Skip to content
Snippets Groups Projects
Commit 21fb5e59 authored by jan.bednarik's avatar jan.bednarik
Browse files

Return Report draft only for author from Node interface.

parent 47fe72cd
No related branches found
No related tags found
No related merge requests found
......@@ -71,6 +71,12 @@ class Report(graphene.ObjectType):
except NotFoundError:
return None
if report.is_draft:
if not info.context.user.is_authenticated:
return None
if report.author_id != info.context.user.id:
return None
author_type = cls._meta.fields['author'].type
author = author_type.get_node(info, report.author_id)
return cls.from_es(report, author)
......
import pytest
import arrow
import json
import re
from openlobby.core.auth import create_access_token
from openlobby.core.models import User, Report
from ..utils import call_api
pytestmark = [pytest.mark.django_db, pytest.mark.usefixtures('django_es')]
......@@ -16,18 +16,6 @@ def setup():
first_name='Winston', last_name='Wolfe', email='winston@wolfe.com')
def call_api(client, query, input, username=None):
variables = json.dumps({'input': input})
if username is None:
res = client.post('/graphql', {'query': query, 'variables': variables})
else:
token = create_access_token(username)
auth_header = 'Bearer {}'.format(token)
res = client.post('/graphql', {'query': query, 'variables': variables},
HTTP_AUTHORIZATION=auth_header)
return res.json()
def test_unauthorized(client, snapshot):
query = """
mutation createReport ($input: CreateReportInput!) {
......
......@@ -85,3 +85,24 @@ snapshots['test_user 1'] = {
}
}
}
snapshots['test_report__is_draft__unauthorized_viewer 1'] = {
'data': {
'node': None
}
}
snapshots['test_report__is_draft__viewer_is_not_author 1'] = {
'data': {
'node': None
}
}
snapshots['test_report__is_draft 1'] = {
'data': {
'node': {
'id': 'UmVwb3J0OjQ=',
'title': 'The Silmarillion'
}
}
}
......@@ -5,6 +5,7 @@ from openlobby.core.auth import create_access_token
from openlobby.core.models import OpenIdClient, User
from ..dummy import prepare_reports
from ..utils import call_api
pytestmark = [pytest.mark.django_db, pytest.mark.usefixtures('django_es')]
......@@ -89,6 +90,51 @@ def test_report(client, snapshot):
snapshot.assert_match(res.json())
def test_report__is_draft(client, snapshot):
prepare_reports()
query = """
query {{
node (id:"{id}") {{
... on Report {{
id
title
}}
}}
}}
""".format(id=to_global_id('Report', 4))
snapshot.assert_match(call_api(client, query, username='Wolf'))
def test_report__is_draft__unauthorized_viewer(client, snapshot):
prepare_reports()
query = """
query {{
node (id:"{id}") {{
... on Report {{
id
title
}}
}}
}}
""".format(id=to_global_id('Report', 4))
snapshot.assert_match(call_api(client, query))
def test_report__is_draft__viewer_is_not_author(client, snapshot):
prepare_reports()
query = """
query {{
node (id:"{id}") {{
... on Report {{
id
title
}}
}}
}}
""".format(id=to_global_id('Report', 4))
snapshot.assert_match(call_api(client, query))
def test_user__unauthorized(client, snapshot):
User.objects.create(id=8, username='albert', openid_uid='albert@einstein.id',
first_name='Albert', last_name='Einstein', extra={'e': 'mc2'})
......
import json
from openlobby.core.auth import create_access_token
def call_api(client, query, input=None, username=None):
variables = json.dumps({'input': input or {}})
if username is None:
res = client.post('/graphql', {'query': query, 'variables': variables})
else:
token = create_access_token(username)
auth_header = 'Bearer {}'.format(token)
res = client.post('/graphql', {'query': query, 'variables': variables},
HTTP_AUTHORIZATION=auth_header)
return res.json()
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment