# HG changeset patch
# User Søren Løvborg <kwi@kwi.dk>
# Date 1437912644 -7200
# Node ID b580691553f552c91b74f532d8009a06daebb884
# Parent  fd80edc4aa20d165ef4de62af3b9fb27ac6d764d
auth: turn dead AuthUser code into assertion

The result of db.User.get_dict never contains the keys 'api_keys' or
'permissions'. The keys returned by get_dict are 1) all the User table
columns, 2) the keys explicitly defined in User.__json__, and 3) the
keys defined in User.get_api_data, none of which include the two
blacklisted keys.

'api_keys' would be returned if __json__ called get_api_data with
argument details=True; but currently that is not the case.

In case there's a reason why these two keys must never appear in an
AuthUser object, the check has not been removed entirely; instead, it's
been turned into an assertion. This way, it will be noticed if __json__
is later modified to request detailed API data, for instance.

diff -r fd80edc4aa20 -r b580691553f5 kallithea/lib/auth.py
--- a/kallithea/lib/auth.py	Sun Jul 26 14:10:42 2015 +0200
+++ b/kallithea/lib/auth.py	Sun Jul 26 14:10:44 2015 +0200
@@ -529,8 +529,8 @@
         if dbuser is not None and dbuser.active:
             log.debug('filling %s data', dbuser)
             for k, v in dbuser.get_dict().iteritems():
-                if k not in ['api_keys', 'permissions']:
-                    setattr(self, k, v)
+                assert k not in ['api_keys', 'permissions']
+                setattr(self, k, v)
             return True
         return False