You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by je...@apache.org on 2015/02/25 16:33:22 UTC

[23/28] allura git commit: [#7832] ticket:731 Test for permissions

[#7832] ticket:731 Test for permissions


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/ae703030
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/ae703030
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/ae703030

Branch: refs/heads/ib/7832
Commit: ae703030da06b6738d94f0c7b790fa4bbfbbb16a
Parents: c1a4553
Author: Igor Bondarenko <je...@gmail.com>
Authored: Mon Feb 23 10:34:35 2015 +0000
Committer: Igor Bondarenko <je...@gmail.com>
Committed: Wed Feb 25 13:51:06 2015 +0000

----------------------------------------------------------------------
 Allura/allura/tests/test_webhooks.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/ae703030/Allura/allura/tests/test_webhooks.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_webhooks.py b/Allura/allura/tests/test_webhooks.py
index 50a9803..a336f32 100644
--- a/Allura/allura/tests/test_webhooks.py
+++ b/Allura/allura/tests/test_webhooks.py
@@ -894,3 +894,17 @@ class TestWebhookRestController(TestRestApiBase):
         dd.assert_equal(r.json, {u'result': u'ok'})
         assert_equal(M.Webhook.query.find().count(), 2)
         assert_equal(M.Webhook.query.get(_id=webhook._id), None)
+
+    def test_permissions(self):
+        self.api_get(self.url, user='test-user', status=403)
+        self.api_get(self.url, user='*anonymous', status=401)
+        url = self.url + '/repo-push/'
+        self.api_post(url, user='test-user', status=403)
+        self.api_post(url, user='*anonymous', status=401)
+        url = self.url + '/repo-push/' + str(self.webhooks[0]._id)
+        self.api_get(url, user='test-user', status=403)
+        self.api_get(url, user='*anonymous', status=401)
+        self.api_post(url, user='test-user', status=403)
+        self.api_post(url, user='*anonymous', status=401)
+        self.api_delete(url, user='test-user', status=403)
+        self.api_delete(url, user='*anonymous', status=401)