From dafb2553f03e4fc4bbf468a61db8ba01c275a72d Mon Sep 17 00:00:00 2001
From: RegisSinjari <omilale2@gmail.com>
Date: Fri, 1 Mar 2024 07:18:44 +0100
Subject: [PATCH] [Fixes #11995] Implement POST and PATCH methods for the User
 API

---
 geonode/base/api/permissions.py | 2 +-
 geonode/base/api/tests.py       | 9 ++++-----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/geonode/base/api/permissions.py b/geonode/base/api/permissions.py
index 28c395c0878..f6bd91adba3 100644
--- a/geonode/base/api/permissions.py
+++ b/geonode/base/api/permissions.py
@@ -50,7 +50,7 @@ def has_permission(self, request, view):
         """Always return False here.
         The fine-grained permissions are handled in has_object_permission().
         """
-        if request.path.startswith("/api/v2/users"):  # CUTOM CASE FOR users
+        if view.basename == "users":  # CUTOM CASE FOR users
             return True
         return False
 
diff --git a/geonode/base/api/tests.py b/geonode/base/api/tests.py
index 923170960bb..bc9dc434770 100644
--- a/geonode/base/api/tests.py
+++ b/geonode/base/api/tests.py
@@ -417,7 +417,7 @@ def test_update_user_profile(self):
                 username="user_test_delete", email="user_test_delete@geonode.org", password="user"
             )
             url = reverse("users-detail", kwargs={"pk": user.pk})
-            data = {"first_name": "user"}
+            data = {"first_name": "user", "password": "@!2XJSL_S&V^0nt", "email": "user@exampl2e.com"}
             # Anonymous
             response = self.client.patch(url, data=data, format="json")
             self.assertEqual(response.status_code, 403)
@@ -428,14 +428,15 @@ def test_update_user_profile(self):
             # User self profile
             self.assertTrue(self.client.login(username="user_test_delete", password="user"))
             response = self.client.patch(url, data=data, format="json")
-            self.assertEqual(response.status_code, 403)
+            self.assertEqual(response.status_code, 200)
             # Group manager
             group = GroupProfile.objects.create(slug="test_group_manager", title="test_group_manager")
             group.join(user)
             group.join(get_user_model().objects.get(username="norman"), role="manager")
             self.assertTrue(self.client.login(username="norman", password="norman"))
             response = self.client.post(url, data=data, format="json")
-            self.assertEqual(response.status_code, 403)
+            # malformed url on post
+            self.assertEqual(response.status_code, 405)
             # Admin can edit user
             self.assertTrue(self.client.login(username="admin", password="admin"))
             response = self.client.patch(url, data={"first_name": "user_admin"}, format="json")
@@ -470,8 +471,6 @@ def test_delete_user_profile(self):
             self.assertEqual(response.status_code, 403)
             # Admin can delete user
             self.assertTrue(self.client.login(username="admin", password="admin"))
-            self.client.force_login(get_user_model().objects.get(username="admin"))
-            print("kalon")
             response = self.client.delete(url, format="json")
             self.assertEqual(response.status_code, 204)
         finally: