Update middleware & tests

2021-05-27 09:52:06 +02:00 · 2021-05-27 09:52:06 +02:00 · a2df6ff7bd
parent 3e64d1c51f
commit a2df6ff7bd
2 changed files with 6 additions and 4 deletions
--- a/server/core/tests/test_api.py
+++ b/server/core/tests/test_api.py
@ -16,11 +16,10 @@ class ApiAccessTestCase(TestCase):
    def test_graphqlEndpoint_shouldNotBeAccessibleWithoutLogin(self):
        c = Client()
        response = c.post('/api/graphql/', data=self.query, content_type='application/json')
-        self.assertEqual(response.status_code, 302)
-        self.assertEqual(response.url, '/login?next=/api/graphql/')
+        self.assertEqual(response.status_code, 402)

-    def test_graphqlEndpoint_shouldBeAccessibleWithLogin(self):
-        UserFactory(username='admin')
+    def test_graphqlEndpoint_shouldBeAccessibleForSuperUser(self):
+        UserFactory(username='admin', is_staff=True, is_active=True, is_superuser=True)

        c = Client()
        c.login(username='admin', password='test')
--- a/server/core/utils.py
+++ b/server/core/utils.py
@ -28,6 +28,9 @@ def is_private_api_call_allowed(user, body):
    # logged in users should only be able to access all resources if they have a valid license
    # logged in users without valid license have only access to logout, me & coupon mutations

+    if user.is_superuser:
+        return True
+
    body_unicode = body.decode('utf-8')

    try: