Skip to content
Snippets Groups Projects
Commit be91858c authored by jan.bednarik's avatar jan.bednarik
Browse files

Node interface for User returns only viewer.

parent 62fc02d0
No related branches found
No related tags found
No related merge requests found
...@@ -94,7 +94,6 @@ class Logout(relay.ClientIDMutation): ...@@ -94,7 +94,6 @@ class Logout(relay.ClientIDMutation):
@classmethod @classmethod
def mutate_and_get_payload(cls, root, info, **input): def mutate_and_get_payload(cls, root, info, **input):
# TODO
raise NotImplementedError() raise NotImplementedError()
return Logout(success=True) return Logout(success=True)
...@@ -136,5 +135,6 @@ class NewReport(relay.ClientIDMutation): ...@@ -136,5 +135,6 @@ class NewReport(relay.ClientIDMutation):
class Mutation: class Mutation:
login = Login.Field() login = Login.Field()
login_by_shortcut = LoginByShortcut.Field() login_by_shortcut = LoginByShortcut.Field()
logout = Logout.Field() # TODO
# logout = Logout.Field()
new_report = NewReport.Field() new_report = NewReport.Field()
...@@ -103,11 +103,11 @@ class User(graphene.ObjectType): ...@@ -103,11 +103,11 @@ class User(graphene.ObjectType):
@classmethod @classmethod
def get_node(cls, info, id): def get_node(cls, info, id):
# TODO return only viewer if not info.context.user.is_authenticated:
try: return None
return cls.from_db(models.User.objects.get(id=id)) if int(id) != info.context.user.id:
except models.User.DoesNotExist:
return None return None
return cls.from_db(info.context.user)
class Author(graphene.ObjectType): class Author(graphene.ObjectType):
......
...@@ -56,3 +56,26 @@ snapshots['test_report 1'] = { ...@@ -56,3 +56,26 @@ snapshots['test_report 1'] = {
} }
} }
} }
snapshots['test_user__unauthorized 1'] = {
'data': {
'node': None
}
}
snapshots['test_user__not_a_viewer 1'] = {
'data': {
'node': None
}
}
snapshots['test_user 1'] = {
'data': {
'node': {
'firstName': 'Albert',
'id': 'VXNlcjo4',
'lastName': 'Einstein',
'openidUid': 'albert@einstein.id'
}
}
}
import pytest import pytest
from graphql_relay import to_global_id from graphql_relay import to_global_id
from openlobby.core.auth import create_access_token
from openlobby.core.models import OpenIdClient, User from openlobby.core.models import OpenIdClient, User
from ..dummy import prepare_report from ..dummy import prepare_report
...@@ -90,3 +91,61 @@ def test_report(client, snapshot): ...@@ -90,3 +91,61 @@ def test_report(client, snapshot):
}} }}
""".format(id=to_global_id('Report', 1))}) """.format(id=to_global_id('Report', 1))})
snapshot.assert_match(res.json()) snapshot.assert_match(res.json())
def test_user__unauthorized(client, snapshot):
User.objects.create(id=8, username='albert', openid_uid='albert@einstein.id',
first_name='Albert', last_name='Einstein')
res = client.post('/graphql', {'query': """
query {{
node (id:"{id}") {{
... on User {{
id
firstName
lastName
openidUid
}}
}}
}}
""".format(id=to_global_id('User', 8))})
snapshot.assert_match(res.json())
def test_user__not_a_viewer(client, snapshot):
User.objects.create(id=8, username='albert', openid_uid='albert@einstein.id',
first_name='Albert', last_name='Einstein')
User.objects.create(id=2, username='isaac', openid_uid='isaac@newton.id',
first_name='Isaac', last_name='Newton')
auth_header = 'Bearer {}'.format(create_access_token('isaac'))
res = client.post('/graphql', {'query': """
query {{
node (id:"{id}") {{
... on User {{
id
firstName
lastName
openidUid
}}
}}
}}
""".format(id=to_global_id('User', 8))}, HTTP_AUTHORIZATION=auth_header)
snapshot.assert_match(res.json())
def test_user(client, snapshot):
User.objects.create(id=8, username='albert', openid_uid='albert@einstein.id',
first_name='Albert', last_name='Einstein')
auth_header = 'Bearer {}'.format(create_access_token('albert'))
res = client.post('/graphql', {'query': """
query {{
node (id:"{id}") {{
... on User {{
id
firstName
lastName
openidUid
}}
}}
}}
""".format(id=to_global_id('User', 8))}, HTTP_AUTHORIZATION=auth_header)
snapshot.assert_match(res.json())
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment