You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by je...@apache.org on 2015/05/15 12:29:47 UTC

[03/10] allura git commit: [#7633] ticket:768 Add has_access API for ForgeBlog

[#7633] ticket:768 Add has_access API for ForgeBlog


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/1bbb806f
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/1bbb806f
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/1bbb806f

Branch: refs/heads/ib/7633
Commit: 1bbb806f9d38c1f7b7244c33d4f8601e89dfc8b5
Parents: d3c5cbc
Author: Igor Bondarenko <je...@gmail.com>
Authored: Thu May 14 15:20:08 2015 +0000
Committer: Igor Bondarenko <je...@gmail.com>
Committed: Thu May 14 15:20:08 2015 +0000

----------------------------------------------------------------------
 Allura/allura/controllers/rest.py               |  6 +++
 ForgeBlog/forgeblog/main.py                     |  3 +-
 .../forgeblog/tests/functional/test_rest.py     | 40 ++++++++++++++++++++
 3 files changed, 48 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/1bbb806f/Allura/allura/controllers/rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py
index 7ac9df5..df5b0ea 100644
--- a/Allura/allura/controllers/rest.py
+++ b/Allura/allura/controllers/rest.py
@@ -263,6 +263,12 @@ def rest_has_access(obj, user, perm):
     return resp
 
 
+class AppRestControllerMixin(object):
+    @expose('json:')
+    def has_access(self, user, perm):
+        return rest_has_access(c.app, user, perm)
+
+
 class NeighborhoodRestController(object):
 
     def __init__(self, neighborhood):

http://git-wip-us.apache.org/repos/asf/allura/blob/1bbb806f/ForgeBlog/forgeblog/main.py
----------------------------------------------------------------------
diff --git a/ForgeBlog/forgeblog/main.py b/ForgeBlog/forgeblog/main.py
index 160b94e..ef23967 100644
--- a/ForgeBlog/forgeblog/main.py
+++ b/ForgeBlog/forgeblog/main.py
@@ -47,6 +47,7 @@ from allura.lib.widgets import form_fields as ffw
 from allura.lib.widgets.search import SearchResults, SearchHelp
 from allura import model as M
 from allura.controllers import BaseController, AppDiscussionController, AppDiscussionRestController
+from allura.controllers.rest import AppRestControllerMixin
 from allura.controllers.feed import FeedArgs, FeedController
 
 # Local imports
@@ -456,7 +457,7 @@ class BlogAdminController(DefaultAdminController):
         redirect(c.project.url() + 'admin/tools')
 
 
-class RootRestController(BaseController):
+class RootRestController(BaseController, AppRestControllerMixin):
 
     def __init__(self):
         self._discuss = AppDiscussionRestController()

http://git-wip-us.apache.org/repos/asf/allura/blob/1bbb806f/ForgeBlog/forgeblog/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/ForgeBlog/forgeblog/tests/functional/test_rest.py b/ForgeBlog/forgeblog/tests/functional/test_rest.py
index 05e06c8..3fc7647 100644
--- a/ForgeBlog/forgeblog/tests/functional/test_rest.py
+++ b/ForgeBlog/forgeblog/tests/functional/test_rest.py
@@ -212,3 +212,43 @@ class TestBlogApi(TestRestApiBase):
         assert_equal(r.json['count'], 3)
         assert_equal(r.json['limit'], 1)
         assert_equal(r.json['page'], 2)
+
+    def test_has_access_no_params(self):
+        r = self.api_get('/rest/p/test/blog/has_access', status=404)
+        r = self.api_get('/rest/p/test/blog/has_access?user=root', status=404)
+        r = self.api_get('/rest/p/test/blog/has_access?perm=read', status=404)
+
+    def test_has_access_unknown_params(self):
+        """Unknown user and/or permission always False for has_access API"""
+        r = self.api_get(
+            '/rest/p/test/blog/has_access?user=babadook&perm=read',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+        r = self.api_get(
+            '/rest/p/test/blog/has_access?user=test-user&perm=jump',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+
+    def test_has_access_not_admin(self):
+        """
+        User which has no 'admin' permission on neighborhood can't use
+        has_access API
+        """
+        self.api_get(
+            '/rest/p/test/blog/has_access?user=test-admin&perm=admin',
+            user='test-user',
+            status=403)
+
+    def test_has_access(self):
+        r = self.api_get(
+            '/rest/p/test/blog/has_access?user=test-admin&perm=post',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], True)
+        r = self.api_get(
+            '/rest/p/test/blog/has_access?user=*anonymous&perm=admin',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)