You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/06/04 22:52:11 UTC
[12/16] git commit: [#1687] ticket:589 Check if token allowed to
import forum
[#1687] ticket:589 Check if token allowed to import forum
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/fd00be03
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/fd00be03
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/fd00be03
Branch: refs/heads/master
Commit: fd00be035d37c0b7e4218f1e33d7ddaccbc6baaf
Parents: 2392ea7
Author: Igor Bondarenko <je...@gmail.com>
Authored: Wed May 28 13:47:51 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Tue Jun 3 15:27:23 2014 +0000
----------------------------------------------------------------------
Allura/allura/model/oauth.py | 8 ++
.../forgediscussion/controllers/root.py | 5 +-
.../tests/functional/test_import.py | 134 ++++++++-----------
3 files changed, 65 insertions(+), 82 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/fd00be03/Allura/allura/model/oauth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/model/oauth.py b/Allura/allura/model/oauth.py
index 86dcb42..b09a8ec 100644
--- a/Allura/allura/model/oauth.py
+++ b/Allura/allura/model/oauth.py
@@ -21,6 +21,8 @@ import oauth2 as oauth
from pylons import tmpl_context as c, app_globals as g
import pymongo
+from paste.deploy.converters import aslist
+from tg import config
from ming import schema as S
from ming.orm import session
from ming.orm import FieldProperty, RelationProperty, ForeignIdProperty
@@ -134,3 +136,9 @@ class OAuthAccessToken(OAuthToken):
if user is None:
user = c.user
return cls.query.find(dict(user_id=user._id, type='access')).all()
+
+ def can_import_forum(self):
+ tokens = aslist(config.get('oauth.can_import_forum', ''), ',')
+ if self.api_key in tokens:
+ return True
+ return False
http://git-wip-us.apache.org/repos/asf/allura/blob/fd00be03/ForgeDiscussion/forgediscussion/controllers/root.py
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/controllers/root.py b/ForgeDiscussion/forgediscussion/controllers/root.py
index b315dca..9256662 100644
--- a/ForgeDiscussion/forgediscussion/controllers/root.py
+++ b/ForgeDiscussion/forgediscussion/controllers/root.py
@@ -349,9 +349,8 @@ class RootRestController(BaseController):
require_access(c.project, 'admin')
if username_mapping is None:
username_mapping = '{}'
- if c.api_token.get_capability('import') != [c.project.neighborhood.name, c.project.shortname]:
- log.error('Import capability is not enabled for %s',
- c.project.shortname)
+ if not c.api_token.can_import_forum():
+ log.error('Import capability is not enabled for %s', c.project.shortname)
raise exc.HTTPForbidden(detail='Import is not allowed')
try:
doc = json.loads(doc)
http://git-wip-us.apache.org/repos/asf/allura/blob/fd00be03/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/tests/functional/test_import.py b/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
index deeb349..73b0a8f 100644
--- a/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
+++ b/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
@@ -21,9 +21,11 @@ from datetime import datetime, timedelta
from nose.tools import assert_equal
import ming
+from tg import config
from pylons import tmpl_context as c
from allura import model as M
+from allura.lib import helpers as h
from alluratest.controller import TestRestApiBase
@@ -36,20 +38,15 @@ class TestImportController(TestRestApiBase): # TestController):
self.json_text = open(here_dir + '/data/sf.json').read()
def test_no_capability(self):
- self.set_api_ticket({'import2': ['Projects', 'test']})
- resp = self.api_post('/rest/p/test/discussion/perform_import',
- doc=self.json_text)
- assert resp.status_int == 403
+ with h.push_config(config, **{'oauth.can_import_forum': 'some,fake,tokens'}):
+ resp = self.api_post('/rest/p/test/discussion/perform_import',
+ doc=self.json_text)
+ assert resp.status_int == 403
- self.set_api_ticket({'import': ['Projects', 'test2']})
- resp = self.api_post('/rest/p/test/discussion/perform_import',
- doc=self.json_text)
- assert resp.status_int == 403
-
- self.set_api_ticket({'import': ['Projects', 'test']})
- resp = self.api_post('/rest/p/test/discussion/perform_import',
- doc=self.json_text)
- assert resp.status_int == 200
+ with h.push_config(config, **{'oauth.can_import_forum': self.token('test-admin').api_key}):
+ resp = self.api_post('/rest/p/test/discussion/perform_import',
+ doc=self.json_text)
+ assert resp.status_int == 200
def test_validate_import(self):
r = self.api_post('/rest/p/test/discussion/validate_import',
@@ -57,76 +54,55 @@ class TestImportController(TestRestApiBase): # TestController):
