diff --git a/pagure/api/group.py b/pagure/api/group.py index 57b7752..78ab1b2 100644 --- a/pagure/api/group.py +++ b/pagure/api/group.py @@ -15,7 +15,7 @@ import pagure import pagure.exceptions import pagure.lib from pagure import SESSION -from pagure.api import API, api_method, APIERROR +from pagure.api import API, APIERROR, api_method, api_login_optional @API.route('/groups/') @@ -68,6 +68,7 @@ def api_groups(): @API.route('/group/') +@api_login_optional() @api_method def api_view_group(group): """ @@ -112,6 +113,7 @@ def api_view_group(group): if not group: raise pagure.exceptions.APIError(404, error_code=APIERROR.ENOGROUP) - jsonout = flask.jsonify(group.to_json()) + jsonout = flask.jsonify(group.to_json( + public=(not pagure.api_authenticated()))) jsonout.status_code = 200 return jsonout diff --git a/tests/test_pagure_flask_api_group.py b/tests/test_pagure_flask_api_group.py index 896e780..8d82405 100644 --- a/tests/test_pagure_flask_api_group.py +++ b/tests/test_pagure_flask_api_group.py @@ -87,12 +87,14 @@ class PagureFlaskApiGroupTests(tests.Modeltests): self.assertEqual(sorted(data.keys()), ['groups', 'total_groups']) self.assertEqual(data['total_groups'], 1) - def test_api_view_group(self): + def test_api_view_group_authenticated(self): """ - Test the api_view_group method of the flask api - The tested group has one member. + Test the api_view_group method of the flask api with an + authenticated user. The tested group has one member. """ - output = self.app.get("/api/0/group/some_group") + tests.create_tokens(self.session) + headers = {'Authorization': 'token aaabbbcccddd'} + output = self.app.get('/api/0/group/some_group', headers=headers) self.assertEqual(output.status_code, 200) exp = { "display_name": "Some Group", @@ -115,10 +117,33 @@ class PagureFlaskApiGroupTests(tests.Modeltests): data['date_created'] = '1492020239' self.assertDictEqual(data, exp) - def test_api_view_group_two_members(self): + def test_api_view_group_unauthenticated(self): """ - Test the api_view_group method of the flask api - The tested group has two members. + Test the api_view_group method of the flask api with an + unauthenticated user. The tested group has one member. + """ + output = self.app.get('/api/0/group/some_group') + self.assertEqual(output.status_code, 200) + exp = { + "display_name": "Some Group", + "description": None, + "creator": { + "fullname": "PY C", + "name": "pingou" + }, + "members": ["pingou"], + "date_created": "1492020239", + "group_type": "user", + "name": "some_group" + } + data = json.loads(output.data) + data['date_created'] = '1492020239' + self.assertDictEqual(data, exp) + + def test_api_view_group_two_members_authenticated(self): + """ + Test the api_view_group method of the flask api with an + authenticated user. The tested group has two members. """ user = pagure.lib.model.User( user='mprahl', @@ -132,7 +157,10 @@ class PagureFlaskApiGroupTests(tests.Modeltests): result = pagure.lib.add_user_to_group( self.session, user.username, group, user.username, True) self.session.commit() - output = self.app.get("/api/0/group/some_group") + + tests.create_tokens(self.session) + headers = {'Authorization': 'token aaabbbcccddd'} + output = self.app.get('/api/0/group/some_group', headers=headers) self.assertEqual(output.status_code, 200) exp = { "display_name": "Some Group",