You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by je...@apache.org on 2015/05/15 12:29:47 UTC
[03/10] allura git commit: [#7633] ticket:768 Add has_access API for
ForgeBlog
[#7633] ticket:768 Add has_access API for ForgeBlog
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/1bbb806f
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/1bbb806f
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/1bbb806f
Branch: refs/heads/ib/7633
Commit: 1bbb806f9d38c1f7b7244c33d4f8601e89dfc8b5
Parents: d3c5cbc
Author: Igor Bondarenko <je...@gmail.com>
Authored: Thu May 14 15:20:08 2015 +0000
Committer: Igor Bondarenko <je...@gmail.com>
Committed: Thu May 14 15:20:08 2015 +0000
----------------------------------------------------------------------
Allura/allura/controllers/rest.py | 6 +++
ForgeBlog/forgeblog/main.py | 3 +-
.../forgeblog/tests/functional/test_rest.py | 40 ++++++++++++++++++++
3 files changed, 48 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/1bbb806f/Allura/allura/controllers/rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py
index 7ac9df5..df5b0ea 100644
--- a/Allura/allura/controllers/rest.py
+++ b/Allura/allura/controllers/rest.py
@@ -263,6 +263,12 @@ def rest_has_access(obj, user, perm):
return resp
+class AppRestControllerMixin(object):
+ @expose('json:')
+ def has_access(self, user, perm):
+ return rest_has_access(c.app, user, perm)
+
+
class NeighborhoodRestController(object):
def __init__(self, neighborhood):
http://git-wip-us.apache.org/repos/asf/allura/blob/1bbb806f/ForgeBlog/forgeblog/main.py
----------------------------------------------------------------------
diff --git a/ForgeBlog/forgeblog/main.py b/ForgeBlog/forgeblog/main.py
index 160b94e..ef23967 100644
--- a/ForgeBlog/forgeblog/main.py
+++ b/ForgeBlog/forgeblog/main.py
@@ -47,6 +47,7 @@ from allura.lib.widgets import form_fields as ffw
from allura.lib.widgets.search import SearchResults, SearchHelp
from allura import model as M
from allura.controllers import BaseController, AppDiscussionController, AppDiscussionRestController
+from allura.controllers.rest import AppRestControllerMixin
from allura.controllers.feed import FeedArgs, FeedController
# Local imports
@@ -456,7 +457,7 @@ class BlogAdminController(DefaultAdminController):
redirect(c.project.url() + 'admin/tools')
-class RootRestController(BaseController):
+class RootRestController(BaseController, AppRestControllerMixin):
def __init__(self):
self._discuss = AppDiscussionRestController()
http://git-wip-us.apache.org/repos/asf/allura/blob/1bbb806f/ForgeBlog/forgeblog/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/ForgeBlog/forgeblog/tests/functional/test_rest.py b/ForgeBlog/forgeblog/tests/functional/test_rest.py
index 05e06c8..3fc7647 100644
--- a/ForgeBlog/forgeblog/tests/functional/test_rest.py
+++ b/ForgeBlog/forgeblog/tests/functional/test_rest.py
@@ -212,3 +212,43 @@ class TestBlogApi(TestRestApiBase):
assert_equal(r.json['count'], 3)
assert_equal(r.json['limit'], 1)
assert_equal(r.json['page'], 2)
+
+ def test_has_access_no_params(self):
+ r = self.api_get('/rest/p/test/blog/has_access', status=404)
+ r = self.api_get('/rest/p/test/blog/has_access?user=root', status=404)
+ r = self.api_get('/rest/p/test/blog/has_access?perm=read', status=404)
+
+ def test_has_access_unknown_params(self):
+ """Unknown user and/or permission always False for has_access API"""
+ r = self.api_get(
+ '/rest/p/test/blog/has_access?user=babadook&perm=read',
+ user='root')
+ assert_equal(r.status_int, 200)
+ assert_equal(r.json['result'], False)
+ r = self.api_get(
+ '/rest/p/test/blog/has_access?user=test-user&perm=jump',
+ user='root')
+ assert_equal(r.status_int, 200)
+ assert_equal(r.json['result'], False)
+
+ def test_has_access_not_admin(self):
+ """
+ User which has no 'admin' permission on neighborhood can't use
+ has_access API
+ """
+ self.api_get(
+ '/rest/p/test/blog/has_access?user=test-admin&perm=admin',
+ user='test-user',
+ status=403)
+
+ def test_has_access(self):
+ r = self.api_get(
+ '/rest/p/test/blog/has_access?user=test-admin&perm=post',
+ user='root')
+ assert_equal(r.status_int, 200)
+ assert_equal(r.json['result'], True)
+ r = self.api_get(
+ '/rest/p/test/blog/has_access?user=*anonymous&perm=admin',
+ user='root')
+ assert_equal(r.status_int, 200)
+ assert_equal(r.json['result'], False)