user: weeman
GPG Key ID: 34F0524D4DA694A1
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ki/routes.py
View File

@ -116,6 +116,9 @@ def get_user_profile(user_id):
if profile is None: if profile is None:
return make_response({}, 404) return make_response({}, 404)
if not profile.visible and profile.user.id != g.user.id:
return make_response({}, 403)
return make_response({ return make_response({
"profile": profile.to_dict(), "profile": profile.to_dict(),
}) })

5
ki/test/test_profile_endpoint.py
View File

@ -139,6 +139,11 @@ class TestProfileEndpoint(ApiTest):
self.assertEqual(second_language.language_id, "es") self.assertEqual(second_language.language_id, "es")
self.assertEqual(second_language.level, 2) self.assertEqual(second_language.level, 2)
def test_get_profile_unauthorised(self):
response = self.client.get("/users/1/profile")
self.assertEqual(response.status_code, 401)
def test_get_profile(self): def test_get_profile(self):
login_data = {"username": "peter", "password": "geheim"} login_data = {"username": "peter", "password": "geheim"}
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json") login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")