API & Client - fix link to user profile in workout card

2022-03-30 11:30:26 +02:00 · 2022-03-30 11:30:26 +02:00 · 26c600fa32
commit 26c600fa32
parent 8f4272ee76
3 changed files with 27 additions and 3 deletions
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@ -28,6 +28,26 @@ class TestGetUser(ApiTestCaseMixin):

        self.assert_403(response)

+    def test_user_can_access_his_profile(
+        self, app: Flask, user_1: User, user_2: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_1.username}',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 200
+        assert data['status'] == 'success'
+        assert len(data['data']['users']) == 1
+        user = data['data']['users'][0]
+        assert user['username'] == user_1.username
+
    def test_it_gets_inactive_user(
        self, app: Flask, user_1_admin: User, inactive_user: User
    ) -> None:
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@ -249,12 +249,13 @@ def get_users(auth_user: User) -> Dict:


@users_blueprint.route('/users/<user_name>', methods=['GET'])
-@authenticate_as_admin
+@authenticate
 def get_single_user(
    auth_user: User, user_name: str
 ) -> Union[Dict, HttpResponse]:
    """
-    Get single user details. Only user with admin rights can get user details.
+    Get single user details. Only user with admin rights can get other users
+    details.

    It returns user preferences only for authenticated user.

@ -353,6 +354,9 @@ def get_single_user(
    :statuscode 404:
        - user does not exist
    """
+    if user_name != auth_user.username and not auth_user.admin:
+        return ForbiddenErrorResponse()
+
    try:
        user = User.query.filter_by(username=user_name).first()
        if user:
--- a/fittrackee_client/src/router/index.ts
+++ b/fittrackee_client/src/router/index.ts
@ -263,7 +263,7 @@ const routes: Array<RouteRecordRaw> = [
      },
      {
        path: 'users/:username',
-        name: 'User',
+        name: 'UserFromAdmin',
        component: () =>
          import(/* webpackChunkName: 'profile' */ '@/views/user/UserView.vue'),
        props: { fromAdmin: true },