API & Client - fix link to user profile in workout card
This commit is contained in:
Sam
parent
8f4272ee76
commit
26c600fa32
@ -28,6 +28,26 @@ class TestGetUser(ApiTestCaseMixin):
|
|||||||
|
|
||||||
self.assert_403(response)
|
self.assert_403(response)
|
||||||
|
|
||||||
|
def test_user_can_access_his_profile(
|
||||||
|
self, app: Flask, user_1: User, user_2: User
|
||||||
|
) -> None:
|
||||||
|
client, auth_token = self.get_test_client_and_auth_token(
|
||||||
|
app, user_1.email
|
||||||
|
)
|
||||||
|
|
||||||
|
response = client.get(
|
||||||
|
f'/api/users/{user_1.username}',
|
||||||
|
content_type='application/json',
|
||||||
|
headers=dict(Authorization=f'Bearer {auth_token}'),
|
||||||
|
)
|
||||||
|
|
||||||
|
data = json.loads(response.data.decode())
|
||||||
|
assert response.status_code == 200
|
||||||
|
assert data['status'] == 'success'
|
||||||
|
assert len(data['data']['users']) == 1
|
||||||
|
user = data['data']['users'][0]
|
||||||
|
assert user['username'] == user_1.username
|
||||||
|
|
||||||
def test_it_gets_inactive_user(
|
def test_it_gets_inactive_user(
|
||||||
self, app: Flask, user_1_admin: User, inactive_user: User
|
self, app: Flask, user_1_admin: User, inactive_user: User
|
||||||
) -> None:
|
) -> None:
|
||||||
|
|||||||
@ -249,12 +249,13 @@ def get_users(auth_user: User) -> Dict:
|
|||||||
|
|
||||||
|
|
||||||
@users_blueprint.route('/users/<user_name>', methods=['GET'])
|
@users_blueprint.route('/users/<user_name>', methods=['GET'])
|
||||||
@authenticate_as_admin
|
@authenticate
|
||||||
def get_single_user(
|
def get_single_user(
|
||||||
auth_user: User, user_name: str
|
auth_user: User, user_name: str
|
||||||
) -> Union[Dict, HttpResponse]:
|
) -> Union[Dict, HttpResponse]:
|
||||||
"""
|
"""
|
||||||
Get single user details. Only user with admin rights can get user details.
|
Get single user details. Only user with admin rights can get other users
|
||||||
|
details.
|
||||||
|
|
||||||
It returns user preferences only for authenticated user.
|
It returns user preferences only for authenticated user.
|
||||||
|
|
||||||
@ -353,6 +354,9 @@ def get_single_user(
|
|||||||
:statuscode 404:
|
:statuscode 404:
|
||||||
- user does not exist
|
- user does not exist
|
||||||
"""
|
"""
|
||||||
|
if user_name != auth_user.username and not auth_user.admin:
|
||||||
|
return ForbiddenErrorResponse()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
user = User.query.filter_by(username=user_name).first()
|
user = User.query.filter_by(username=user_name).first()
|
||||||
if user:
|
if user:
|
||||||
|
|||||||
@ -263,7 +263,7 @@ const routes: Array<RouteRecordRaw> = [
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
path: 'users/:username',
|
path: 'users/:username',
|
||||||
name: 'User',
|
name: 'UserFromAdmin',
|
||||||
component: () =>
|
component: () =>
|
||||||
import(/* webpackChunkName: 'profile' */ '@/views/user/UserView.vue'),
|
import(/* webpackChunkName: 'profile' */ '@/views/user/UserView.vue'),
|
||||||
props: { fromAdmin: true },
|
props: { fromAdmin: true },
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user