Skip to content
Snippets Groups Projects

Resolve "Reviewers can revoke their own access"

Merged Resolve "Reviewers can revoke their own access"
176-reviewers-can-revoke-their-own-access into master
Merged Dominik Seeger requested to merge 176-reviewers-can-revoke-their-own-access into master
Compare
and
3 files
+ 21
2
Compare changes
  • Side-by-side
  • Inline
Files
3
core/tests/test_user_account_views.py
+ 8
0
@@ -86,3 +86,11 @@ class TutorReviewerCanChangePasswordTests(APITestCase):
ret = self.client.login(username=student.username,
password='chompreviver0.')
self.assertFalse(ret)
def test_reviewer_cannot_revoke_own_access(self):
user_pk = self.reviewer.pk
url = f"/api/user/{user_pk}/change_active/"
data = {'is_active': False}
self.client.force_authenticate(user=self.reviewer)
res = self.client.patch(url, data)
self.assertEqual(status.HTTP_403_FORBIDDEN, res.status_code)