diff --git a/storyboard/api/v1/users.py b/storyboard/api/v1/users.py index 5b735396..93f3be1b 100644 --- a/storyboard/api/v1/users.py +++ b/storyboard/api/v1/users.py @@ -19,6 +19,7 @@ from pecan import request from pecan import response from pecan import rest from pecan.secure import secure +import six from wsme.exc import ClientSideError import wsmeext.pecan as wsme_pecan @@ -129,28 +130,23 @@ class UsersController(rest.RestController): """ current_user = users_api.user_get(request.current_user_id) - if not user or not user.id or not current_user: - response.status_code = 404 - response.body = _("Not found") - return response - # Only owners and superadmins are allowed to modify users. - if request.current_user_id != user.id \ + if request.current_user_id != user_id \ and not current_user.is_superuser: response.status_code = 403 response.body = _("You are not allowed to update this user.") return response # Strip out values that you're not allowed to change. - user_dict = user.as_dict() - - # You cannot modify the openid field. - del user_dict['openid'] + user_dict = user.as_dict(omit_unset=True) if not current_user.is_superuser: # Only superuser may create superusers or modify login permissions. - del user_dict['enable_login'] - del user_dict['is_superuser'] + if 'enable_login' in six.iterkeys(user_dict): + del user_dict['enable_login'] + + if 'is_superuser' in six.iterkeys(user_dict): + del user_dict['is_superuser'] updated_user = users_api.user_update(user_id, user_dict) return wmodels.User.from_db_model(updated_user) diff --git a/storyboard/tests/api/test_jsonschema.py b/storyboard/tests/api/test_jsonschema.py index 1d3a3058..282b1826 100644 --- a/storyboard/tests/api/test_jsonschema.py +++ b/storyboard/tests/api/test_jsonschema.py @@ -14,7 +14,6 @@ import json import six -import unittest from storyboard.tests import base @@ -95,7 +94,6 @@ class TestUsers(base.FunctionalTest): } self.put_user_01 = { - 'id': 2, 'full_name': 'new full_name of regular User' } @@ -115,12 +113,10 @@ class TestUsers(base.FunctionalTest): create_invalid_length(self, self.user_03, self.resource, 'full_name') create_invalid_required(self, self.user_04, self.resource, 'username') - @unittest.skip("Method put in UsersController must be modified.") def test_update(self): resource = "".join([self.resource, "/2"]) update(self, self.put_user_01, resource) - @unittest.skip("Method put in UsersController must be modified.") def test_update_invalid(self): resource = "".join([self.resource, "/2"]) update_invalid(self, self.put_user_02, resource, 'full_name') diff --git a/storyboard/tests/api/test_users.py b/storyboard/tests/api/test_users.py index dd59e9cf..1c07b4d1 100644 --- a/storyboard/tests/api/test_users.py +++ b/storyboard/tests/api/test_users.py @@ -12,7 +12,6 @@ # License for the specific language governing permissions and limitations # under the License. -import unittest from storyboard.db.api import users as user_api from storyboard.tests import base @@ -24,7 +23,6 @@ class TestUsersAsSuperuser(base.FunctionalTest): self.resource = '/users' self.default_headers['Authorization'] = 'Bearer valid_superuser_token' - @unittest.skip("Method put in UsersController must be modified.") def test_update_enable_login(self): path = self.resource + '/2' @@ -32,9 +30,7 @@ class TestUsersAsSuperuser(base.FunctionalTest): self.assertIsNotNone(jenkins) # Try to modify the enable_login field - jenkins['enable_login'] = False - - self.put_json(path, jenkins) + self.put_json(path, {'enable_login': False}) user = user_api.user_get(user_id=2) self.assertFalse(user.enable_login) @@ -52,9 +48,7 @@ class TestUsersAsUser(base.FunctionalTest): self.assertIsNotNone(jenkins) # Try to modify the enable_login field - jenkins['enable_login'] = False - - self.put_json(path, jenkins) + self.put_json(path, {'enable_login': False}) user = user_api.user_get(user_id=2) self.assertTrue(user.enable_login)