Fix roles display on user screen and fix removing user roles (#879)

This commit is contained in:
Marti Raudsepp 2017-08-17 19:24:10 +03:00 committed by kevgliss
parent 7762d6ed52
commit 941df0366d
3 changed files with 37 additions and 2 deletions

View File

@ -1,5 +1,8 @@
import json
import pytest import pytest
from lemur.tests.factories import UserFactory, RoleFactory
from lemur.users.views import * # noqa from lemur.users.views import * # noqa
from .vectors import VALID_ADMIN_HEADER_TOKEN, VALID_USER_HEADER_TOKEN from .vectors import VALID_ADMIN_HEADER_TOKEN, VALID_USER_HEADER_TOKEN
@ -107,3 +110,34 @@ def test_sensitive_filter(client):
def test_sensitive_sort(client): def test_sensitive_sort(client):
resp = client.get(api.url_for(UsersList) + '?sortBy=password&sortDir=asc', headers=VALID_ADMIN_HEADER_TOKEN) resp = client.get(api.url_for(UsersList) + '?sortBy=password&sortDir=asc', headers=VALID_ADMIN_HEADER_TOKEN)
assert "'password' is not sortable or filterable" in resp.json['message'] assert "'password' is not sortable or filterable" in resp.json['message']
def test_user_role_changes(client, session):
user = UserFactory()
role1 = RoleFactory()
role2 = RoleFactory()
session.flush()
data = {
'active': True,
'id': user.id,
'username': user.username,
'email': user.email,
'roles': [
{'id': role1.id},
{'id': role2.id},
],
}
# PUT two roles
resp = client.put(api.url_for(Users, user_id=user.id), data=json.dumps(data), headers=VALID_ADMIN_HEADER_TOKEN)
assert resp.status_code == 200
assert len(resp.json['roles']) == 2
assert set(user.roles) == {role1, role2}
# Remove one role and PUT again
del data['roles'][1]
resp = client.put(api.url_for(Users, user_id=user.id), data=json.dumps(data), headers=VALID_ADMIN_HEADER_TOKEN)
assert resp.status_code == 200
assert len(resp.json['roles']) == 1
assert set(user.roles) == {role1}

View File

@ -26,6 +26,7 @@ class UserOutputSchema(LemurOutputSchema):
username = fields.String() username = fields.String()
email = fields.Email() email = fields.Email()
active = fields.Boolean() active = fields.Boolean()
roles = fields.Nested(AssociatedRoleSchema, many=True)
profile_picture = fields.String() profile_picture = fields.String()

View File

@ -64,12 +64,12 @@ def update_roles(user, roles):
:param user: :param user:
:param roles: :param roles:
""" """
for ur in roles: for ur in user.roles:
for r in roles: for r in roles:
if r.id == ur.id: if r.id == ur.id:
break break
else: else:
user.roles.remove(r) user.roles.remove(ur)
for r in roles: for r in roles:
for ur in user.roles: for ur in user.roles: