[Fixes #11995] Implement POST and PATCH methods for the User API

GeoNode · Mar 1, 2024 · dafb255 · dafb255
1 parent c0c4dfb
commit dafb255
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 6 deletions.
diff --git a/geonode/base/api/permissions.py b/geonode/base/api/permissions.py
@@ -50,7 +50,7 @@ def has_permission(self, request, view):
         """Always return False here.
         The fine-grained permissions are handled in has_object_permission().
         """
-        if request.path.startswith("/api/v2/users"):  # CUTOM CASE FOR users
+        if view.basename == "users":  # CUTOM CASE FOR users
             return True
         return False
 

diff --git a/geonode/base/api/tests.py b/geonode/base/api/tests.py
@@ -417,7 +417,7 @@ def test_update_user_profile(self):
                 username="user_test_delete", email="user_test_delete@geonode.org", password="user"
             )
             url = reverse("users-detail", kwargs={"pk": user.pk})
-            data = {"first_name": "user"}
+            data = {"first_name": "user", "password": "@!2XJSL_S&V^0nt", "email": "user@exampl2e.com"}
             # Anonymous
             response = self.client.patch(url, data=data, format="json")
             self.assertEqual(response.status_code, 403)
@@ -428,14 +428,15 @@ def test_update_user_profile(self):
             # User self profile
             self.assertTrue(self.client.login(username="user_test_delete", password="user"))
             response = self.client.patch(url, data=data, format="json")
-            self.assertEqual(response.status_code, 403)
+            self.assertEqual(response.status_code, 200)
             # Group manager
             group = GroupProfile.objects.create(slug="test_group_manager", title="test_group_manager")
             group.join(user)
             group.join(get_user_model().objects.get(username="norman"), role="manager")
             self.assertTrue(self.client.login(username="norman", password="norman"))
             response = self.client.post(url, data=data, format="json")
-            self.assertEqual(response.status_code, 403)
+            # malformed url on post
+            self.assertEqual(response.status_code, 405)
             # Admin can edit user
             self.assertTrue(self.client.login(username="admin", password="admin"))
             response = self.client.patch(url, data={"first_name": "user_admin"}, format="json")
@@ -470,8 +471,6 @@ def test_delete_user_profile(self):
             self.assertEqual(response.status_code, 403)
             # Admin can delete user
             self.assertTrue(self.client.login(username="admin", password="admin"))
-            self.client.force_login(get_user_model().objects.get(username="admin"))
-            print("kalon")
             response = self.client.delete(url, format="json")
             self.assertEqual(response.status_code, 204)
         finally: