#31 API Tests

* writes test for sharing using the API * fixes bug on frontend form where an exception occured on generating a new API token if no token existed, yet * adds permission constraint (default group) for using the api in general * fixes default-group-only behaviour for sharing-API, so users can only add new users and not removing them, as long as they do not have any other group membership like registration or conservation office * changes 'ksptoken' to 'Ksptoken' to match CGI standard for http header keys
2022-01-27 14:48:42 +01:00
parent 6deff28389
commit 1b0ab1be07
8 changed files with 201 additions and 6 deletions
--- a/user/forms.py
+++ b/user/forms.py
@@ -152,7 +152,8 @@ class UserAPITokenForm(BaseForm):
        """
        user = self.instance
        new_token = self.cleaned_data["token"]
-        user.api_token.delete()
+        if user.api_token is not None:
+            user.api_token.delete()
        new_token = APIUserToken.objects.create(
            token=new_token
        )
--- a/user/templates/user/token.html
+++ b/user/templates/user/token.html
@@ -12,7 +12,9 @@
                </tr>
                <tr>
                    <th scope="row">{% trans 'Authenticated by admins' %}</th>
-                    {% if user.api_token.is_active %}
+                    {% if user.api_token is None %}
+                        <td></td>
+                    {% elif user.api_token.is_active %}
                        <td class="text-success" title="{% trans 'Token has been verified and can be used' %}">{% fa5_icon 'check-circle' %}</td>
                    {% else %}
                        <td class="text-primary" title="{% trans 'Token waiting for verification' %}">{% fa5_icon 'hourglass-half' %}</td>