OpenConceptLab/ocl_issues#1135 | Logged in user to be able to view ot…

…her user details
OpenConceptLab · Dec 13, 2022 · af32370 · af32370
1 parent 873b13f
commit af32370
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/core/integration_tests/tests_users.py b/core/integration_tests/tests_users.py
@@ -537,6 +537,19 @@ def test_get_200(self):
         self.assertEqual(response.data['name'], self.user.name)
         self.assertEqual(response.data['url'], self.user.uri)
 
+        random_user = UserProfileFactory()
+
+        response = self.client.get(
+            f'/users/{self.user.username}/',
+            HTTP_AUTHORIZATION='Token ' + random_user.get_token(),
+            format='json'
+        )
+
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.data['username'], self.user.username)
+        self.assertEqual(response.data['name'], self.user.name)
+        self.assertEqual(response.data['url'], self.user.uri)
+
     def test_get_200_with_subscribed_orgs(self):
         response = self.client.get(
             f'/users/{self.user.username}/?includeSubscribedOrgs=false',

diff --git a/core/users/views.py b/core/users/views.py
@@ -387,7 +387,7 @@ def get_object(self, queryset=None):
         if self.request.query_params.get('includeVerificationToken') and self.request.method == 'GET':
             return instance
 
-        if not is_self and not is_admin:
+        if not is_self and not is_admin and self.request.method != 'GET':
             raise PermissionDenied()
 
         return instance