studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🐛(backend) stop returning inactive users on the list endpoint

Browse Source 
inactive users should not be returned as we don't want users to be
able to share new documents with them.
This commit is contained in:
Samuel Paccoud - DINUM
2025-02-13 00:00:13 +01:00
committed by Manuel Raynaud
parent eba926dea4
commit f9a91eda2d
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/backend/core/api/viewsets.py
View File

@@ -141,7 +141,7 @@ class UserViewSet(
"""User ViewSet"""
permission_classes = [permissions.IsSelf]
queryset = models.User.objects.all()
queryset = models.User.objects.filter(is_active=True)
serializer_class = serializers.UserSerializer
def get_queryset(self):

16
src/backend/core/tests/test_api_users.py
View File

@@ -154,6 +154,22 @@ def test_api_users_list_query_short_queries():
assert len(response.json()["results"]) == 2
def test_api_users_list_query_inactive():
"""Inactive users should not be listed."""
user = factories.UserFactory()
client = APIClient()
client.force_login(user)
factories.UserFactory(email="john.doe@example.com", is_active=False)
lennon = factories.UserFactory(email="john.lennon@example.com")
response = client.get("/api/v1.0/users/?q=john.")
assert response.status_code == 200
user_ids = [user["id"] for user in response.json()["results"]]
assert user_ids == [str(lennon.id)]
def test_api_users_retrieve_me_anonymous():
"""Anonymous users should not be allowed to list users."""
factories.UserFactory.create_batch(2)