Skip to content

Commit

Permalink
Merge pull request #150 from swiftss-org/fix/failing-build
Browse files Browse the repository at this point in the history 
fix permissions
  • Loading branch information
@szigyi
szigyi committed Mar 29, 2024
2 parents 53e8f77 + 6ad315f commit f372451
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 5 deletions.
4 changes: 2 additions & 2 deletions tmh_registry/registry/tests/api/viewsets/test_hospitals.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ def test_get_hospitals_list_from_non_admin_user(self):
self.client.credentials(HTTP_AUTHORIZATION="Token " + self.token.key)
response = self.client.get("/api/v1/hospitals/", format="json")

self.assertEqual(HTTP_403_FORBIDDEN, response.status_code)
self.assertEqual(HTTP_200_OK, response.status_code)

def test_get_hospitals_list_from_non_medical_personnel_user(self):
self.non_mp_user = UserFactory()
Expand Down Expand Up @@ -95,7 +95,7 @@ def test_get_hospitals_detail_from_non_admin_user(self):
f"/api/v1/hospitals/{self.hospital.id}/", format="json"
)

self.assertEqual(HTTP_403_FORBIDDEN, response.status_code)
self.assertEqual(HTTP_200_OK, response.status_code)

def test_get_hospitals_detail_from_non_medical_personnel_user(self):
self.non_mp_user = UserFactory()
Expand Down
4 changes: 2 additions & 2 deletions tmh_registry/registry/tests/api/viewsets/test_patients.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ def test_get_patients_list_from_non_admin_user(self):
client.credentials(HTTP_AUTHORIZATION="Token " + non_admin_token.key)
response = client.get("/api/v1/patients/", format="json")

self.assertEqual(HTTP_403_FORBIDDEN, response.status_code)
self.assertEqual(HTTP_200_OK, response.status_code)

def test_get_patients_list_from_non_medical_personnel_user(self):
non_mp_user = UserFactory()
Expand Down Expand Up @@ -256,7 +256,7 @@ def test_get_patients_detail_from_non_admin_user(self):
f"/api/v1/patients/{self.patient.id}/", format="json"
)

self.assertEqual(HTTP_403_FORBIDDEN, response.status_code)
self.assertEqual(HTTP_200_OK, response.status_code)

def test_get_patients_detail_from_non_medical_personnel_user(self):
non_mp_user = UserFactory()
Expand Down
4 changes: 3 additions & 1 deletion tmh_registry/users/api/permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,10 @@ class IsMedicalPersonnel(permissions.BasePermission):

def has_permission(self, request, view):
try:
return request.user.medical_personnel.user.is_staff
request.user.medical_personnel
except MedicalPersonnel.DoesNotExist:
return False
except builtins.Exception:
return False

return True

0 comments on commit f372451

Please sign in to comment.