You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/04/15 16:55:46 UTC
[1/2] git commit: [#7317] ticket:573 Fix test failures when running
together
Repository: allura
Updated Branches:
refs/heads/master fcb2f34ae -> b2cda197e
[#7317] ticket:573 Fix test failures when running together
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/b2cda197
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/b2cda197
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/b2cda197
Branch: refs/heads/master
Commit: b2cda197e5cf27f1a98f27f9b7c71cea676f938d
Parents: c455ec5
Author: Igor Bondarenko <je...@gmail.com>
Authored: Mon Apr 14 16:56:55 2014 +0300
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Tue Apr 15 14:55:12 2014 +0000
----------------------------------------------------------------------
Allura/allura/tests/test_globals.py | 1 +
1 file changed, 1 insertion(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/b2cda197/Allura/allura/tests/test_globals.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_globals.py b/Allura/allura/tests/test_globals.py
index 3fd7a2a..912fd66 100644
--- a/Allura/allura/tests/test_globals.py
+++ b/Allura/allura/tests/test_globals.py
@@ -282,6 +282,7 @@ def test_macro_include_extra_br():
'''.strip().replace('\n', '')
assert html.strip().replace('\n', '') == expected_html, html
+@with_setup(setUp, tearDown)
@td.with_wiki
@td.with_tool('test', 'Wiki', 'wiki2')
def test_macro_include_permissions():
[2/2] git commit: [#7317] ticket:573 Check permissions in include
macro
Posted by br...@apache.org.
[#7317] ticket:573 Check permissions in include macro
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/c455ec57
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/c455ec57
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/c455ec57
Branch: refs/heads/master
Commit: c455ec57904a061154b9c7a960fbe8de54f5ff33
Parents: fcb2f34
Author: Igor Bondarenko <je...@gmail.com>
Authored: Mon Apr 14 13:37:13 2014 +0300
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Tue Apr 15 14:55:12 2014 +0000
----------------------------------------------------------------------
Allura/allura/lib/macro.py | 6 +++-
Allura/allura/tests/test_globals.py | 34 +++++++++++++++++++-
.../tests/functional/test_controllers.py | 11 +++++++
3 files changed, 49 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/c455ec57/Allura/allura/lib/macro.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/macro.py b/Allura/allura/lib/macro.py
index 87a09af..fd0ef58 100644
--- a/Allura/allura/lib/macro.py
+++ b/Allura/allura/lib/macro.py
@@ -348,8 +348,10 @@ def include_file(repo, path=None, rev=None, **kw):
app = parse_repo(repo)
if not app:
return '[[include repo %s (not found)]]' % repo
- rev = app.repo.head if rev is None else rev
+ if not h.has_access(app.repo, 'read')():
+ return "[[include: you don't have a read permission for repo %s]]" % repo
+ rev = app.repo.head if rev is None else rev
try:
file = app.repo.commit(rev).get_path(path)
except Exception:
@@ -383,6 +385,8 @@ def include(ref=None, repo=None, **kw):
artifact = link.ref.artifact
if artifact is None:
return '[[include (artifact not found)]]' % ref
+ if not h.has_access(artifact, 'read')():
+ return "[[include: you don't have a read permission for %s]]" % ref
included = request.environ.setdefault('allura.macro.included', set())
if artifact in included:
return '[[include %s (already included)]' % ref
http://git-wip-us.apache.org/repos/asf/allura/blob/c455ec57/Allura/allura/tests/test_globals.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_globals.py b/Allura/allura/tests/test_globals.py
index 72daa75..3fd7a2a 100644
--- a/Allura/allura/tests/test_globals.py
+++ b/Allura/allura/tests/test_globals.py
@@ -26,7 +26,7 @@ import hashlib
from mock import patch
from bson import ObjectId
-from nose.tools import with_setup, assert_equal, assert_in
+from nose.tools import with_setup, assert_equal, assert_in, assert_not_in
from pylons import tmpl_context as c, app_globals as g
import tg
@@ -282,6 +282,38 @@ def test_macro_include_extra_br():
'''.strip().replace('\n', '')
assert html.strip().replace('\n', '') == expected_html, html
+@td.with_wiki
+@td.with_tool('test', 'Wiki', 'wiki2')
+def test_macro_include_permissions():
+ p_nbhd = M.Neighborhood.query.get(name='Projects')
+ p_test = M.Project.query.get(shortname='test', neighborhood_id=p_nbhd._id)
+ wiki = p_test.app_instance('wiki')
+ wiki2 = p_test.app_instance('wiki2')
+ with h.push_context(p_test._id, app_config_id=wiki.config._id):
+ p = WM.Page.upsert(title='CanRead')
+ p.text = 'Can see this!'
+ p.commit()
+ ThreadLocalORMSession.flush_all()
+
+ with h.push_context(p_test._id, app_config_id=wiki2.config._id):
+ role = M.ProjectRole.by_name('*anonymous')._id
+ read_perm = M.ACE.allow(role, 'read')
+ acl = c.app.config.acl
+ if read_perm in acl:
+ acl.remove(read_perm)
+ p = WM.Page.upsert(title='CanNotRead')
+ p.text = 'Can not see this!'
+ p.commit()
+ ThreadLocalORMSession.flush_all()
+
+ with h.push_context(p_test._id, app_config_id=wiki.config._id):
+ c.user = M.User.anonymous()
+ md = '[[include ref=CanRead]]\n[[include ref=wiki2:CanNotRead]]'
+ html = g.markdown_wiki.convert(md)
+ assert_in('Can see this!', html)
+ assert_not_in('Can not see this!', html)
+ assert_in("[[include: you don't have a read permission for wiki2:CanNotRead]]", html)
+
@patch('oembed.OEmbedEndpoint.fetch')
def test_macro_embed(oembed_fetch):
http://git-wip-us.apache.org/repos/asf/allura/blob/c455ec57/ForgeGit/forgegit/tests/functional/test_controllers.py
----------------------------------------------------------------------
diff --git a/ForgeGit/forgegit/tests/functional/test_controllers.py b/ForgeGit/forgegit/tests/functional/test_controllers.py
index 47455a9..3af6f1b 100644
--- a/ForgeGit/forgegit/tests/functional/test_controllers.py
+++ b/ForgeGit/forgegit/tests/functional/test_controllers.py
@@ -775,6 +775,17 @@ class TestIncludeMacro(_TestCase):
assert_equal(macro.include_file('a:b'), expected % 'a:b')
assert_equal(macro.include_file('repo'), expected % 'repo')
+ def test_include_file_permissions(self):
+ h.set_context('test', 'src-git', neighborhood='Projects')
+ role = M.ProjectRole.by_name('*anonymous')._id
+ read_perm = M.ACE.allow(role, 'read')
+ acl = c.app.config.acl
+ if read_perm in acl:
+ acl.remove(read_perm)
+ c.user = M.User.anonymous()
+ expected = "[[include: you don't have a read permission for repo src-git]]"
+ assert_equal(macro.include_file('src-git'), expected)
+
def test_include_file_cant_find_file(self):
expected = "[[include can't find file %s in revision %s]]"
assert_equal(macro.include_file('src-git', 'a.txt'),