feat(scholars): add multiselect and bulk actions #49
3 changed files with 7 additions and 5 deletions
|
|
@ -27,6 +27,7 @@ from app.services.scholars.validators import (
|
||||||
validate_scholar_id,
|
validate_scholar_id,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
async def bulk_delete_scholars(
|
async def bulk_delete_scholars(
|
||||||
db_session: AsyncSession,
|
db_session: AsyncSession,
|
||||||
*,
|
*,
|
||||||
|
|
|
||||||
|
|
@ -182,8 +182,8 @@ export async function bulkToggleScholars(scholarProfileIds: number[], isEnabled:
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function exportScholarData(ids?: number[]): Promise<DataExportPayload> {
|
export async function exportScholarData(ids?: number[]): Promise<DataExportPayload> {
|
||||||
const params = ids && ids.length > 0 ? `?ids=${ids.join(",")}` : "";
|
const path = ids && ids.length > 0 ? `/scholars/export?ids=${ids.join(",")}` : "/scholars/export";
|
||||||
const response = await apiRequest<DataExportPayload>(`/scholars/export${params}`, {
|
const response = await apiRequest<DataExportPayload>(path, {
|
||||||
method: "GET",
|
method: "GET",
|
||||||
});
|
});
|
||||||
return response.data;
|
return response.data;
|
||||||
|
|
|
||||||
|
|
@ -340,10 +340,11 @@ async def test_api_admin_dbops_forbidden_for_non_admin_and_validates_scope(db_se
|
||||||
assert forbidden_integrity.status_code == 403
|
assert forbidden_integrity.status_code == 403
|
||||||
assert forbidden_integrity.json()["error"]["code"] == "forbidden"
|
assert forbidden_integrity.json()["error"]["code"] == "forbidden"
|
||||||
|
|
||||||
forbidden_pdf_queue = client.get("/api/v1/admin/db/pdf-queue")
|
# PDF queue listing is accessible to all authenticated users (not admin-only).
|
||||||
assert forbidden_pdf_queue.status_code == 403
|
allowed_pdf_queue = client.get("/api/v1/admin/db/pdf-queue")
|
||||||
assert forbidden_pdf_queue.json()["error"]["code"] == "forbidden"
|
assert allowed_pdf_queue.status_code == 200
|
||||||
|
|
||||||
|
# But requeue actions still require admin.
|
||||||
forbidden_requeue = client.post(
|
forbidden_requeue = client.post(
|
||||||
"/api/v1/admin/db/pdf-queue/1/requeue",
|
"/api/v1/admin/db/pdf-queue/1/requeue",
|
||||||
headers=headers,
|
headers=headers,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue