Skip to content

Commit

Permalink
fix: current project user endpoint should handle internal projects
Browse files Browse the repository at this point in the history
  • Loading branch information
@amolenaar
amolenaar committed Jul 18, 2023
1 parent b26c373 commit cd38f10
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 10 deletions.
26 changes: 16 additions & 10 deletions backend/capellacollab/projects/users/routes.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,17 +51,23 @@ def get_project_user_association_or_raise(
db: orm.Session,
project: projects_models.DatabaseProject,
user: users_models.DatabaseUser,
) -> models.ProjectUserAssociation:
if not (
project_user := crud.get_project_user_association(db, project, user)
):
raise fastapi.HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail={
"reason": f"User {user.name} does not exist in project {project.slug}"
},
) -> models.ProjectUserAssociation | models.ProjectUser:
if project_user := crud.get_project_user_association(db, project, user):
return project_user

if project.visibility == projects_models.Visibility.INTERNAL:
return models.ProjectUser(
role=models.ProjectUserRole.USER,
permission=models.ProjectUserPermission.READ,
user=user,
)
return project_user

raise fastapi.HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail={
"reason": f"User {user.name} does not exist in project {project.slug}"
},
)


@router.get("/current", response_model=models.ProjectUser)
Expand Down
32 changes: 32 additions & 0 deletions backend/tests/projects/test_projects_users_routes.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# SPDX-FileCopyrightText: Copyright DB Netz AG and the capella-collab-manager contributors
# SPDX-License-Identifier: Apache-2.0

from capellacollab.projects.crud import update_project
from capellacollab.projects.models import PatchProject, Visibility
from capellacollab.projects.users.crud import (
add_user_to_project,
get_project_user_association,
Expand Down Expand Up @@ -87,3 +89,33 @@ def test_http_exception_when_updating_permission_of_manager(
"reason": "You are not allowed to set the permission of project leads!"
}
}


def test_current_user_rights_for_internal_project(
db, client, executor_name, unique_username, project
):
update_project(db, project, PatchProject(visibility=Visibility.INTERNAL))
create_user(db, executor_name, Role.USER)

response = client.get(
f"/api/v1/projects/{project.slug}/users/current",
)

assert response.status_code == 200
assert response.json()["role"] == "user"
assert response.json()["permission"] == "read"


def test_no_user_rights_on_internal_permissions(
db, client, executor_name, unique_username, project
):
update_project(db, project, PatchProject(visibility=Visibility.PRIVATE))
create_user(db, executor_name, Role.USER)

response = client.get(
f"/api/v1/projects/{project.slug}/users/current",
)

assert response.status_code == 404
assert "detail" in response.json()
assert "reason" in response.json()["detail"]

0 comments on commit cd38f10

Please sign in to comment.