snuffster/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

server/users: let authorized users GET themselves

Browse source
This commit is contained in:
rr- 2016-06-11 09:49:13 +02:00
parent b5aa3e75c4
commit 616854fb1b
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
server/szurubooru/api/user_api.py
View file

@ -40,8 +40,9 @@ class UserListApi(BaseApi):
class UserDetailApi(BaseApi): class UserDetailApi(BaseApi):
def get(self, ctx, user_name): def get(self, ctx, user_name):
auth.verify_privilege(ctx.user, 'users:view')
user = users.get_user_by_name(user_name) user = users.get_user_by_name(user_name)
if ctx.user.user_id != user.user_id:
auth.verify_privilege(ctx.user, 'users:view')
return _serialize(ctx, user) return _serialize(ctx, user)
def put(self, ctx, user_name): def put(self, ctx, user_name):

3
server/szurubooru/tests/api/test_user_retrieving.py
View file

@ -74,8 +74,9 @@ def test_trying_to_retrieve_single_non_existing(test_ctx):
'-') '-')
def test_trying_to_retrieve_single_without_privileges(test_ctx): def test_trying_to_retrieve_single_without_privileges(test_ctx):
db.session.add(test_ctx.user_factory(name='u1', rank=db.User.RANK_REGULAR))
with pytest.raises(errors.AuthError): with pytest.raises(errors.AuthError):
test_ctx.detail_api.get( test_ctx.detail_api.get(
test_ctx.context_factory( test_ctx.context_factory(
user=test_ctx.user_factory(rank=db.User.RANK_ANONYMOUS)), user=test_ctx.user_factory(rank=db.User.RANK_ANONYMOUS)),
'-') 'u1')