You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@esme.apache.org by es...@apache.org on 2010/01/03 00:23:10 UTC
svn commit: r895310 - in /incubator/esme/trunk/server/src:
main/scala/org/apache/esme/api/API2.scala
test/scala/org/apache/esme/api/API2Test.scala
Author: esjewett
Date: Sat Jan 2 23:23:08 2010
New Revision: 895310
URL: http://svn.apache.org/viewvc?rev=895310&view=rev
Log:
[ESME-138] Implement streaming for streaming API endpoints >> Fixes pool authorization bug, with new unit test
Modified:
incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/API2.scala
incubator/esme/trunk/server/src/test/scala/org/apache/esme/api/API2Test.scala
Modified: incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/API2.scala
URL: http://svn.apache.org/viewvc/incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/API2.scala?rev=895310&r1=895309&r2=895310&view=diff
==============================================================================
--- incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/API2.scala (original)
+++ incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/API2.scala Sat Jan 2 23:23:08 2010
@@ -80,6 +80,11 @@
if !User.checkRole("integration-admin") => unAuthorized
case Req("api2" :: "users" :: _ :: tokens :: Nil, _, PostRequest)
if !User.checkRole("integration-admin") => unAuthorized
+ case Req("api2" :: "pools" :: poolId :: _, _, GetRequest)
+ if !Privilege.hasPermission(
+ User.currentUserId.openOr("0").toLong,
+ poolId.toLong,
+ Permission.Read) => unAuthorized
}
def dispatch: LiftRules.DispatchPF = {
Modified: incubator/esme/trunk/server/src/test/scala/org/apache/esme/api/API2Test.scala
URL: http://svn.apache.org/viewvc/incubator/esme/trunk/server/src/test/scala/org/apache/esme/api/API2Test.scala?rev=895310&r1=895309&r2=895310&view=diff
==============================================================================
--- incubator/esme/trunk/server/src/test/scala/org/apache/esme/api/API2Test.scala (original)
+++ incubator/esme/trunk/server/src/test/scala/org/apache/esme/api/API2Test.scala Sat Jan 2 23:23:08 2010
@@ -668,7 +668,7 @@
(mess_res.xml \ "messages") must \\(<id>{theUser.id.toString}</id>)
(mess_res.xml \ "messages") must \\(<body>test message for pool delta</body>)
}
- }
+ }
"with no session returns 403 (forbidden)" in {
for (session_res <- get("pools/1/messages")) {
@@ -723,6 +723,28 @@
} {
res.code must be equalTo 200
}
+ }
+
+ "with valid session and new messages but no pool authorization returns 403 (forbidden)" in {
+ val new_user = find_or_create_user("tester6")
+ val new_toke = AuthToken.create.user(new_user).saveMe
+ val new_token = new_toke.uniqueId.is
+
+ for{
+ sess <- post_session
+ sessNoAuth <- post("session", "token" -> new_token)
+ pool_res <- sess.post("pools", "poolName" -> "test_pool6")
+ init <- sessNoAuth.get("pools/6/messages")
+ timeout <- sleep(2000)
+ mess_res1 <- sess.post("user/messages",
+ "message" -> "test message for pool delta",
+ "pool" -> "test_pool6")
+ timeout <- sleep(2000)
+ mess_res <- sessNoAuth.get("pools/6/messages")
+ } {
+ mess_res.code must be equalTo 403
+ init.code must be equalTo 403
+ }
}
"with no session returns 403 (forbidden)" in {