You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2018/01/22 20:29:23 UTC
allura git commit: [#8176] check permissions in related_artifacts
usage
Repository: allura
Updated Branches:
refs/heads/db/8176 [created] 318a6d66a
[#8176] check permissions in related_artifacts usage
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/318a6d66
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/318a6d66
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/318a6d66
Branch: refs/heads/db/8176
Commit: 318a6d66a5476fc94e090f56131138c744208e2a
Parents: 19f04ac
Author: Dave Brondsema <da...@brondsema.net>
Authored: Mon Jan 22 15:29:03 2018 -0500
Committer: Dave Brondsema <da...@brondsema.net>
Committed: Mon Jan 22 15:29:15 2018 -0500
----------------------------------------------------------------------
Allura/allura/model/artifact.py | 11 ++++++-----
Allura/allura/templates/jinja_master/lib.html | 2 +-
Allura/allura/tests/templates/jinja_master/test_lib.py | 8 ++++----
3 files changed, 11 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/318a6d66/Allura/allura/model/artifact.py
----------------------------------------------------------------------
diff --git a/Allura/allura/model/artifact.py b/Allura/allura/model/artifact.py
index 1052c17..0f80a90 100644
--- a/Allura/allura/model/artifact.py
+++ b/Allura/allura/model/artifact.py
@@ -103,7 +103,7 @@ class Artifact(MappedClass, SearchIndexable):
import_id = FieldProperty(None, if_missing=None)
deleted = FieldProperty(bool, if_missing=False)
- def __json__(self, posts_limit=None, is_export=False):
+ def __json__(self, posts_limit=None, is_export=False, user=None):
"""Return a JSON-encodable :class:`dict` representation of this
Artifact.
@@ -112,7 +112,7 @@ class Artifact(MappedClass, SearchIndexable):
_id=str(self._id),
mod_date=self.mod_date,
labels=list(self.labels),
- related_artifacts=[a.url() for a in self.related_artifacts()],
+ related_artifacts=[a.url() for a in self.related_artifacts(user=user or c.user)],
discussion_thread=self.discussion_thread.__json__(limit=posts_limit, is_export=is_export),
discussion_thread_url=h.absurl('/rest%s' %
self.discussion_thread.url()),
@@ -159,7 +159,7 @@ class Artifact(MappedClass, SearchIndexable):
q = ArtifactReference.query.find(dict(references=self.index_id()))
return [aref._id for aref in q]
- def related_artifacts(self):
+ def related_artifacts(self, user=None):
"""Return all Artifacts that are related to this one.
"""
@@ -177,11 +177,12 @@ class Artifact(MappedClass, SearchIndexable):
# don't link to artifacts in deleted tools
if hasattr(artifact, 'app_config') and artifact.app_config is None:
continue
+ if user and not h.has_access(artifact, 'read', user):
+ continue
# TODO: This should be refactored. We shouldn't be checking
# artifact type strings in platform code.
if artifact.type_s == 'Commit' and not artifact.repo:
- ac = AppConfig.query.get(
- _id=ref.artifact_reference['app_config_id'])
+ ac = AppConfig.query.get(_id=ref.artifact_reference['app_config_id'])
app = ac.project.app_instance(ac) if ac else None
if app:
artifact.set_context(app.repo)
http://git-wip-us.apache.org/repos/asf/allura/blob/318a6d66/Allura/allura/templates/jinja_master/lib.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/jinja_master/lib.html b/Allura/allura/templates/jinja_master/lib.html
index 2f44749..27550ee 100644
--- a/Allura/allura/templates/jinja_master/lib.html
+++ b/Allura/allura/templates/jinja_master/lib.html
@@ -30,7 +30,7 @@
{%- endmacro %}
{% macro related_artifacts(artifact) -%}
- {% set related_artifacts = artifact.related_artifacts() %}
+ {% set related_artifacts = artifact.related_artifacts(user=c.userr) %}
{% if related_artifacts %}
<h4>Related</h4>
<p>
http://git-wip-us.apache.org/repos/asf/allura/blob/318a6d66/Allura/allura/tests/templates/jinja_master/test_lib.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/templates/jinja_master/test_lib.py b/Allura/allura/tests/templates/jinja_master/test_lib.py
index 4979b99..2fccafc 100644
--- a/Allura/allura/tests/templates/jinja_master/test_lib.py
+++ b/Allura/allura/tests/templates/jinja_master/test_lib.py
@@ -41,11 +41,11 @@ class TestRelatedArtifacts(TemplateTest):
html = self.jinja2_env.from_string('''
{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
{{ lib.related_artifacts(artifact) }}
- ''').render(artifact=artifact)
+ ''').render(artifact=artifact, c=Mock())
return strip_space(html)
def test_none(self):
- artifact = Mock(related_artifacts = lambda: [])
+ artifact = Mock(related_artifacts=lambda user: [])
assert_equal(self._render_related_artifacts(artifact), '')
def test_simple(self):
@@ -54,7 +54,7 @@ class TestRelatedArtifacts(TemplateTest):
other.project.name = 'Test Project'
other.app_config.options.mount_label = 'Foo'
other.link_text.return_value = 'Bar'
- artifact = Mock(related_artifacts = lambda: [other])
+ artifact = Mock(related_artifacts=lambda user: [other])
assert_equal(self._render_related_artifacts(artifact), strip_space('''
<h4>Related</h4>
<p>
@@ -73,7 +73,7 @@ class TestRelatedArtifacts(TemplateTest):
def url(self):
return '/p/test/code/ci/deadbeef'
- artifact = Mock(related_artifacts = lambda: [CommitThing()])
+ artifact = Mock(related_artifacts=lambda user: [CommitThing()])
assert_equal(self._render_related_artifacts(artifact), strip_space('''
<h4>Related</h4>
<p>