Fix set user roles when role is None (#669)

* Add test case where target user role is None. * Use UserOptionalRole in set user role. * Fix type annotations.
mamba-org · Sep 28, 2023 · 3cbd27a · 3cbd27a
1 parent 5a43902
commit 3cbd27a
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 3 deletions.
diff --git a/quetz/authorization.py b/quetz/authorization.py
@@ -128,7 +128,7 @@ def assert_delete_user(self, requested_user_id: bytes):
 
         return user_id
 
-    def assert_assign_user_role(self, role: str):
+    def assert_assign_user_role(self, role: Optional[str]):
         if role == SERVER_MAINTAINER or role == SERVER_OWNER:
             return self.assert_server_roles([SERVER_OWNER])
         if role == SERVER_MEMBER:

diff --git a/quetz/dao.py b/quetz/dao.py
@@ -240,7 +240,7 @@ def delete_user(self, user_id: bytes):
         ).delete()
         self.db.commit()
 
-    def set_user_role(self, username: str, role: str):
+    def set_user_role(self, username: str, role: Optional[str]):
         user = self.db.query(User).filter(User.username == username).one_or_none()
 
         if user:

diff --git a/quetz/main.py b/quetz/main.py
@@ -499,7 +499,7 @@ def get_user_role(
 @api_router.put("/users/{username}/role", tags=["users"])
 def set_user_role(
     username: str,
-    role: rest_models.UserRole,
+    role: rest_models.UserOptionalRole,
     dao: Dao = Depends(get_dao),
     auth: authorization.Rules = Depends(get_rules),
 ):

diff --git a/quetz/tests/api/test_users.py b/quetz/tests/api/test_users.py
@@ -27,6 +27,7 @@ def test_validate_user_role_names(user, client, other_user, db):
         ("other", "owner", "member", 200),
         ("other", "owner", "maintainer", 200),
         ("other", "owner", "owner", 200),
+        ("other", "owner", None, 200),
         ("missing_user", "owner", "member", 404),
     ],
 )