Skip to content

Commit

Permalink
[list frozen] check if user is admin.
Browse files Browse the repository at this point in the history
  • Loading branch information
@AureliaDolo
AureliaDolo committed Nov 15, 2024
1 parent 2ae8a86 commit 0916efb
Show file tree
Hide file tree
Showing 6 changed files with 29 additions and 7 deletions.
2 changes: 1 addition & 1 deletion libparsec/crates/client/src/client/list_frozen_users.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ pub async fn list_frozen_users(
match cmds.send(Req {}).await? {
Rep::Ok { frozen_users } => Ok(frozen_users),
Rep::AuthorNotAllowed => Err(ClientListFrozenUsersError::AuthorNotAllowed),
bad_rep @ Rep::UnknownStatus { .. } => {
bad_rep @ (Rep::UnknownStatus { .. } | Rep::AuthorNotFound) => {
Err(anyhow::anyhow!("Unexpected server response: {:?}", bad_rep).into())
}
}
Expand Down
3 changes: 3 additions & 0 deletions libparsec/crates/protocol/schema/authenticated_cmds/list_frozen_users.json5
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@
},
{
"status": "author_not_allowed"
},
{
"status": "author_not_found"
}
]
}
Expand Down
20 changes: 18 additions & 2 deletions libparsec/crates/protocol/tests/authenticated_cmds/v4/list_frozen_users.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,24 @@ pub fn rep_author_not_allowed() {
p_assert_eq!(data2, expected);
}

pub fn rep_author_not_found() {
// Generated from Parsec 3.1.1-a.0+dev
// Content:
// status: 'author_not_found'
let raw: &[u8] = hex!("81a6737461747573b0617574686f725f6e6f745f666f756e64").as_ref();
let expected = authenticated_cmds::list_frozen_users::Rep::AuthorNotFound;
let data = authenticated_cmds::list_frozen_users::Rep::load(raw).unwrap();

p_assert_eq!(data, expected);

// Also test serialization round trip
let raw2 = data.dump().unwrap();

let data2 = authenticated_cmds::list_frozen_users::Rep::load(&raw2).unwrap();

p_assert_eq!(data2, expected);
}

pub fn rep_ok() {
// Generated from Parsec 3.1.1-a.0+dev
// Content:
Expand All @@ -38,7 +56,6 @@ pub fn rep_ok() {
let expected = authenticated_cmds::list_frozen_users::Rep::Ok {
frozen_users: vec![UserID::from_hex("109b68ba5cdf428ea0017fc6bcc04d4a").unwrap()],
};
println!("***expected: {:?}", expected.dump().unwrap());
let data = authenticated_cmds::list_frozen_users::Rep::load(raw).unwrap();

p_assert_eq!(data, expected);
Expand All @@ -60,7 +77,6 @@ pub fn req() {
let req = authenticated_cmds::list_frozen_users::Req;

let expected = authenticated_cmds::AnyCmdReq::ListFrozenUsers(req.clone());
println!("***expected: {:?}", req.dump().unwrap());
let data = authenticated_cmds::AnyCmdReq::load(raw).unwrap();

p_assert_eq!(data, expected);
Expand Down
5 changes: 5 additions & 0 deletions server/parsec/_parsec_pyi/protocol/authenticated_cmds/v4/list_frozen_users.pyi
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,3 +33,8 @@ class RepAuthorNotAllowed(Rep):
def __init__(
self,
) -> None: ...

class RepAuthorNotFound(Rep):
def __init__(
self,
) -> None: ...
1 change: 0 additions & 1 deletion server/parsec/components/memory/user.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -700,7 +700,6 @@ async def list_frozen_users(
if user.current_profile != UserProfile.ADMIN:
return UserListFrozenUsersBadOutcome.AUTHOR_NOT_ALLOWED

# TODO check author is admin
users = []
for user in org.users.values():
if user.is_frozen:
Expand Down
5 changes: 2 additions & 3 deletions server/tests/api_v4/authenticated/test_list_frozen_users.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,8 @@ async def test_authenticated_list_frozen_users_author_not_allowed(
coolorg: CoolorgRpcClients, backend: Backend
) -> None:
pass
# rep = await coolorg.mallory.list_frozen_users() # mallory is an outsider
# TODO check author is admin
# assert rep == authenticated_cmds.v4.list_frozen_users.RepAuthorNotAllowed()
rep = await coolorg.mallory.list_frozen_users() # mallory is an outsider
assert rep == authenticated_cmds.v4.list_frozen_users.RepAuthorNotAllowed()


async def test_authenticated_list_frozen_users_http_common_errors(
Expand Down

0 comments on commit 0916efb

Please sign in to comment.