From ee028382dfebe3df12c2b159241dfb9c2ebc811c Mon Sep 17 00:00:00 2001 From: kevgliss Date: Tue, 11 Oct 2016 17:56:38 -0700 Subject: [PATCH] Show only roles that the user is a member of, in list view, for other views show all roles such that certificates and authorities can be shared across teams/groups. (#446) --- lemur/roles/views.py | 4 +++- lemur/tests/test_roles.py | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/lemur/roles/views.py b/lemur/roles/views.py index 875a7c49..639efeb2 100644 --- a/lemur/roles/views.py +++ b/lemur/roles/views.py @@ -7,7 +7,7 @@ .. moduleauthor:: Kevin Glisson """ -from flask import Blueprint +from flask import Blueprint, g from flask import make_response, jsonify from flask.ext.restful import reqparse, Api @@ -83,6 +83,8 @@ class RolesList(AuthenticatedResource): parser.add_argument('id', type=str, location='args') args = parser.parse_args() + if not g.current_user.is_admin: + args['user_id'] = g.current_user.id return service.render(args) @admin_permission.require(http_exception=403) diff --git a/lemur/tests/test_roles.py b/lemur/tests/test_roles.py index 912546df..7d6a53ea 100644 --- a/lemur/tests/test_roles.py +++ b/lemur/tests/test_roles.py @@ -91,6 +91,7 @@ def test_role_put_with_data_and_user(client, session): from lemur.auth.service import create_token user = UserFactory() role = RoleFactory(users=[user]) + role1 = RoleFactory() user1 = UserFactory() session.commit() @@ -101,13 +102,15 @@ def test_role_put_with_data_and_user(client, session): data = { 'users': [ - {'id': user1.id} + {'id': user1.id}, + {'id': user.id} ], 'id': role.id, 'name': role.name } assert client.put(api.url_for(Roles, role_id=role.id), data=json.dumps(data), headers=headers).status_code == 200 + assert client.get(api.url_for(RolesList), data={}, headers=headers).json['total'] == 1 @pytest.mark.parametrize("token,status", [