You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by je...@apache.org on 2015/05/15 12:29:48 UTC

[04/10] allura git commit: [#7633] ticket:768 Add has_access API for ForgeDiscussion

[#7633] ticket:768 Add has_access API for ForgeDiscussion


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/cdcd3d2a
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/cdcd3d2a
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/cdcd3d2a

Branch: refs/heads/ib/7633
Commit: cdcd3d2a9b4958c1039bb1386100eef5654fe023
Parents: 1bbb806
Author: Igor Bondarenko <je...@gmail.com>
Authored: Thu May 14 15:33:34 2015 +0000
Committer: Igor Bondarenko <je...@gmail.com>
Committed: Thu May 14 15:33:34 2015 +0000

----------------------------------------------------------------------
 .../forgediscussion/controllers/root.py         |  3 +-
 .../tests/functional/test_rest.py               | 40 ++++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/cdcd3d2a/ForgeDiscussion/forgediscussion/controllers/root.py
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/controllers/root.py b/ForgeDiscussion/forgediscussion/controllers/root.py
index 7548cd0..55f27a5 100644
--- a/ForgeDiscussion/forgediscussion/controllers/root.py
+++ b/ForgeDiscussion/forgediscussion/controllers/root.py
@@ -37,6 +37,7 @@ from allura.lib import helpers as h
 from allura.lib.utils import AntiSpam
 from allura.lib.decorators import require_post
 from allura.controllers import BaseController, DispatchIndex
+from allura.controllers.rest import AppRestControllerMixin
 from allura.controllers.feed import FeedArgs, FeedController
 
 from .forum import ForumController
@@ -299,7 +300,7 @@ class RootController(BaseController, DispatchIndex, FeedController):
         )
 
 
-class RootRestController(BaseController):
+class RootRestController(BaseController, AppRestControllerMixin):
 
     def _check_security(self):
         require_access(c.app, 'read')

http://git-wip-us.apache.org/repos/asf/allura/blob/cdcd3d2a/ForgeDiscussion/forgediscussion/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/tests/functional/test_rest.py b/ForgeDiscussion/forgediscussion/tests/functional/test_rest.py
index 1b7d080..1f64eb5 100644
--- a/ForgeDiscussion/forgediscussion/tests/functional/test_rest.py
+++ b/ForgeDiscussion/forgediscussion/tests/functional/test_rest.py
@@ -247,3 +247,43 @@ class TestRootRestController(TestDiscussionApiBase):
                          extra_environ={'username': '*anonymous'})
         assert_equal(len(r.json['forums']), 1)
         assert_equal(r.json['forums'][0]['shortname'], 'general')
+
+    def test_has_access_no_params(self):
+        r = self.api_get('/rest/p/test/discussion/has_access', status=404)
+        r = self.api_get('/rest/p/test/discussion/has_access?user=root', status=404)
+        r = self.api_get('/rest/p/test/discussion/has_access?perm=read', status=404)
+
+    def test_has_access_unknown_params(self):
+        """Unknown user and/or permission always False for has_access API"""
+        r = self.api_get(
+            '/rest/p/test/discussion/has_access?user=babadook&perm=read',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+        r = self.api_get(
+            '/rest/p/test/discussion/has_access?user=test-user&perm=jump',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+
+    def test_has_access_not_admin(self):
+        """
+        User which has no 'admin' permission on neighborhood can't use
+        has_access API
+        """
+        self.api_get(
+            '/rest/p/test/discussion/has_access?user=test-admin&perm=admin',
+            user='test-user',
+            status=403)
+
+    def test_has_access(self):
+        r = self.api_get(
+            '/rest/p/test/discussion/has_access?user=test-admin&perm=post',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], True)
+        r = self.api_get(
+            '/rest/p/test/discussion/has_access?user=*anonymous&perm=admin',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)