You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/06/04 22:52:13 UTC
[14/16] git commit: [#1687] ticket:582 Don't check capabilities in
discussion import
[#1687] ticket:582 Don't check capabilities in discussion import
Since OAuth authentication scheme doesn't support it.
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/acabd593
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/acabd593
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/acabd593
Branch: refs/heads/master
Commit: acabd593561e9190da51d84117c69b30ece0399c
Parents: 19a50da
Author: Igor Bondarenko <je...@gmail.com>
Authored: Tue May 6 15:49:38 2014 +0300
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Tue Jun 3 15:27:23 2014 +0000
----------------------------------------------------------------------
AlluraTest/alluratest/controller.py | 3 +-
.../forgediscussion/controllers/root.py | 4 --
.../tests/functional/test_import.py | 40 --------------------
3 files changed, 1 insertion(+), 46 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/acabd593/AlluraTest/alluratest/controller.py
----------------------------------------------------------------------
diff --git a/AlluraTest/alluratest/controller.py b/AlluraTest/alluratest/controller.py
index 57d0fe4..433431f 100644
--- a/AlluraTest/alluratest/controller.py
+++ b/AlluraTest/alluratest/controller.py
@@ -197,8 +197,7 @@ class TestRestApiBase(TestController):
consumer_token_id=consumer_token._id,
user_id=user._id,
callback='manual',
- validation_pin=h.nonce(20),
- is_bearer=True)
+ validation_pin=h.nonce(20))
token = M.OAuthAccessToken(
consumer_token_id=consumer_token._id,
request_token_id=request_token._id,
http://git-wip-us.apache.org/repos/asf/allura/blob/acabd593/ForgeDiscussion/forgediscussion/controllers/root.py
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/controllers/root.py b/ForgeDiscussion/forgediscussion/controllers/root.py
index b315dca..7002109 100644
--- a/ForgeDiscussion/forgediscussion/controllers/root.py
+++ b/ForgeDiscussion/forgediscussion/controllers/root.py
@@ -349,10 +349,6 @@ class RootRestController(BaseController):
require_access(c.project, 'admin')
if username_mapping is None:
username_mapping = '{}'
- if c.api_token.get_capability('import') != [c.project.neighborhood.name, c.project.shortname]:
- log.error('Import capability is not enabled for %s',
- c.project.shortname)
- raise exc.HTTPForbidden(detail='Import is not allowed')
try:
doc = json.loads(doc)
username_mapping = json.loads(username_mapping)
http://git-wip-us.apache.org/repos/asf/allura/blob/acabd593/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/tests/functional/test_import.py b/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
index deeb349..b4f4158 100644
--- a/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
+++ b/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
@@ -35,34 +35,12 @@ class TestImportController(TestRestApiBase): # TestController):
self.app.get('/discussion/')
self.json_text = open(here_dir + '/data/sf.json').read()
- def test_no_capability(self):
- self.set_api_ticket({'import2': ['Projects', 'test']})
- resp = self.api_post('/rest/p/test/discussion/perform_import',
- doc=self.json_text)
- assert resp.status_int == 403
-
- self.set_api_ticket({'import': ['Projects', 'test2']})
- resp = self.api_post('/rest/p/test/discussion/perform_import',
- doc=self.json_text)
- assert resp.status_int == 403
-
- self.set_api_ticket({'import': ['Projects', 'test']})
- resp = self.api_post('/rest/p/test/discussion/perform_import',
- doc=self.json_text)
- assert resp.status_int == 200
-
def test_validate_import(self):
r = self.api_post('/rest/p/test/discussion/validate_import',
doc=self.json_text)
assert not r.json['errors']
def test_import_anon(self):
- api_ticket = M.ApiTicket(
- user_id=c.user._id, capabilities={'import': ['Projects', 'test']},
- expires=datetime.utcnow() + timedelta(days=1))
- ming.orm.session(api_ticket).flush()
- self.set_api_token(api_ticket)
-
r = self.api_post('/rest/p/test/discussion/perform_import',
doc=self.json_text)
assert not r.json['errors'], r.json['errors']
@@ -78,12 +56,6 @@ class TestImportController(TestRestApiBase): # TestController):
assert 'Anonymous' in str(r)
def test_import_map(self):
- api_ticket = M.ApiTicket(
- user_id=c.user._id, capabilities={'import': ['Projects', 'test']},
- expires=datetime.utcnow() + timedelta(days=1))
- ming.orm.session(api_ticket).flush()
- self.set_api_token(api_ticket)
-
r = self.api_post('/rest/p/test/discussion/perform_import',
doc=self.json_text,
username_mapping=json.dumps(dict(rick446='test-user')))
@@ -101,12 +73,6 @@ class TestImportController(TestRestApiBase): # TestController):
assert 'Anonymous' not in str(r)
def test_import_create(self):
- api_ticket = M.ApiTicket(
- user_id=c.user._id, capabilities={'import': ['Projects', 'test']},
- expires=datetime.utcnow() + timedelta(days=1))
- ming.orm.session(api_ticket).flush()
- self.set_api_token(api_ticket)
-
r = self.api_post('/rest/p/test/discussion/perform_import',
doc=self.json_text, create_users='True')
assert not r.json['errors'], r.json['errors']
@@ -122,12 +88,6 @@ class TestImportController(TestRestApiBase): # TestController):
assert 'Anonymous' not in str(r)
assert 'test-rick446' in str(r)
- def set_api_ticket(self, caps={'import': ['Projects', 'test']}):
- api_ticket = M.ApiTicket(user_id=c.user._id, capabilities=caps,
- expires=datetime.utcnow() + timedelta(days=1))
- ming.orm.session(api_ticket).flush()
- self.set_api_token(api_ticket)
-
@staticmethod
def time_normalize(t):
return t.replace('T', ' ').replace('Z', '')