assert not r.json['errors']
def test_import_anon(self):
- api_ticket = M.ApiTicket(
- user_id=c.user._id, capabilities={'import': ['Projects', 'test']},
- expires=datetime.utcnow() + timedelta(days=1))
- ming.orm.session(api_ticket).flush()
- self.set_api_token(api_ticket)
-
- r = self.api_post('/rest/p/test/discussion/perform_import',
- doc=self.json_text)
- assert not r.json['errors'], r.json['errors']
- r = self.app.get('/p/test/discussion/')
- assert 'Open Discussion' in str(r)
- assert 'Welcome to Open Discussion' in str(r)
- for link in r.html.findAll('a'):
- if 'Welcome to Open Discussion' in str(link):
- break
- r = self.app.get(link.get('href'))
- assert '2009-11-19' in str(r)
- assert 'Welcome to Open Discussion' in str(r)
- assert 'Anonymous' in str(r)
+ with h.push_config(config, **{'oauth.can_import_forum': self.token('test-admin').api_key}):
+ r = self.api_post('/rest/p/test/discussion/perform_import',
+ doc=self.json_text)
+ assert not r.json['errors'], r.json['errors']
+ r = self.app.get('/p/test/discussion/')
+ assert 'Open Discussion' in str(r)
+ assert 'Welcome to Open Discussion' in str(r)
+ for link in r.html.findAll('a'):
+ if 'Welcome to Open Discussion' in str(link):
+ break
+ r = self.app.get(link.get('href'))
+ assert '2009-11-19' in str(r)
+ assert 'Welcome to Open Discussion' in str(r)
+ assert 'Anonymous' in str(r)
def test_import_map(self):
- api_ticket = M.ApiTicket(
- user_id=c.user._id, capabilities={'import': ['Projects', 'test']},
- expires=datetime.utcnow() + timedelta(days=1))
- ming.orm.session(api_ticket).flush()
- self.set_api_token(api_ticket)
-
- r = self.api_post('/rest/p/test/discussion/perform_import',
- doc=self.json_text,
- username_mapping=json.dumps(dict(rick446='test-user')))
- assert not r.json['errors'], r.json['errors']
- r = self.app.get('/p/test/discussion/')
- assert 'Open Discussion' in str(r)
- assert 'Welcome to Open Discussion' in str(r)
- for link in r.html.findAll('a'):
- if 'Welcome to Open Discussion' in str(link):
- break
- r = self.app.get(link.get('href'))
- assert '2009-11-19' in str(r)
- assert 'Welcome to Open Discussion' in str(r)
- assert 'Test User' in str(r)
- assert 'Anonymous' not in str(r)
+ with h.push_config(config, **{'oauth.can_import_forum': self.token('test-admin').api_key}):
+ r = self.api_post('/rest/p/test/discussion/perform_import',
+ doc=self.json_text,
+ username_mapping=json.dumps(dict(rick446='test-user')))
+ assert not r.json['errors'], r.json['errors']
+ r = self.app.get('/p/test/discussion/')
+ assert 'Open Discussion' in str(r)
+ assert 'Welcome to Open Discussion' in str(r)
+ for link in r.html.findAll('a'):
+ if 'Welcome to Open Discussion' in str(link):
+ break
+ r = self.app.get(link.get('href'))
+ assert '2009-11-19' in str(r)
+ assert 'Welcome to Open Discussion' in str(r)
+ assert 'Test User' in str(r)
+ assert 'Anonymous' not in str(r)
def test_import_create(self):
- api_ticket = M.ApiTicket(
- user_id=c.user._id, capabilities={'import': ['Projects', 'test']},
- expires=datetime.utcnow() + timedelta(days=1))
- ming.orm.session(api_ticket).flush()
- self.set_api_token(api_ticket)
-
- r = self.api_post('/rest/p/test/discussion/perform_import',
- doc=self.json_text, create_users='True')
- assert not r.json['errors'], r.json['errors']
- r = self.app.get('/p/test/discussion/')
- assert 'Open Discussion' in str(r)
- assert 'Welcome to Open Discussion' in str(r)
- for link in r.html.findAll('a'):
- if 'Welcome to Open Discussion' in str(link):
- break
- r = self.app.get(link.get('href'))
- assert '2009-11-19' in str(r)
- assert 'Welcome to Open Discussion' in str(r)
- assert 'Anonymous' not in str(r)
- assert 'test-rick446' in str(r)
-
- def set_api_ticket(self, caps={'import': ['Projects', 'test']}):
- api_ticket = M.ApiTicket(user_id=c.user._id, capabilities=caps,
- expires=datetime.utcnow() + timedelta(days=1))
- ming.orm.session(api_ticket).flush()
- self.set_api_token(api_ticket)
+ with h.push_config(config, **{'oauth.can_import_forum': self.token('test-admin').api_key}):
+ r = self.api_post('/rest/p/test/discussion/perform_import',
+ doc=self.json_text, create_users='True')
+ assert not r.json['errors'], r.json['errors']
+ r = self.app.get('/p/test/discussion/')
+ assert 'Open Discussion' in str(r)
+ assert 'Welcome to Open Discussion' in str(r)
+ for link in r.html.findAll('a'):
+ if 'Welcome to Open Discussion' in str(link):
+ break
+ r = self.app.get(link.get('href'))
+ assert '2009-11-19' in str(r)
+ assert 'Welcome to Open Discussion' in str(r)
+ assert 'Anonymous' not in str(r)
+ assert 'test-rick446' in str(r)
@staticmethod
def time_normalize(t):