You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@allura.apache.org by br...@apache.org on 2013/04/24 22:02:51 UTC

[1/3] git commit: [#4370] ticket:322 Fix test failing due to changes in API permissions handling

Updated Branches:
  refs/heads/master 54cca78f4 -> a1029bfc5


[#4370] ticket:322 Fix test failing due to changes in API permissions handling


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/a1029bfc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/a1029bfc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/a1029bfc

Branch: refs/heads/master
Commit: a1029bfc57c530cbad6909997e18595e1f429239
Parents: ad54b2f
Author: Igor Bondarenko <je...@gmail.com>
Authored: Wed Apr 24 10:41:18 2013 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Wed Apr 24 20:02:25 2013 +0000

----------------------------------------------------------------------
 .../forgetracker/tests/functional/test_root.py     |    4 +---
 1 files changed, 1 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/a1029bfc/ForgeTracker/forgetracker/tests/functional/test_root.py
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/tests/functional/test_root.py b/ForgeTracker/forgetracker/tests/functional/test_root.py
index 23c0890..e193a10 100644
--- a/ForgeTracker/forgetracker/tests/functional/test_root.py
+++ b/ForgeTracker/forgetracker/tests/functional/test_root.py
@@ -328,9 +328,7 @@ class TestFunctionalController(TrackerTestController):
         r = self.app.get('/p/test/bugs/feed.atom')
         assert 'Private Ticket' not in r
         # ... or in the API ...
-        r = self.app.get('/rest/p/test/bugs/2/')
-        assert 'Private Ticket' not in r
-        assert '/auth/?return_to' in r.headers['Location']
+        r = self.app.get('/rest/p/test/bugs/2/', status=401)
         r = self.app.get('/rest/p/test/bugs/')
         assert 'Private Ticket' not in r

[2/3] git commit: [#4370] ticket:322 Don't redirect from API to login url

Posted by br...@apache.org.

[#4370] ticket:322 Don't redirect from API to login url


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/ad54b2fd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/ad54b2fd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/ad54b2fd

Branch: refs/heads/master
Commit: ad54b2fde6231bf18d7489d4c67c4050e80aef24
Parents: 3207e95
Author: Igor Bondarenko <je...@gmail.com>
Authored: Wed Apr 24 10:10:28 2013 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Wed Apr 24 20:02:25 2013 +0000

----------------------------------------------------------------------
 Allura/allura/lib/custom_middleware.py |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/ad54b2fd/Allura/allura/lib/custom_middleware.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index 6633489..6c121b4 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -93,7 +93,8 @@ class LoginRedirectMiddleware(object):
     def __call__(self, environ, start_response):
         status, headers, app_iter, exc_info = call_wsgi_application(
             self.app, environ, catch_exc_info=True)
-        if status[:3] == '401':
+        is_api_request = environ.get('PATH_INFO', '').startswith('/rest/')
+        if status[:3] == '401' and not is_api_request:
             login_url = tg.config.get('auth.login_url', '/auth/')
             if environ['REQUEST_METHOD'] == 'GET':
                 return_to = environ['PATH_INFO']

[3/3] git commit: [#4370] ticket:322 Test for REST API permissions

Posted by br...@apache.org.

[#4370] ticket:322 Test for REST API permissions


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/3207e959
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/3207e959
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/3207e959

Branch: refs/heads/master
Commit: 3207e959ac1e12e98e6b55f3b6475d0e103b3a9e
Parents: 54cca78
Author: Igor Bondarenko <je...@gmail.com>
Authored: Wed Apr 24 09:43:57 2013 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Wed Apr 24 20:02:25 2013 +0000

----------------------------------------------------------------------
 Allura/allura/tests/functional/test_rest.py |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/3207e959/Allura/allura/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_rest.py b/Allura/allura/tests/functional/test_rest.py
index aaba26b..68f769f 100644
--- a/Allura/allura/tests/functional/test_rest.py
+++ b/Allura/allura/tests/functional/test_rest.py
@@ -19,9 +19,12 @@
 
 from datetime import datetime, timedelta
 
+from nose.tools import assert_equal
+
 from allura.tests import decorators as td
 from alluratest.controller import TestRestApiBase
 from allura.lib import helpers as h
+from allura import model as M
 
 class TestRestHome(TestRestApiBase):
 
@@ -77,3 +80,19 @@ class TestRestHome(TestRestApiBase):
         assert r.status_int == 200
         assert r.json['title'].encode('utf-8') == 'tést', r.json
 
+    @td.with_wiki
+    def test_deny_access(self):
+        wiki = M.Project.query.get(shortname='test').app_instance('wiki')
+        anon_read_perm = M.ACE.allow(M.ProjectRole.by_name('*anonymous')._id, 'read')
+        auth_read_perm = M.ACE.allow(M.ProjectRole.by_name('*authenticated')._id, 'read')
+        acl = wiki.config.acl
+        if anon_read_perm in acl:
+            acl.remove(anon_read_perm)
+        if auth_read_perm in acl:
+            acl.remove(auth_read_perm)
+        self.app.get('/rest/p/test/wiki/Home/',
+                     extra_environ={'username': '*anonymous'},
+                     status=401)
+        self.app.get('/rest/p/test/wiki/Home/',
+                     extra_environ={'username': 'test-user-0'},
+                     status=401)