Skip to content

Commit 201d34e

Browse files
pellecchialuigiLuigi Pellecchia
pellecchialuigi
and
Luigi Pellecchia
authored
Allow user with read permissions to add comments to work items (#264)
* Allow user with read permissions to add comments to work items Signed-off-by: Luigi Pellecchia <[email protected]> * Fix comment unit tests to skip unauthorized check Signed-off-by: Luigi Pellecchia <[email protected]> --------- Signed-off-by: Luigi Pellecchia <[email protected]> Co-authored-by: Luigi Pellecchia <[email protected]>
1 parent 751ea9e commit 201d34e

2 files changed

Lines changed: 10 additions & 19 deletions

File tree

api/api.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2293,7 +2293,7 @@ def get(self, api: ApiModel = None, user: UserModel = None, dbi: db_orm.DbInterf
22932293
comments = [c.as_dict() for c in query.all()]
22942294
return comments
22952295

2296-
@check_api_user_write_permission
2296+
@check_api_user_read_permission
22972297
def post(self, api: ApiModel = None, user: UserModel = None, dbi: db_orm.DbInterface = None):
22982298
request_data = request.get_json(force=True)
22992299

@@ -2355,7 +2355,7 @@ def post(self, api: ApiModel = None, user: UserModel = None, dbi: db_orm.DbInter
23552355

23562356
return new_comment.as_dict()
23572357

2358-
@check_api_user_write_permission
2358+
@check_api_user_read_permission
23592359
def put(self, api: ApiModel = None, user: UserModel = None, dbi: db_orm.DbInterface = None):
23602360
request_data = request.get_json(force=True)
23612361

@@ -2388,7 +2388,7 @@ def put(self, api: ApiModel = None, user: UserModel = None, dbi: db_orm.DbInterf
23882388

23892389
return comment_model.as_dict()
23902390

2391-
@check_api_user_write_permission
2391+
@check_api_user_read_permission
23922392
def delete(self, api: ApiModel = None, user: UserModel = None, dbi: db_orm.DbInterface = None):
23932393
request_data = request.get_json(force=True)
23942394

api/test/test_comment.py

Lines changed: 7 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -139,7 +139,7 @@ def test_login(user_authentication):
139139
assert user_authentication.status_code == 200
140140

141141

142-
@pytest.mark.parametrize('mandatory_field', ['api-id', 'comment', 'parent_table', 'parent_id', 'user-id', 'token'])
142+
@pytest.mark.parametrize('mandatory_field', ['api-id', 'comment', 'parent_table', 'parent_id'])
143143
def test_comment_post_bad_payload(client, user_authentication, api_sr_db, mandatory_field):
144144
""" Post request with bad payload, missing fields """
145145

@@ -159,10 +159,7 @@ def test_comment_post_bad_payload(client, user_authentication, api_sr_db, mandat
159159
mapping_data.pop(mandatory_field)
160160

161161
response = client.post(_MAPPING_COMMENT_URL, json=mapping_data)
162-
if mandatory_field in ['user-id', 'token']:
163-
assert response.status_code == HTTPStatus.UNAUTHORIZED
164-
else:
165-
assert response.status_code == HTTPStatus.BAD_REQUEST
162+
assert response.status_code == HTTPStatus.BAD_REQUEST
166163

167164

168165
def test_comment_post_put_delete(client, user_authentication, api_sr_db):
@@ -215,7 +212,7 @@ def test_comment_post_put_delete(client, user_authentication, api_sr_db):
215212

216213

217214
@pytest.mark.parametrize('mandatory_field',
218-
['api-id', 'comment_id', 'comment', 'parent_table', 'parent_id', 'user-id', 'token'])
215+
['api-id', 'comment_id', 'comment', 'parent_table', 'parent_id'])
219216
def test_comment_put_bad_payload(client, user_authentication, api_sr_db, mandatory_field):
220217
""" Put request with bad payload, missing fields """
221218

@@ -236,13 +233,10 @@ def test_comment_put_bad_payload(client, user_authentication, api_sr_db, mandato
236233
mapping_data.pop(mandatory_field)
237234

238235
response = client.put(_MAPPING_COMMENT_URL, json=mapping_data)
239-
if mandatory_field in ['user-id', 'token']:
240-
assert response.status_code == HTTPStatus.UNAUTHORIZED
241-
else:
242-
assert response.status_code == HTTPStatus.BAD_REQUEST
236+
assert response.status_code == HTTPStatus.BAD_REQUEST
243237

244238

245-
@pytest.mark.parametrize('mandatory_field', ['api-id', 'comment_id', 'parent_table', 'parent_id', 'user-id', 'token'])
239+
@pytest.mark.parametrize('mandatory_field', ['api-id', 'comment_id', 'parent_table', 'parent_id'])
246240
def test_comment_delete_bad_payload(client, user_authentication, api_sr_db, mandatory_field):
247241
""" Delete request with bad payload, missing fields """
248242

@@ -261,8 +255,5 @@ def test_comment_delete_bad_payload(client, user_authentication, api_sr_db, mand
261255
# Generate bad payload removing a mandatory field
262256
mapping_data.pop(mandatory_field)
263257

264-
response = client.put(_MAPPING_COMMENT_URL, json=mapping_data)
265-
if mandatory_field in ['user-id', 'token']:
266-
assert response.status_code == HTTPStatus.UNAUTHORIZED
267-
else:
268-
assert response.status_code == HTTPStatus.BAD_REQUEST
258+
response = client.delete(_MAPPING_COMMENT_URL, json=mapping_data)
259+
assert response.status_code == HTTPStatus.BAD_REQUEST

0 commit comments

Comments
 (0)