You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2013/04/24 22:02:51 UTC
[1/3] git commit: [#4370] ticket:322 Fix test failing due to changes
in API permissions handling
Updated Branches:
refs/heads/master 54cca78f4 -> a1029bfc5
[#4370] ticket:322 Fix test failing due to changes in API permissions handling
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/a1029bfc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/a1029bfc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/a1029bfc
Branch: refs/heads/master
Commit: a1029bfc57c530cbad6909997e18595e1f429239
Parents: ad54b2f
Author: Igor Bondarenko <je...@gmail.com>
Authored: Wed Apr 24 10:41:18 2013 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Wed Apr 24 20:02:25 2013 +0000
----------------------------------------------------------------------
.../forgetracker/tests/functional/test_root.py | 4 +---
1 files changed, 1 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/a1029bfc/ForgeTracker/forgetracker/tests/functional/test_root.py
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/tests/functional/test_root.py b/ForgeTracker/forgetracker/tests/functional/test_root.py
index 23c0890..e193a10 100644
--- a/ForgeTracker/forgetracker/tests/functional/test_root.py
+++ b/ForgeTracker/forgetracker/tests/functional/test_root.py
@@ -328,9 +328,7 @@ class TestFunctionalController(TrackerTestController):
r = self.app.get('/p/test/bugs/feed.atom')
assert 'Private Ticket' not in r
# ... or in the API ...
- r = self.app.get('/rest/p/test/bugs/2/')
- assert 'Private Ticket' not in r
- assert '/auth/?return_to' in r.headers['Location']
+ r = self.app.get('/rest/p/test/bugs/2/', status=401)
r = self.app.get('/rest/p/test/bugs/')
assert 'Private Ticket' not in r
[2/3] git commit: [#4370] ticket:322 Don't redirect from API to login
url
Posted by br...@apache.org.
[#4370] ticket:322 Don't redirect from API to login url
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/ad54b2fd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/ad54b2fd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/ad54b2fd
Branch: refs/heads/master
Commit: ad54b2fde6231bf18d7489d4c67c4050e80aef24
Parents: 3207e95
Author: Igor Bondarenko <je...@gmail.com>
Authored: Wed Apr 24 10:10:28 2013 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Wed Apr 24 20:02:25 2013 +0000
----------------------------------------------------------------------
Allura/allura/lib/custom_middleware.py | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/ad54b2fd/Allura/allura/lib/custom_middleware.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index 6633489..6c121b4 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -93,7 +93,8 @@ class LoginRedirectMiddleware(object):
def __call__(self, environ, start_response):
status, headers, app_iter, exc_info = call_wsgi_application(
self.app, environ, catch_exc_info=True)
- if status[:3] == '401':
+ is_api_request = environ.get('PATH_INFO', '').startswith('/rest/')
+ if status[:3] == '401' and not is_api_request:
login_url = tg.config.get('auth.login_url', '/auth/')
if environ['REQUEST_METHOD'] == 'GET':
return_to = environ['PATH_INFO']
[3/3] git commit: [#4370] ticket:322 Test for REST API permissions
Posted by br...@apache.org.
[#4370] ticket:322 Test for REST API permissions
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/3207e959
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/3207e959
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/3207e959
Branch: refs/heads/master
Commit: 3207e959ac1e12e98e6b55f3b6475d0e103b3a9e
Parents: 54cca78
Author: Igor Bondarenko <je...@gmail.com>
Authored: Wed Apr 24 09:43:57 2013 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Wed Apr 24 20:02:25 2013 +0000
----------------------------------------------------------------------
Allura/allura/tests/functional/test_rest.py | 19 +++++++++++++++++++
1 files changed, 19 insertions(+), 0 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/3207e959/Allura/allura/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_rest.py b/Allura/allura/tests/functional/test_rest.py
index aaba26b..68f769f 100644
--- a/Allura/allura/tests/functional/test_rest.py
+++ b/Allura/allura/tests/functional/test_rest.py
@@ -19,9 +19,12 @@
from datetime import datetime, timedelta
+from nose.tools import assert_equal
+
from allura.tests import decorators as td
from alluratest.controller import TestRestApiBase
from allura.lib import helpers as h
+from allura import model as M
class TestRestHome(TestRestApiBase):
@@ -77,3 +80,19 @@ class TestRestHome(TestRestApiBase):
assert r.status_int == 200
assert r.json['title'].encode('utf-8') == 'tést', r.json
+ @td.with_wiki
+ def test_deny_access(self):
+ wiki = M.Project.query.get(shortname='test').app_instance('wiki')
+ anon_read_perm = M.ACE.allow(M.ProjectRole.by_name('*anonymous')._id, 'read')
+ auth_read_perm = M.ACE.allow(M.ProjectRole.by_name('*authenticated')._id, 'read')
+ acl = wiki.config.acl
+ if anon_read_perm in acl:
+ acl.remove(anon_read_perm)
+ if auth_read_perm in acl:
+ acl.remove(auth_read_perm)
+ self.app.get('/rest/p/test/wiki/Home/',
+ extra_environ={'username': '*anonymous'},
+ status=401)
+ self.app.get('/rest/p/test/wiki/Home/',
+ extra_environ={'username': 'test-user-0'},
+ status=401)