From 673edc294f26bae8a4d059cd2eff1508094c2d22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jes=C3=BAs=20Espino?= <jesus.espino@kaleidos.net>
Date: Thu, 2 Oct 2014 01:44:48 +0200
Subject: [PATCH] Fix small test fails introduced in the commit 27f12f7

---
 taiga/users/api.py                               | 16 +++++++++++++++-
 .../test_users_resources.py                      |  8 ++++----
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/taiga/users/api.py b/taiga/users/api.py
index 89fd9429..cc8edf86 100644
--- a/taiga/users/api.py
+++ b/taiga/users/api.py
@@ -54,6 +54,10 @@ class MembersFilterBackend(BaseFilterBackend):
                 return queryset.filter(Q(memberships__project=project) | Q(id=project.owner.id)).distinct()
             else:
                 raise exc.PermissionDenied(_("You don't have permisions to see this project users."))
+
+        if request.user.is_superuser:
+            return queryset
+
         return []
 
 
@@ -61,11 +65,21 @@ class UsersViewSet(ModelCrudViewSet):
     permission_classes = (permissions.UserPermission,)
     serializer_class = serializers.UserSerializer
     queryset = models.User.objects.all()
-    filter_backends = (MembersFilterBackend,)
 
     def create(self, *args, **kwargs):
         raise exc.NotSupported()
 
+    def list(self, request, *args, **kwargs):
+        self.object_list = MembersFilterBackend().filter_queryset(request, self.get_queryset(), self)
+
+        page = self.paginate_queryset(self.object_list)
+        if page is not None:
+            serializer = self.get_pagination_serializer(page)
+        else:
+            serializer = self.get_serializer(self.object_list, many=True)
+
+        return Response(serializer.data)
+
     @list_route(methods=["POST"])
     def password_recovery(self, request, pk=None):
         username_or_email = request.DATA.get('username', None)
diff --git a/tests/integration/resources_permissions/test_users_resources.py b/tests/integration/resources_permissions/test_users_resources.py
index 63492a6a..90bf1f98 100644
--- a/tests/integration/resources_permissions/test_users_resources.py
+++ b/tests/integration/resources_permissions/test_users_resources.py
@@ -44,7 +44,7 @@ def test_user_retrieve(client, data):
     ]
 
     results = helper_test_http_method(client, 'get', url, None, users)
-    assert results == [200, 200, 200, 200]
+    assert results == [401, 200, 403, 200]
 
 
 def test_user_update(client, data):
@@ -82,21 +82,21 @@ def test_user_list(client, data):
 
     response = client.get(url)
     users_data = json.loads(response.content.decode('utf-8'))
-    assert len(users_data) == 3
+    assert len(users_data) == 0
     assert response.status_code == 200
 
     client.login(data.registered_user)
 
     response = client.get(url)
     users_data = json.loads(response.content.decode('utf-8'))
-    assert len(users_data) == 3
+    assert len(users_data) == 0
     assert response.status_code == 200
 
     client.login(data.other_user)
 
     response = client.get(url)
     users_data = json.loads(response.content.decode('utf-8'))
-    assert len(users_data) == 3
+    assert len(users_data) == 0
     assert response.status_code == 200
 
     client.login(data.superuser)