From f9a91eda2da44cc66f5f83ee1d07e9070f66148e Mon Sep 17 00:00:00 2001 From: Samuel Paccoud - DINUM Date: Thu, 13 Feb 2025 00:00:13 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B(backend)=20stop=20returning=20inac?= =?UTF-8?q?tive=20users=20on=20the=20list=20endpoint?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit inactive users should not be returned as we don't want users to be able to share new documents with them. --- src/backend/core/api/viewsets.py | 2 +- src/backend/core/tests/test_api_users.py | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/backend/core/api/viewsets.py b/src/backend/core/api/viewsets.py index 1b58f813..d52c0ad8 100644 --- a/src/backend/core/api/viewsets.py +++ b/src/backend/core/api/viewsets.py @@ -141,7 +141,7 @@ class UserViewSet( """User ViewSet""" permission_classes = [permissions.IsSelf] - queryset = models.User.objects.all() + queryset = models.User.objects.filter(is_active=True) serializer_class = serializers.UserSerializer def get_queryset(self): diff --git a/src/backend/core/tests/test_api_users.py b/src/backend/core/tests/test_api_users.py index d3e6ed48..eb3fd14d 100644 --- a/src/backend/core/tests/test_api_users.py +++ b/src/backend/core/tests/test_api_users.py @@ -154,6 +154,22 @@ def test_api_users_list_query_short_queries(): assert len(response.json()["results"]) == 2 +def test_api_users_list_query_inactive(): + """Inactive users should not be listed.""" + user = factories.UserFactory() + client = APIClient() + client.force_login(user) + + factories.UserFactory(email="john.doe@example.com", is_active=False) + lennon = factories.UserFactory(email="john.lennon@example.com") + + response = client.get("/api/v1.0/users/?q=john.") + + assert response.status_code == 200 + user_ids = [user["id"] for user in response.json()["results"]] + assert user_ids == [str(lennon.id)] + + def test_api_users_retrieve_me_anonymous(): """Anonymous users should not be allowed to list users.""" factories.UserFactory.create_batch(2)