On 16 Jun 16:13, Andy Doan wrote: > This exports user objects via the REST API. > > Security Constraints: > * The API is read-only to authenticated users > > Signed-off-by: Andy Doan <[email protected]>
Reviewed-by: Stephen Finucane <[email protected]> ...after accounting for the nits below > + def test_readonly(self): > + defaults.project.save() > + user = create_maintainer(defaults.project) > + user.is_superuser = True > + user.save() > + self.client.force_authenticate(user=user) > + > + resp = self.client.delete(self.api_url(1)) Changed '1' to 'user.id' to avoid hardcoding. > + self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code) > + > + resp = self.client.patch(self.api_url(1), {'email': '[email protected]'}) Ditto. _______________________________________________ Patchwork mailing list [email protected] https://lists.ozlabs.org/listinfo/patchwork
