Mercurial > kallithea
changeset 7143:dc7e37ec3dfd
auth: users_and_groups_data should not be available for anonymous/default user
| author | domruf <dominikruf@gmail.com> |
|---|---|
| date | Thu, 23 Nov 2017 22:16:34 +0100 |
| parents | 3dbb625d5f9c |
| children | bfb1ae42bcbb |
| files | kallithea/controllers/home.py kallithea/tests/functional/test_home.py |
| diffstat | 2 files changed, 5 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/home.py Mon Feb 12 02:38:02 2018 +0100 +++ b/kallithea/controllers/home.py Thu Nov 23 22:16:34 2017 +0100 @@ -145,7 +145,7 @@ } return data - @LoginRequired(allow_default_user=True) + @LoginRequired() @jsonify def users_and_groups_data(self): """
--- a/kallithea/tests/functional/test_home.py Mon Feb 12 02:38:02 2018 +0100 +++ b/kallithea/tests/functional/test_home.py Thu Nov 23 22:16:34 2017 +0100 @@ -66,10 +66,13 @@ Session().commit() def test_users_and_groups_data(self): - self.log_user() fixture.create_user('evil', firstname=u'D\'o\'ct"o"r', lastname=u'Évíl') fixture.create_user_group(u'grrrr', user_group_description=u"Groüp") response = self.app.get(url('users_and_groups_data', query=u'evi')) + assert response.status_code == 302 + assert url('login_home') in response.location + self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS) + response = self.app.get(url('users_and_groups_data', query=u'evi')) result = json.loads(response.body)['results'] assert result[0].get('fname') == u'D\'o\'ct"o"r' assert result[0].get('lname') == u'Évíl'