Disables the user lookup endpoint

Author: stchris

aleph/tests/test_roles_api.py

@@ -20,7 +20,7 @@ def test_suggest(self):
         _, headers = self.login(is_admin=True)
         res = self.client.get("/api/2/roles/_suggest?prefix=user", headers=headers)
         assert res.status_code == 200, res
-        assert res.json["total"] >= 3, res.json
+        assert res.json["total"] == 0, res.json
 
     def test_view(self):
         res = self.client.get("/api/2/roles/%s" % self.rolex)

aleph/views/roles_api.py

@@ -1,13 +1,11 @@
 import logging
-from banal import ensure_list
 from flask_babel import gettext
 from flask import Blueprint, request
 from itsdangerous import BadSignature
 from werkzeug.exceptions import BadRequest
 
 from aleph.core import db
 from aleph.authz import Authz
-from aleph.search import QueryParser, DatabaseQueryResult
 from aleph.model import Role
 from aleph.logic.roles import challenge_role, update_role, create_user, get_deep_role
 from aleph.util import is_auto_admin
@@ -53,22 +51,12 @@ def suggest():
       - Role
     """
     require(request.authz.logged_in)
-    parser = QueryParser(request.args, request.authz, limit=10)
-    if parser.prefix is None or len(parser.prefix) < 3:
-        # Do not return 400 because it's a routine event.
-        return jsonify(
-            {
-                "status": "error",
-                "message": gettext("prefix filter is too short"),
-                "results": [],
-                "total": 0,
-            }
-        )
-    # this only returns users, not groups
-    exclude = ensure_list(parser.excludes.get("id"))
-    q = Role.by_prefix(parser.prefix, exclude=exclude)
-    result = DatabaseQueryResult(request, q, parser=parser)
-    return RoleSerializer.jsonify_result(result)
+    return jsonify(
+        {
+            "results": [],
+            "total": 0,
+        }
+    )
 
 
 @blueprint.route("/api/2/roles/code", methods=["POST"])