diff --git a/app/views/user.py b/app/views/user.py index 5dfc15e..82019be 100644 --- a/app/views/user.py +++ b/app/views/user.py @@ -1,5 +1,5 @@ from flask import Blueprint, render_template, request, flash, redirect, url_for, jsonify -from flask_login import login_required +from flask_login import login_required, current_user from app.controllers import create_pagination from sqlalchemy import not_ @@ -102,6 +102,7 @@ def search(): if book_id: book_contributors = m.BookContributor.query.filter_by(book_id=book_id).all() user_ids = [contributor.user_id for contributor in book_contributors] + user_ids.append(current_user.id) query_user = query_user.filter(not_(m.User.id.in_(user_ids))) query_user = query_user.limit(configuration.MAX_SEARCH_RESULTS) diff --git a/tests/test_users.py b/tests/test_users.py index e0f86a4..0591971 100644 --- a/tests/test_users.py +++ b/tests/test_users.py @@ -47,13 +47,26 @@ def test_delete_user(populate: FlaskClient): def test_search_user(populate: FlaskClient, runner: FlaskCliRunner): - login(populate) + _, current_user = login(populate) MAX_SEARCH_RESULTS = populate.application.config["MAX_SEARCH_RESULTS"] response = populate.get("/user/search") assert response.status_code == 422 assert response.json["message"] == "q parameter is required" + q = current_user.username + + response = populate.get(f"/user/search?q={q}") + assert response.json + + users = response.json.get("users") + assert users + assert len(users) <= MAX_SEARCH_RESULTS + + for user in users: + assert q in user["username"] + assert user["username"] != current_user + q = "user" response = populate.get(f"/user/search?q={q}")