aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-17 14:04:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Properly hide users/teams if they are set to banned/hidden (#932)

Browse Source 
* Properly hide users/teams if they are set to hidden/banned
    * This should be in the API and in the main user panel. This should not affect admins. 
* Update tests to reflect this behavior.
This commit is contained in:
Kevin Chung
2019-04-04 22:44:18 -04:00
committed by GitHub
parent 268ed85f60
commit 7c60c697ee
10 changed files with 181 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
tests/users/test_submissions.py
View File

@@ -29,9 +29,10 @@ def test_user_get_another_public_solves():
"""Can a registered user load public solves page of another user"""
app = create_ctfd()
with app.app_context():
register_user(app)
client = login_as_user(app)
r = client.get('/api/v1/users/1/solves')
register_user(app, name='user1', email='user1@ctfd.io') # ID 2
register_user(app, name='user2', email='user2@ctfd.io') # ID 3
client = login_as_user(app, name='user2')
r = client.get('/api/v1/users/2/solves')
assert r.status_code == 200
destroy_ctfd(app)
@@ -62,9 +63,10 @@ def test_user_get_another_public_fails():
"""Can a registered user load public fails page of another user"""
app = create_ctfd()
with app.app_context():
register_user(app)
client = login_as_user(app)
r = client.get('/api/v1/users/1/fails')
register_user(app, name='user1', email='user1@ctfd.io') # ID 2
register_user(app, name='user2', email='user2@ctfd.io') # ID 3
client = login_as_user(app, name="user2")
r = client.get('/api/v1/users/2/fails')
assert r.status_code == 200
destroy_ctfd(app)
@@ -84,9 +86,10 @@ def test_user_get_another_public_team_page():
"""Can a registered user load the public profile of another user (/users/1)"""
app = create_ctfd()
with app.app_context():
register_user(app)
client = login_as_user(app)
r = client.get('/users/1')
register_user(app, name='user1', email='user1@ctfd.io') # ID 2
register_user(app, name='user2', email='user2@ctfd.io') # ID 3
client = login_as_user(app, name='user2')
r = client.get('/users/2')
assert r.status_code == 200
destroy_ctfd(app)