1423 model filter bypass (#1451)

* Add `view=admin` GET param to `/api/v1/users`, `/api/v1/teams`, and `/api/v1/challenges` to bypass filtering for admins * Closes #1423 #1445 * Related to #1165
2025-12-18 06:24:23 +01:00 · 2020-05-29 11:06:04 -04:00
parent 970e1ca65e
commit 50f75be5eb
6 changed files with 76 additions and 23 deletions
--- a/tests/api/v1/test_teams.py
+++ b/tests/api/v1/test_teams.py
@@ -696,6 +696,9 @@ def test_api_accessing_hidden_banned_users():
        app.db.session.commit()

        with login_as_user(app, name="visible_user") as client:
+            list_teams = client.get("/api/v1/teams").get_json()["data"]
+            assert len(list_teams) == 0
+
            assert client.get("/api/v1/teams/1").status_code == 404
            assert client.get("/api/v1/teams/1/solves").status_code == 404
            assert client.get("/api/v1/teams/1/fails").status_code == 404
@@ -707,6 +710,10 @@ def test_api_accessing_hidden_banned_users():
            assert client.get("/api/v1/teams/2/awards").status_code == 404

        with login_as_user(app, name="admin") as client:
+            # Admins see hidden teams in lists
+            list_users = client.get("/api/v1/teams?view=admin").get_json()["data"]
+            assert len(list_users) == 2
+
            assert client.get("/api/v1/teams/1").status_code == 200
            assert client.get("/api/v1/teams/1/solves").status_code == 200
            assert client.get("/api/v1/teams/1/fails").status_code == 200