Node interface for User returns only viewer.

be91858c · jan.bednarik · 62fc02d0 · be91858c · be91858c · be91858c
Commit be91858c authored Feb 18, 2018 by jan.bednarik
--- a/openlobby/core/api/mutations.py
+++ b/openlobby/core/api/mutations.py
@@ -94,7 +94,6 @@ class Logout(relay.ClientIDMutation):
    @classmethod
    def mutate_and_get_payload(cls, root, info, **input):
-        # TODO
        raise NotImplementedError()
        return Logout(success=True)
@@ -136,5 +135,6 @@ class NewReport(relay.ClientIDMutation):
 class Mutation:
    login = Login.Field()
    login_by_shortcut = LoginByShortcut.Field()
-    logout = Logout.Field()
+    # TODO
+    # logout = Logout.Field()
    new_report = NewReport.Field()
--- a/openlobby/core/api/types.py
+++ b/openlobby/core/api/types.py
@@ -103,11 +103,11 @@ class User(graphene.ObjectType):
    @classmethod
    def get_node(cls, info, id):
-        # TODO return only viewer
+        if not info.context.user.is_authenticated:
-        try:
+            return None
-            return cls.from_db(models.User.objects.get(id=id))
+        if int(id) != info.context.user.id:
-        except models.User.DoesNotExist:
            return None
+        return cls.from_db(info.context.user)
 class Author(graphene.ObjectType):

--- a/tests/schema/snapshots/snap_test_node.py
+++ b/tests/schema/snapshots/snap_test_node.py
@@ -56,3 +56,26 @@ snapshots['test_report 1'] = {
        }
    }
 }
+snapshots['test_user__unauthorized 1'] = {
+    'data': {
+        'node': None
+    }
+}
+snapshots['test_user__not_a_viewer 1'] = {
+    'data': {
+        'node': None
+    }
+}
+snapshots['test_user 1'] = {
+    'data': {
+        'node': {
+            'firstName': 'Albert',
+            'id': 'VXNlcjo4',
+            'lastName': 'Einstein',
+            'openidUid': 'albert@einstein.id'
+        }
+    }
+}
--- a/tests/schema/test_node.py
+++ b/tests/schema/test_node.py
 import pytest
 from graphql_relay import to_global_id
+from openlobby.core.auth import create_access_token
 from openlobby.core.models import OpenIdClient, User
 from ..dummy import prepare_report
@@ -90,3 +91,61 @@ def test_report(client, snapshot):
    }}
    """.format(id=to_global_id('Report', 1))})
    snapshot.assert_match(res.json())
+def test_user__unauthorized(client, snapshot):
+    User.objects.create(id=8, username='albert', openid_uid='albert@einstein.id',
+        first_name='Albert', last_name='Einstein')
+    res = client.post('/graphql', {'query': """
+    query {{
+        node (id:"{id}") {{
+            ... on User {{
+                id
+                firstName
+                lastName
+                openidUid
+            }}
+        }}
+    }}
+    """.format(id=to_global_id('User', 8))})
+    snapshot.assert_match(res.json())
+def test_user__not_a_viewer(client, snapshot):
+    User.objects.create(id=8, username='albert', openid_uid='albert@einstein.id',
+        first_name='Albert', last_name='Einstein')
+    User.objects.create(id=2, username='isaac', openid_uid='isaac@newton.id',
+        first_name='Isaac', last_name='Newton')
+    auth_header = 'Bearer {}'.format(create_access_token('isaac'))
+    res = client.post('/graphql', {'query': """
+    query {{
+        node (id:"{id}") {{
+            ... on User {{
+                id
+                firstName
+                lastName
+                openidUid
+            }}
+        }}
+    }}
+    """.format(id=to_global_id('User', 8))}, HTTP_AUTHORIZATION=auth_header)
+    snapshot.assert_match(res.json())
+def test_user(client, snapshot):
+    User.objects.create(id=8, username='albert', openid_uid='albert@einstein.id',
+        first_name='Albert', last_name='Einstein')
+    auth_header = 'Bearer {}'.format(create_access_token('albert'))
+    res = client.post('/graphql', {'query': """
+    query {{
+        node (id:"{id}") {{
+            ... on User {{
+                id
+                firstName
+                lastName
+                openidUid
+            }}
+        }}
+    }}
+    """.format(id=to_global_id('User', 8))}, HTTP_AUTHORIZATION=auth_header)
+    snapshot.assert_match(res.json())