From 8af23fda369351f243250feb2807c8499cd98c00 Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Tue, 16 Oct 2018 09:37:59 -0400
Subject: [PATCH] make unpermitted attribute handling in Users.update more
 specific

---
 atst/domain/users.py       | 6 ++++--
 tests/domain/test_users.py | 4 +++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/atst/domain/users.py b/atst/domain/users.py
index c67c8cbd..7494f5f4 100644
--- a/atst/domain/users.py
+++ b/atst/domain/users.py
@@ -77,8 +77,10 @@ class Users(object):
 
     @classmethod
     def update(cls, user, user_delta):
-        if not set(user_delta.keys()).issubset(Users._UPDATEABLE_ATTRS):
-            raise UnauthorizedError(user, "update DOD ID")
+        delta_set = set(user_delta.keys())
+        if not set(delta_set).issubset(Users._UPDATEABLE_ATTRS):
+            unpermitted = delta_set - Users._UPDATEABLE_ATTRS
+            raise UnauthorizedError(user, "update {}".format(", ".join(unpermitted)))
 
         for key, value in user_delta.items():
             setattr(user, key, value)
diff --git a/tests/domain/test_users.py b/tests/domain/test_users.py
index 51cfaaac..de6c7fc8 100644
--- a/tests/domain/test_users.py
+++ b/tests/domain/test_users.py
@@ -79,5 +79,7 @@ def test_update_user():
 
 def test_update_user_with_dod_id():
     new_user = Users.create(DOD_ID, "developer")
-    with pytest.raises(UnauthorizedError):
+    with pytest.raises(UnauthorizedError) as excinfo:
         Users.update(new_user, {"dod_id": "1234567890"})
+
+    assert "dod_id" in str(excinfo.value)