From bf420a2bb75827c39e05e472db2baa2a4a6bf249 Mon Sep 17 00:00:00 2001 From: Jan-Benedikt Jagusch Date: Thu, 28 Sep 2023 17:18:24 +0200 Subject: [PATCH 1/3] Add test case where target user role is None. --- quetz/tests/api/test_users.py | 1 + 1 file changed, 1 insertion(+) diff --git a/quetz/tests/api/test_users.py b/quetz/tests/api/test_users.py index 21a38394..4f3473bd 100644 --- a/quetz/tests/api/test_users.py +++ b/quetz/tests/api/test_users.py @@ -27,6 +27,7 @@ def test_validate_user_role_names(user, client, other_user, db): ("other", "owner", "member", 200), ("other", "owner", "maintainer", 200), ("other", "owner", "owner", 200), + ("other", "owner", None, 200), ("missing_user", "owner", "member", 404), ], ) From 241fe021be75461f0eb8013ce51dcc6cad7444d3 Mon Sep 17 00:00:00 2001 From: Jan-Benedikt Jagusch Date: Thu, 28 Sep 2023 17:19:12 +0200 Subject: [PATCH 2/3] Use UserOptionalRole in set user role. --- quetz/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quetz/main.py b/quetz/main.py index e6f074c7..9bd35574 100644 --- a/quetz/main.py +++ b/quetz/main.py @@ -499,7 +499,7 @@ def get_user_role( @api_router.put("/users/{username}/role", tags=["users"]) def set_user_role( username: str, - role: rest_models.UserRole, + role: rest_models.UserOptionalRole, dao: Dao = Depends(get_dao), auth: authorization.Rules = Depends(get_rules), ): From a763f163462a7f445bf95eb79a7d93adb5693e4c Mon Sep 17 00:00:00 2001 From: Jan-Benedikt Jagusch Date: Thu, 28 Sep 2023 17:34:34 +0200 Subject: [PATCH 3/3] Fix type annotations. --- quetz/authorization.py | 2 +- quetz/dao.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/quetz/authorization.py b/quetz/authorization.py index 7f2e5343..9b175c80 100644 --- a/quetz/authorization.py +++ b/quetz/authorization.py @@ -128,7 +128,7 @@ def assert_delete_user(self, requested_user_id: bytes): return user_id - def assert_assign_user_role(self, role: str): + def assert_assign_user_role(self, role: Optional[str]): if role == SERVER_MAINTAINER or role == SERVER_OWNER: return self.assert_server_roles([SERVER_OWNER]) if role == SERVER_MEMBER: diff --git a/quetz/dao.py b/quetz/dao.py index 3e61aa0b..9077363d 100644 --- a/quetz/dao.py +++ b/quetz/dao.py @@ -240,7 +240,7 @@ def delete_user(self, user_id: bytes): ).delete() self.db.commit() - def set_user_role(self, username: str, role: str): + def set_user_role(self, username: str, role: Optional[str]): user = self.db.query(User).filter(User.username == username).one_or_none() if user: