forked from kompetenzinventar/ki-backend
implement visible authorisation
This commit is contained in:
parent
9f4795b9f1
commit
4ca8660b1d
@ -116,6 +116,9 @@ def get_user_profile(user_id):
|
||||
if profile is None:
|
||||
return make_response({}, 404)
|
||||
|
||||
if not profile.visible and profile.user.id != g.user.id:
|
||||
return make_response({}, 403)
|
||||
|
||||
return make_response({
|
||||
"profile": profile.to_dict(),
|
||||
})
|
||||
|
@ -139,6 +139,11 @@ class TestProfileEndpoint(ApiTest):
|
||||
self.assertEqual(second_language.language_id, "es")
|
||||
self.assertEqual(second_language.level, 2)
|
||||
|
||||
def test_get_profile_unauthorised(self):
|
||||
|
||||
response = self.client.get("/users/1/profile")
|
||||
self.assertEqual(response.status_code, 401)
|
||||
|
||||
def test_get_profile(self):
|
||||
login_data = {"username": "peter", "password": "geheim"}
|
||||
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
|
||||
|
Loading…
Reference in New Issue
Block a user