pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

make unpermitted attribute handling in Users.update more specific

Browse Source
This commit is contained in:
dandds
2018-10-16 09:37:59 -04:00
parent ab42245797
commit 8af23fda36
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
atst/domain/users.py
View File

@@ -77,8 +77,10 @@ class Users(object):
@classmethod
def update(cls, user, user_delta):
if not set(user_delta.keys()).issubset(Users._UPDATEABLE_ATTRS):
raise UnauthorizedError(user, "update DOD ID")
delta_set = set(user_delta.keys())
if not set(delta_set).issubset(Users._UPDATEABLE_ATTRS):
unpermitted = delta_set - Users._UPDATEABLE_ATTRS
raise UnauthorizedError(user, "update {}".format(", ".join(unpermitted)))
for key, value in user_delta.items():
setattr(user, key, value)