Issue-156: prevent non-root managers from updating or deleting other managers

Grommash9 / tg_chat_mate

https://grommash9.github.io/tg_chat_mate/

MIT License

5 stars 6 forks source link

Issue-156: prevent non-root managers from updating or deleting other managers #172

Closed Jonatan-Chaverri closed 8 months ago

Jonatan-Chaverri commented 8 months ago

This solves issue https://github.com/Grommash9/tg_chat_mate/issues/156

Grommash9 commented 8 months ago

We also should add it for DELETE method of manager

And can you create post deploy test for it? There is some examples of it in 'tests/post_deploy_tests.py'

We can create new manager and try to get these new error to be sure it is working as expected now and in future

NOT RELATED TO TICKET: Also what do you think about these post deploy tests? Do you like it? How do you think do we have any different better option to test our code?

Grommash9 commented 8 months ago

And now i have realised you changed user PATCH endpoint

But we should change manager one. We have managers activations and deleting options in UI now and we want it to be accessible only for root managers (main ones)

Jonatan-Chaverri commented 8 months ago

Renamed post_deploy_tests.py file to post_deploy_test.py to follow python conventions for naming unittest. Also, I was unable to write a unittest for my changes since there is no user that is not a root admin in the db. I think we should start using pytest mock library and stop testing against the real live project. I opened an issue for this https://github.com/Grommash9/tg_chat_mate/issues/173