admin api role check (#4353)

* admin api role check * add check to new tabs and tests * fix work-weixin virus scan check
2025-09-15 23:00:57 +00:00 · 2019-12-16 18:31:29 +08:00
parent 44459bb36b
commit 7df1192cbf
84 changed files with 1089 additions and 142 deletions
--- a/tests/api/endpoints/admin/test_invitations.py
+++ b/tests/api/endpoints/admin/test_invitations.py
@@ -53,6 +53,12 @@ class InvitationsTest(BaseTestCase):

        assert type(json_resp['invitation_list']) is list

+    def test_no_permission(self):
+        self.logout()
+        self.login_as(self.admin_cannot_manage_user)
+        resp = self.client.get(self.url)
+        self.assertEqual(403, resp.status_code)
+
    def test_get_invitations_permision_denied(self):
        self.login_as(self.user)
        resp = self.client.get(self.url)