You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2015/12/15 16:48:58 UTC
[05/12] allura git commit: [#8023] ticket:867 added check
authorization, changed check user rights
[#8023] ticket:867 added check authorization, changed check user rights
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/074aa60e
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/074aa60e
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/074aa60e
Branch: refs/heads/master
Commit: 074aa60e7486b3629bca696fe5b87801a12cac6c
Parents: 353d8a2
Author: Denis Kotov <de...@gmail.com>
Authored: Thu Dec 3 16:26:14 2015 +0200
Committer: Dave Brondsema <da...@brondsema.net>
Committed: Tue Dec 15 10:05:56 2015 -0500
----------------------------------------------------------------------
Allura/allura/lib/plugin.py | 6 +++++-
Allura/allura/tests/test_plugin.py | 20 ++++++++++++++++----
2 files changed, 21 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/074aa60e/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index e2f6e5b..8b7a282 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -1316,7 +1316,11 @@ class ThemeProvider(object):
note = SiteNotification.current()
if note is None:
return None
- if note.user_role is not None and not c.user.my_projects_by_role_name(note.user_role).first():
+ if note.user_role is not None and c.user.is_anonymous():
+ return None
+ projects = c.user.my_projects_by_role_name(note.user_role)
+ if note.user_role is not None and \
+ projects.count() == 0 or (projects.count() == 1 and projects.first().is_user_project):
return None
cookie = request.cookies.get('site-notification', '').split('-')
if len(cookie) == 3 and cookie[0] == str(note._id):
http://git-wip-us.apache.org/repos/asf/allura/blob/074aa60e/Allura/allura/tests/test_plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_plugin.py b/Allura/allura/tests/test_plugin.py
index bf05335..0d55330 100644
--- a/Allura/allura/tests/test_plugin.py
+++ b/Allura/allura/tests/test_plugin.py
@@ -384,13 +384,25 @@ class TestThemeProvider(object):
def test_get_site_notification_with_role(self, SiteNotification, User):
note = SiteNotification.current.return_value
note.user_role = 'Test'
- first = User.my_projects_by_role_name.return_value.first
- first.return_value = True
- assert_is(ThemeProvider().get_site_notification(), note)
+ projects = User.my_projects_by_role_name.return_value
+
+ User.is_anonymous.return_value = True
+ assert_is(ThemeProvider().get_site_notification(), None)
+
+ User.is_anonymous.return_value = False
+ projects.count.return_value = 0
+ assert_is(ThemeProvider().get_site_notification(), None)
- first.return_value = False
+ projects.count.return_value = 1
+ projects.first.return_value.is_user_project = True
assert_is(ThemeProvider().get_site_notification(), None)
+ projects.first.return_value.is_user_project = False
+ assert_is(ThemeProvider().get_site_notification(), note)
+
+ projects.count.return_value = 2
+ assert_is(ThemeProvider().get_site_notification(), note)
+
@patch('allura.model.notification.SiteNotification')
def test_get_site_notification_without_role(self, SiteNotification):
note = SiteNotification.current.return_value