fix "AttributeError: 'Request' object has no attribute 'user'"; add 4 test cases for apijson-head

zhangchunlin · zhangchunlin · commit d2ab647ab5f5 · 2019-10-11T15:32:25.000+08:00
diff --git a/tests/test.py b/tests/test.py
@@ -813,3 +813,55 @@ def test_apijson_get():
     >>> print(d)
     {'code': 200, 'msg': 'success', 'moment': {'user_id': 2, 'date': '2018-11-01 00:00:00', 'content': 'test moment', 'picture_list': '[]', 'id': 1}, 'user': {'username': 'usera', 'email': 'usera@localhost', 'id': 2}}
     """
+
+def test_apijson_head():
+    """
+    >>> application = make_simple_application(project_dir='.')
+    >>> handler = application.handler()
+
+    >>> #apijson head
+    >>> data ='''{
+    ...     "moment": {
+    ...         "user_id": 2
+    ...     }
+    ... }'''
+    >>> r = handler.post('/apijson/head', data=data, pre_call=pre_call_as("admin"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 200, 'msg': 'success', 'moment': {'code': 200, 'msg': 'success', 'count': 1}}
+
+    >>> #apijson head, with a nonexistant model
+    >>> data ='''{
+    ...     "nonexist": {
+    ...         "user_id": 2
+    ...     }
+    ... }'''
+    >>> r = handler.post('/apijson/head', data=data, pre_call=pre_call_as("admin"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 400, 'msg': "model 'nonexist' not found"}
+
+    >>> #apijson head, without permission of HEAD
+    >>> data ='''{
+    ...     "privacy": {
+    ...         "@role":"LOGIN",
+    ...         "id": 1
+    ...     }
+    ... }'''
+    >>> r = handler.post('/apijson/head', data=data, pre_call=pre_call_as("admin"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 400, 'msg': "role 'LOGIN' not have permission HEAD for 'privacy'"}
+
+    >>> #apijson head, without user
+    >>> data ='''{
+    ...     "privacy": {
+    ...         "@role":"ADMIN",
+    ...         "id": 1
+    ...     }
+    ... }'''
+    >>> r = handler.post('/apijson/head', data=data, middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 400, 'msg': "no login user for role 'ADMIN'"}
+    """
diff --git a/uliweb_apijson/apijson/views.py b/uliweb_apijson/apijson/views.py
@@ -295,9 +295,11 @@ def _head(self,key):
             else:
                 params_role = "UNKNOWN"
         if params_role not in roles:
-            return json({"code":400,"msg":"'%s' not accessible by role '%s'"%(model_name,params_role)})
+            return json({"code":400,"msg":"role '%s' not have permission HEAD for '%s'"%(params_role,model_name)})
         if params_role == "UNKNOWN":
             permission_check_ok = True
+        elif not hasattr(request,"user"):
+            return json({"code":400,"msg":"no login user for role '%s'"%(params_role)})
         elif functions.has_role(request.user,params_role):
             permission_check_ok = True
         else:
