api: don't mark API fake admin user as an API user (#53926)

2021-05-11 15:26:43 +02:00 · 2021-05-11 15:26:43 +02:00 · a80a9e4f5e
parent 2ca413d3d3
commit a80a9e4f5e
2 changed files with 6 additions and 0 deletions
--- a/tests/api/test_carddef.py
+++ b/tests/api/test_carddef.py
@ -157,6 +157,11 @@ def test_cards(pub, local_user):
    assert resp.json['data'][0]['digest'] == formdata.digest
    assert resp.json['data'][0]['text'] == formdata.digest

+    # get single carddata (as signed request without any user specified, so
+    # no check for permissions)
+    resp = get_app(pub).get(sign_uri('/api/cards/test/%s/' % formdata.id))
+    assert resp.json['text'] == formdata.digest
+
    # get schema
    resp = get_app(pub).get(sign_uri('/api/cards/test/@schema'), status=200)
    assert len(resp.json['fields']) == 1
--- a/wcs/api.py
+++ b/wcs/api.py
@ -264,6 +264,7 @@ class ApiCardPage(ApiFormPageMixin, BackofficeCardPage):
            class ApiAdminUser:
                is_admin = True
                anonymous = True
+                is_api_user = False

            get_request()._user = ApiAdminUser()
            return True