diff --git a/scram/users/api/views.py b/scram/users/api/views.py index 0e17cb54..1ddad88a 100644 --- a/scram/users/api/views.py +++ b/scram/users/api/views.py @@ -3,7 +3,7 @@ from django.contrib.auth import get_user_model from rest_framework import status from rest_framework.decorators import action -from rest_framework.mixins import ListModelMixin, RetrieveModelMixin, UpdateModelMixin +from rest_framework.mixins import ListModelMixin, RetrieveModelMixin from rest_framework.response import Response from rest_framework.viewsets import GenericViewSet @@ -12,7 +12,7 @@ User = get_user_model() -class UserViewSet(RetrieveModelMixin, ListModelMixin, UpdateModelMixin, GenericViewSet): +class UserViewSet(RetrieveModelMixin, ListModelMixin, GenericViewSet): """Lookup Users by username.""" serializer_class = UserSerializer diff --git a/scram/users/tests/test_drf_views.py b/scram/users/tests/test_drf_views.py index bbe56598..e6d6f490 100644 --- a/scram/users/tests/test_drf_views.py +++ b/scram/users/tests/test_drf_views.py @@ -2,6 +2,8 @@ import pytest from django.test import RequestFactory +from django.urls import reverse +from rest_framework.test import APIClient from scram.users.api.views import UserViewSet from scram.users.models import User @@ -37,3 +39,26 @@ def test_me(self, user: User, rf: RequestFactory): "name": user.name, "url": f"http://testserver/api/v1/users/{user.username}/", } + + def test_user_cannot_update_name(self): + """Test that users cannot update their name via the API.""" + client = APIClient() + + original_name = "testuser" + test_user = User.objects.create_user( + username=original_name, + password="password123", + ) + + # Authenticate as this user + client.force_authenticate(user=test_user) + + # Try to update name using PUT + url = reverse("users:detail", kwargs={"username": test_user.username}) + update_data = {"username": "New Name"} + + client.put(url, update_data) + + # Confirm user's name wasn't changed in the database + test_user.refresh_from_db() + assert test_user.username == original_name