Skip to content

Commit 97b6482

Browse files
r4victorr4victor
authored
Fix /users/list (#2908)
1 parent 8a93790 commit 97b6482

File tree

2 files changed

+61
-7
lines changed

2 files changed

+61
-7
lines changed

src/dstack/_internal/server/services/users.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,9 @@ async def list_users_for_user(
4444
session: AsyncSession,
4545
user: UserModel,
4646
) -> List[User]:
47-
return await list_all_users(session=session)
47+
if user.global_role == GlobalRole.ADMIN:
48+
return await list_all_users(session=session)
49+
return [user_model_to_user(user)]
4850

4951

5052
async def list_all_users(

src/tests/_internal/server/routers/test_users.py

Lines changed: 58 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -22,19 +22,71 @@ async def test_returns_40x_if_not_authenticated(self, test_db, client: AsyncClie
2222

2323
@pytest.mark.asyncio
2424
@pytest.mark.parametrize("test_db", ["sqlite", "postgres"], indirect=True)
25-
async def test_returns_users(self, test_db, session: AsyncSession, client: AsyncClient):
26-
user = await create_user(
25+
async def test_admins_see_all_users(self, test_db, session: AsyncSession, client: AsyncClient):
26+
admin = await create_user(
27+
session=session,
28+
name="admin",
29+
created_at=datetime(2023, 1, 2, 3, 4, tzinfo=timezone.utc),
30+
global_role=GlobalRole.ADMIN,
31+
)
32+
other_user = await create_user(
33+
session=session,
34+
name="other_user",
35+
created_at=datetime(2023, 1, 2, 3, 4, tzinfo=timezone.utc),
36+
global_role=GlobalRole.USER,
37+
)
38+
response = await client.post("/api/users/list", headers=get_auth_headers(admin.token))
39+
assert response.status_code in [200]
40+
assert response.json() == [
41+
{
42+
"id": str(admin.id),
43+
"username": admin.name,
44+
"created_at": "2023-01-02T03:04:00+00:00",
45+
"global_role": admin.global_role,
46+
"email": None,
47+
"active": True,
48+
"permissions": {
49+
"can_create_projects": True,
50+
},
51+
},
52+
{
53+
"id": str(other_user.id),
54+
"username": other_user.name,
55+
"created_at": "2023-01-02T03:04:00+00:00",
56+
"global_role": other_user.global_role,
57+
"email": None,
58+
"active": True,
59+
"permissions": {
60+
"can_create_projects": True,
61+
},
62+
},
63+
]
64+
65+
@pytest.mark.asyncio
66+
@pytest.mark.parametrize("test_db", ["sqlite", "postgres"], indirect=True)
67+
async def test_non_admins_see_only_themselves(
68+
self, test_db, session: AsyncSession, client: AsyncClient
69+
):
70+
await create_user(
71+
session=session,
72+
name="admin",
73+
created_at=datetime(2023, 1, 2, 3, 4, tzinfo=timezone.utc),
74+
global_role=GlobalRole.ADMIN,
75+
)
76+
other_user = await create_user(
2777
session=session,
78+
name="other_user",
2879
created_at=datetime(2023, 1, 2, 3, 4, tzinfo=timezone.utc),
80+
global_role=GlobalRole.USER,
2981
)
30-
response = await client.post("/api/users/list", headers=get_auth_headers(user.token))
82+
response = await client.post("/api/users/list", headers=get_auth_headers(other_user.token))
3183
assert response.status_code in [200]
3284
assert response.json() == [
3385
{
34-
"id": str(user.id),
35-
"username": user.name,
86+
"id": str(other_user.id),
87+
"username": other_user.name,
3688
"created_at": "2023-01-02T03:04:00+00:00",
37-
"global_role": user.global_role,
89+
"global_role": other_user.global_role,
3890
"email": None,
3991
"active": True,
4092
"permissions": {

0 commit comments

Comments
 (0)