You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2013/05/24 19:04:50 UTC

[14/50] git commit: [#4862] Fix ticket visibility in subproject tracker

[#4862] Fix ticket visibility in subproject tracker

Signed-off-by: Tim Van Steenburgh <tv...@gmail.com>


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/b897690f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/b897690f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/b897690f

Branch: refs/heads/db/6255
Commit: b897690fc5ab79cf78a2b5d69ed52527cad6baa2
Parents: da3c843
Author: Tim Van Steenburgh <tv...@gmail.com>
Authored: Tue May 21 10:48:29 2013 -0400
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Wed May 22 18:23:16 2013 +0000

----------------------------------------------------------------------
 ForgeTracker/forgetracker/model/ticket.py          |    4 +-
 .../forgetracker/tests/functional/test_root.py     |   24 +++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/b897690f/ForgeTracker/forgetracker/model/ticket.py
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/model/ticket.py b/ForgeTracker/forgetracker/model/ticket.py
index fa470be..156e147 100644
--- a/ForgeTracker/forgetracker/model/ticket.py
+++ b/ForgeTracker/forgetracker/model/ticket.py
@@ -766,7 +766,7 @@ class Ticket(VersionedArtifact, ActivityObject, VotableArtifact):
         tickets = []
         count = q.count()
         for t in q:
-            if security.has_access(t, 'read', user, app_config.project):
+            if security.has_access(t, 'read', user, app_config.project.root_project):
                 tickets.append(t)
             else:
                 count = count -1
@@ -830,7 +830,7 @@ class Ticket(VersionedArtifact, ActivityObject, VotableArtifact):
             for tn in ticket_numbers:
                 if tn in ticket_for_num:
                     show_deleted = show_deleted and security.has_access(ticket_for_num[tn], 'delete', user, app_config.project)
-                    if (security.has_access(ticket_for_num[tn], 'read', user, app_config.project) and
+                    if (security.has_access(ticket_for_num[tn], 'read', user, app_config.project.root_project) and
                         (show_deleted or ticket_for_num[tn].deleted==False)):
                         tickets.append(ticket_for_num[tn])
                     else:

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/b897690f/ForgeTracker/forgetracker/tests/functional/test_root.py
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/tests/functional/test_root.py b/ForgeTracker/forgetracker/tests/functional/test_root.py
index 8d2deb0..a934c76 100644
--- a/ForgeTracker/forgetracker/tests/functional/test_root.py
+++ b/ForgeTracker/forgetracker/tests/functional/test_root.py
@@ -173,6 +173,30 @@ def post_install_update_ticket_permission(app):
     app.config.acl.append(M.ACE.allow(role, 'update'))
 
 
+class TestSubprojectTrackerController(TrackerTestController):
+    @td.with_tool('test/sub1', 'Tickets', 'tickets')
+    def test_index_page_ticket_visibility(self):
+        """Test that non-admin users can see tickets created by admins."""
+        self.new_ticket(summary="my ticket", mount_point="/sub1/tickets/")
+        ThreadLocalORMSession.flush_all()
+        M.MonQTask.run_ready()
+        ThreadLocalORMSession.flush_all()
+        response = self.app.get('/p/test/sub1/tickets/',
+                extra_environ=dict(username='*anonymous'))
+        assert 'my ticket' in response
+
+    @td.with_tool('test/sub1', 'Tickets', 'tickets')
+    def test_search_page_ticket_visibility(self):
+        """Test that non-admin users can see tickets created by admins."""
+        self.new_ticket(summary="my ticket", mount_point="/sub1/tickets/")
+        ThreadLocalORMSession.flush_all()
+        M.MonQTask.run_ready()
+        ThreadLocalORMSession.flush_all()
+        response = self.app.get('/p/test/sub1/tickets/search/?q=my',
+                extra_environ=dict(username='*anonymous'))
+        assert 'my ticket' in response, response.showbrowser()
+
+
 class TestFunctionalController(TrackerTestController):
     def test_bad_ticket_number(self):
         self.app.get('/bugs/input.project_user_select', status=404)