admin api role check (#4353)

* admin api role check * add check to new tabs and tests * fix work-weixin virus scan check
2025-09-15 23:00:57 +00:00 · 2019-12-16 18:31:29 +08:00
parent 44459bb36b
commit 7df1192cbf
84 changed files with 1089 additions and 142 deletions
--- a/tests/api/endpoints/admin/test_web_settings.py
+++ b/tests/api/endpoints/admin/test_web_settings.py
@@ -10,6 +10,18 @@ class AdminWebSettingsTest(BaseTestCase):
        self.url = reverse('api-v2.1-web-settings')
        self.login_as(self.admin)

+    def test_get_admin_permission_denied(self):
+        self.logout()
+        self.login_as(self.admin_cannot_config_system)
+        resp = self.client.get(self.url)
+        self.assertEqual(403, resp.status_code)
+
+    def test_put_admin_permission_denied(self):
+        self.logout()
+        self.login_as(self.admin_cannot_config_system)
+        resp = self.client.put(self.url)
+        self.assertEqual(403, resp.status_code)
+
    def test_get_web_settings_info(self):
        resp = self.client.get(self.url)
        self.assertEqual(200, resp.status_code)