[08/10] allura git commit: [#7633] ticket:768 Add has_access API for ForgeActivity

[je...@apache.org]

[#7633] ticket:768 Add has_access API for ForgeActivity


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/fe2133d0
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/fe2133d0
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/fe2133d0

Branch: refs/heads/ib/7633
Commit: fe2133d019883305f7d46da05f33a3328b46e873
Parents: d9a51a3
Author: Igor Bondarenko <je...@gmail.com>
Authored: Fri May 15 09:22:16 2015 +0000
Committer: Igor Bondarenko <je...@gmail.com>
Committed: Fri May 15 09:22:16 2015 +0000

----------------------------------------------------------------------
 ForgeActivity/forgeactivity/main.py             |  3 +-
 .../forgeactivity/tests/functional/test_rest.py | 56 ++++++++++++++++++++
 2 files changed, 58 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/fe2133d0/ForgeActivity/forgeactivity/main.py
----------------------------------------------------------------------
diff --git a/ForgeActivity/forgeactivity/main.py b/ForgeActivity/forgeactivity/main.py
index e0b22c8..9bb6029 100644
--- a/ForgeActivity/forgeactivity/main.py
+++ b/ForgeActivity/forgeactivity/main.py
@@ -32,6 +32,7 @@ from allura.app import Application
 from allura import version
 from allura import model as M
 from allura.controllers import BaseController
+from allura.controllers.rest import AppRestControllerMixin
 from allura.lib.security import require_authenticated, require_access
 from allura.model.timeline import perm_check, get_activity_object
 from allura.lib import helpers as h
@@ -206,7 +207,7 @@ class ForgeActivityController(BaseController):
             following=follow)
 
 
-class ForgeActivityRestController(BaseController):
+class ForgeActivityRestController(BaseController, AppRestControllerMixin):
 
     def __init__(self, app, *args, **kw):
         super(ForgeActivityRestController, self).__init__(*args, **kw)

http://git-wip-us.apache.org/repos/asf/allura/blob/fe2133d0/ForgeActivity/forgeactivity/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/ForgeActivity/forgeactivity/tests/functional/test_rest.py b/ForgeActivity/forgeactivity/tests/functional/test_rest.py
new file mode 100644
index 0000000..4a26d0c
--- /dev/null
+++ b/ForgeActivity/forgeactivity/tests/functional/test_rest.py
@@ -0,0 +1,56 @@
+from datadiff.tools import assert_equal
+
+from tg import config
+from alluratest.controller import TestRestApiBase
+
+
+class TestActivityHasAccessAPI(TestRestApiBase):
+
+    def setUp(self, *args, **kwargs):
+        super(TestActivityHasAccessAPI, self).setUp(*args, **kwargs)
+        self._enabled = config.get('activitystream.enabled', 'false')
+        config['activitystream.enabled'] = 'true'
+
+    def tearDown(self, *args, **kwargs):
+        super(TestActivityHasAccessAPI, self).tearDown(*args, **kwargs)
+        config['activitystream.enabled'] = self._enabled
+
+    def test_has_access_no_params(self):
+        r = self.api_get('/rest/p/test/activity/has_access', status=404)
+        r = self.api_get('/rest/p/test/activity/has_access?user=root', status=404)
+        r = self.api_get('/rest/p/test/activity/has_access?perm=read', status=404)
+
+    def test_has_access_unknown_params(self):
+        """Unknown user and/or permission always False for has_access API"""
+        r = self.api_get(
+            '/rest/p/test/activity/has_access?user=babadook&perm=read',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+        r = self.api_get(
+            '/rest/p/test/activity/has_access?user=test-user&perm=jump',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+
+    def test_has_access_not_admin(self):
+        """
+        User which has no 'admin' permission on neighborhood can't use
+        has_access API
+        """
+        self.api_get(
+            '/rest/p/test/activity/has_access?user=test-admin&perm=admin',
+            user='test-user',
+            status=403)
+
+    def test_has_access(self):
+        r = self.api_get(
+            '/rest/p/test/activity/has_access?user=test-admin&perm=admin',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], True)
+        r = self.api_get(
+            '/rest/p/test/activity/has_access?user=test-user&perm=admin',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)