Skip to content

Commit

Permalink
Added more test and a fix for #660
Browse files Browse the repository at this point in the history
  • Loading branch information
@hkethi002
hkethi002 committed Jun 21, 2017
1 parent 3d71e6a commit 9e95463
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 4 deletions.
2 changes: 1 addition & 1 deletion api/auth/userauth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ def f(method, _id=None, query=None, payload=None, projection=None):
handler.abort(403, 'only superuser are allowed to create users')
elif method == 'POST' and (handler.superuser_request or handler.user_is_admin):
pass
elif method == 'GET' and _id == handler.uid:
elif method == 'GET':
pass
else:
handler.abort(403, 'not allowed to perform operation')
Expand Down
4 changes: 2 additions & 2 deletions test/integration_tests/python/test_jobs.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,8 +126,8 @@ def test_jobs(data_builder, as_user, as_admin, as_root):
r = as_root.post('/jobs/' + next_job_id + '/retry')
assert r.ok

# get next job
r = as_root.get('/jobs/next', params={'tags': 'test-tag'})
# get next job as admin
r = as_admin.get('/jobs/next', params={'tags': 'test-tag'})
assert r.ok
next_job_id = r.json()['id']

Expand Down
26 changes: 25 additions & 1 deletion test/integration_tests/python/test_users.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
def test_users(as_root, as_user, as_public):
def test_users(as_root, as_admin, as_user, as_public):
# List users
r = as_user.get('/users')
assert r.ok
Expand Down Expand Up @@ -50,6 +50,21 @@ def test_users(as_root, as_user, as_public):
r = as_root.get('/users/' + new_user_id)
assert r.ok

# Add new user as admin
new_user_id_admin = 'new2@user.com'
r = as_admin.post('/users', json={
'_id': new_user_id_admin,
'firstname': 'New2',
'lastname': 'User2',
})
assert r.ok
r = as_root.get('/users/' + new_user_id)
assert r.ok

#Get another user as user
r = as_user.get('/users/' + new_user_id)
assert r.ok

# Try to update non-existent user
r = as_root.put('/users/nonexistent@user.com', json={'firstname': 'Realname'})
assert r.status_code == 404
Expand All @@ -59,6 +74,11 @@ def test_users(as_root, as_user, as_public):
assert r.ok
assert r.json()['modified'] == 1

# Update existing user as admin
r = as_admin.put('/users/' + new_user_id_admin, json={'firstname': 'Realname2'})
assert r.ok
assert r.json()['modified'] == 1

# Try to delete non-existent user
r = as_root.delete('/users/nonexistent@user.com')
assert r.status_code == 404
Expand All @@ -67,6 +87,10 @@ def test_users(as_root, as_user, as_public):
r = as_root.delete('/users/' + new_user_id)
assert r.ok

# Delete user
r = as_admin.delete('/users/' + new_user_id_admin)
assert r.ok

# Test HTTPS enforcement on avatar urls
new_user_id = 'new@user.com'
r = as_root.post('/users', json={
Expand Down

0 comments on commit 9e95463

Please sign in to comment.