Skip to content

Commit

Permalink
Use 403 status code when user is logged in, but does not have admin p…
Browse files Browse the repository at this point in the history 
…ermissions
  • Loading branch information
@augusto-herrmann
augusto-herrmann committed Sep 26, 2024
1 parent b6d3a14 commit 79770d7
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 4 deletions.
3 changes: 2 additions & 1 deletion src/crud_auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,8 @@ async def get_current_admin_user(

if not current_user.is_admin:
raise HTTPException(
status_code=401, detail="Usuário não tem permissões de administrador"
status_code=status.HTTP_403_FORBIDDEN,
detail="Usuário não tem permissões de administrador",
)

return current_user
Expand Down
6 changes: 3 additions & 3 deletions tests/user_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ def test_get_all_users_not_logged_in(client: Client, header_not_logged_in: dict)

def test_get_all_users_logged_in_not_admin(client: Client, header_usr_2: dict):
response = client.get("/users", headers=header_usr_2)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
assert response.status_code == status.HTTP_403_FORBIDDEN


def test_get_all_users_logged_in_admin(client: Client, header_usr_1: dict):
Expand All @@ -86,7 +86,7 @@ def test_get_user_logged_in_not_admin(
client: Client, user2_credentials: dict, header_usr_2: dict # user is_admin=False
):
response = client.get(f"/user/{user2_credentials['email']}", headers=header_usr_2)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
assert response.status_code == status.HTTP_403_FORBIDDEN


def test_get_user_as_admin(
Expand Down Expand Up @@ -136,7 +136,7 @@ def test_create_user_logged_in_not_admin(
response = client.put(
f"/user/{USERS_TEST[0]['email']}", headers=header_usr_2, json=USERS_TEST[0]
)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
assert response.status_code == status.HTTP_403_FORBIDDEN


def test_create_user_logged_in_admin(
Expand Down

0 comments on commit 79770d7

Please sign in to comment.