[PATCH v6 04/10] REST: Add Users to the API
Finucane, Stephen
stephen.finucane at intel.com
Tue Jun 28 02:42:47 AEST 2016
On 16 Jun 16:13, Andy Doan wrote:
> This exports user objects via the REST API.
>
> Security Constraints:
> * The API is read-only to authenticated users
>
> Signed-off-by: Andy Doan <andy.doan at linaro.org>
Reviewed-by: Stephen Finucane <stephen.finucane at intel.com>
...after accounting for the nits below
> + def test_readonly(self):
> + defaults.project.save()
> + user = create_maintainer(defaults.project)
> + user.is_superuser = True
> + user.save()
> + self.client.force_authenticate(user=user)
> +
> + resp = self.client.delete(self.api_url(1))
Changed '1' to 'user.id' to avoid hardcoding.
> + self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code)
> +
> + resp = self.client.patch(self.api_url(1), {'email': 'foo at f.com'})
Ditto.
More information about the Patchwork
mailing list