Skip to content

Commit 9461f44

Browse files
zhangchunlinzhangchunlin
committed
fix "AttributeError: 'Request' object has no attribute 'user'"; add 1 test case for apijson-head
1 parent d2ab647 commit 9461f44

File tree

2 files changed

+18
-7
lines changed

2 files changed

+18
-7
lines changed

tests/test.py

+11
Original file line numberDiff line numberDiff line change
@@ -864,4 +864,15 @@ def test_apijson_head():
864864
>>> d = json_loads(r.data)
865865
>>> print(d)
866866
{'code': 400, 'msg': "no login user for role 'ADMIN'"}
867+
868+
>>> #apijson head, without user and @role
869+
>>> data ='''{
870+
... "privacy": {
871+
... "id": 1
872+
... }
873+
... }'''
874+
>>> r = handler.post('/apijson/head', data=data, middlewares=[])
875+
>>> d = json_loads(r.data)
876+
>>> print(d)
877+
{'code': 400, 'msg': "role 'UNKNOWN' not have permission HEAD for 'privacy'"}
867878
"""

uliweb_apijson/apijson/views.py

+7-7
Original file line numberDiff line numberDiff line change
@@ -112,12 +112,12 @@ def _get_one(self,key):
112112
roles = GET.get("roles")
113113
permission_check_ok = False
114114
if not params_role:
115-
if hasattr(request,"user"):
115+
if hasattr(request,"user") and request.user:
116116
params_role = "LOGIN"
117117
else:
118118
params_role = "UNKNOWN"
119119
elif params_role != "UNKNOWN":
120-
if not hasattr(request,"user"):
120+
if not (hasattr(request,"user") and request.user):
121121
return json({"code":400,"msg":"no login user for role '%s'"%(params_role)})
122122
if params_role not in roles:
123123
return json({"code":400,"msg":"'%s' not accessible by role '%s'"%(model_name,params_role)})
@@ -290,15 +290,15 @@ def _head(self,key):
290290
roles = HEAD.get("roles")
291291
permission_check_ok = False
292292
if not params_role:
293-
if request.user:
293+
if hasattr(request,"user") and request.user:
294294
params_role = "LOGIN"
295295
else:
296296
params_role = "UNKNOWN"
297297
if params_role not in roles:
298298
return json({"code":400,"msg":"role '%s' not have permission HEAD for '%s'"%(params_role,model_name)})
299299
if params_role == "UNKNOWN":
300300
permission_check_ok = True
301-
elif not hasattr(request,"user"):
301+
elif not (hasattr(request,"user") and request.user):
302302
return json({"code":400,"msg":"no login user for role '%s'"%(params_role)})
303303
elif functions.has_role(request.user,params_role):
304304
permission_check_ok = True
@@ -387,7 +387,7 @@ def _post_one(self,key,tag):
387387
if roles:
388388
for role in roles:
389389
if role == "OWNER":
390-
if request.user:
390+
if hasattr(request,"user") and request.user:
391391
permission_check_ok = True
392392
if user_id_field:
393393
params[user_id_field] = request.user.id
@@ -506,7 +506,7 @@ def _put_one(self,key,tag):
506506
if roles:
507507
for role in roles:
508508
if role == "OWNER":
509-
if request.user:
509+
if hasattr(request,"user") and request.user:
510510
if user_id_field:
511511
if obj.to_dict().get(user_id_field)==request.user.id:
512512
permission_check_ok = True
@@ -627,7 +627,7 @@ def _delete_one(self,key,tag):
627627
if roles:
628628
for role in roles:
629629
if role == "OWNER":
630-
if request.user:
630+
if hasattr(request,"user") and request.user:
631631
if user_id_field:
632632
if obj.to_dict().get(user_id_field)==request.user.id:
633633
permission_check_ok = True

0 commit comments

Comments
 (0)