haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-01 23:20:51 +00:00
Code Issues Releases Wiki Activity

admin api role check (#4353)

Browse Source 
* admin api role check

* add check to new tabs and tests

* fix work-weixin virus scan check
This commit is contained in:
Leo
2019-12-16 18:31:29 +08:00
committed by lian
parent 44459bb36b
commit 7df1192cbf
84 changed files with 1089 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
tests/api/endpoints/admin/test_groups.py
View File

@@ -13,6 +13,16 @@ class GroupsTest(BaseTestCase):
def tearDown(self):
self.remove_group()
def test_get_admin_permission_denied(self):
self.login_as(self.admin_cannot_manage_group)
resp = self.client.get(reverse('api-v2.1-admin-groups'))
self.assertEqual(403, resp.status_code)
def test_post_admin_permission_denied(self):
self.login_as(self.admin_cannot_manage_group)
resp = self.client.post(reverse('api-v2.1-admin-groups'))
self.assertEqual(403, resp.status_code)
def test_can_get(self):
self.login_as(self.admin)
url = reverse('api-v2.1-admin-groups')
@@ -132,6 +142,16 @@ class GroupTest(BaseTestCase):
self.admin_name = self.admin.username
self.group_id = self.group.id
def test_put_admin_permission_denied(self):
self.login_as(self.admin_cannot_manage_group)
resp = self.client.put(reverse('api-v2.1-admin-group', args=[self.group_id]))
self.assertEqual(403, resp.status_code)
def test_delete_admin_permission_denied(self):
self.login_as(self.admin_cannot_manage_group)
resp = self.client.delete(reverse('api-v2.1-admin-group', args=[self.group_id]))
self.assertEqual(403, resp.status_code)
def test_can_transfer_group(self):
self.login_as(self.admin)