make unpermitted attribute handling in Users.update more specific

2018-10-16 09:37:59 -04:00 · 2018-10-16 09:37:59 -04:00 · 8af23fda36
commit 8af23fda36
parent ab42245797
2 changed files with 7 additions and 3 deletions
--- a/atst/domain/users.py
+++ b/atst/domain/users.py
@ -77,8 +77,10 @@ class Users(object):

    @classmethod
    def update(cls, user, user_delta):
-        if not set(user_delta.keys()).issubset(Users._UPDATEABLE_ATTRS):
-            raise UnauthorizedError(user, "update DOD ID")
+        delta_set = set(user_delta.keys())
+        if not set(delta_set).issubset(Users._UPDATEABLE_ATTRS):
+            unpermitted = delta_set - Users._UPDATEABLE_ATTRS
+            raise UnauthorizedError(user, "update {}".format(", ".join(unpermitted)))

        for key, value in user_delta.items():
            setattr(user, key, value)
--- a/tests/domain/test_users.py
+++ b/tests/domain/test_users.py
@ -79,5 +79,7 @@ def test_update_user():

 def test_update_user_with_dod_id():
    new_user = Users.create(DOD_ID, "developer")
-    with pytest.raises(UnauthorizedError):
+    with pytest.raises(UnauthorizedError) as excinfo:
        Users.update(new_user, {"dod_id": "1234567890"})
+
+    assert "dod_id" in str(excinfo.value)