kallithea Changeset - dc7e37ec3dfd

Changeset - dc7e37ec3dfd

Parent rev.

Child rev.

[Not reviewed]

default

0 2 0

domruf - 8 years ago 2017-11-23 22:16:34
dominikruf@gmail.com

Grafted from: ebaf649bc81e

auth: users_and_groups_data should not be available for anonymous/default user

2 files changed with 5 insertions and 2 deletions:

kallithea/controllers/home.py

kallithea/tests/functional/test_home.py

0 comments (0 inline, 0 general)

kallithea/controllers/home.py

➞

Show inline comments

@@ @@ -145,7 +145,7 @@ class HomeController(BaseController): @@
+        }
         return data
-    @LoginRequired(allow_default_user=True)
     @LoginRequired()
     @jsonify
     def users_and_groups_data(self):
         """

kallithea/tests/functional/test_home.py

➞

Show inline comments

@@ @@ -66,10 +66,13 @@ class TestHomeController(TestController) @@
             Session().commit()
     def test_users_and_groups_data(self):
         self.log_user()
         fixture.create_user('evil', firstname=u'D\'o\'ct"o"r', lastname=u'Évíl')
         fixture.create_user_group(u'grrrr', user_group_description=u"Groüp")
         response = self.app.get(url('users_and_groups_data', query=u'evi'))
         assert response.status_code == 302
         assert url('login_home') in response.location
         self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
         response = self.app.get(url('users_and_groups_data', query=u'evi'))
         result = json.loads(response.body)['results']
         assert result[0].get('fname') == u'D\'o\'ct"o"r'
         assert result[0].get('lname') == u'Évíl'

0 comments (0 inline, 0 general)