api: mark role-restricted api user as non anonymous (#53864)
This commit is contained in:
parent
8b629deef1
commit
3a641631b1
|
@ -253,6 +253,9 @@ def test_cards_restricted_api(pub, local_user):
|
|||
resp = get_app(pub).get(sign_uri('/api/cards/test/list', orig='test', key='12345'))
|
||||
assert len(resp.json['data']) == 1
|
||||
|
||||
resp = get_app(pub).get(sign_uri('/api/cards/test/%s/' % formdata.id, orig='test', key='12345'))
|
||||
assert resp.json['id'] == str(formdata.id)
|
||||
|
||||
# restricted to another role, do not get it
|
||||
role2 = pub.role_class(name='second')
|
||||
role2.store()
|
||||
|
@ -261,6 +264,11 @@ def test_cards_restricted_api(pub, local_user):
|
|||
resp = get_app(pub).get(sign_uri('/api/cards/test/list', orig='test', key='12345'), status=403)
|
||||
assert resp.json['err_desc'] == 'unsufficient roles'
|
||||
|
||||
resp = get_app(pub).get(
|
||||
sign_uri('/api/cards/test/%s/' % formdata.id, orig='test', key='12345'), status=403
|
||||
)
|
||||
assert resp.json['err_desc'] == 'unsufficient roles'
|
||||
|
||||
|
||||
def test_cards_http_auth_access(pub, local_user):
|
||||
pub.role_class.wipe()
|
||||
|
|
|
@ -87,6 +87,7 @@ class ApiAccess(XmlStorableObject):
|
|||
id = Ellipsis # make sure it fails all over the place if used
|
||||
is_admin = False
|
||||
is_api_user = True
|
||||
anonymous = False
|
||||
|
||||
def can_go_in_admin(self):
|
||||
return False
|
||||
|
|
Loading…
Reference in New Issue