You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@allura.apache.org by br...@apache.org on 2013/04/26 22:32:22 UTC

[1/2] git commit: [#5294] ticket:320 Test for permissions on project REST controller

Updated Branches:
  refs/heads/master c0629be43 -> c8311bbe6


[#5294] ticket:320 Test for permissions on project REST controller


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/974fa9f9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/974fa9f9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/974fa9f9

Branch: refs/heads/master
Commit: 974fa9f9a60406763a024fe4636bc64f9d81ea83
Parents: c0629be
Author: Igor Bondarenko <je...@gmail.com>
Authored: Mon Apr 22 09:17:00 2013 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri Apr 26 20:31:30 2013 +0000

----------------------------------------------------------------------
 Allura/allura/tests/functional/test_rest.py |   28 ++++++++++++++++++++-
 1 files changed, 26 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/974fa9f9/Allura/allura/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_rest.py b/Allura/allura/tests/functional/test_rest.py
index a08e8f7..fcfb373 100644
--- a/Allura/allura/tests/functional/test_rest.py
+++ b/Allura/allura/tests/functional/test_rest.py
@@ -18,11 +18,11 @@
 #       under the License.
 
 from datetime import datetime, timedelta
+import json
 
 from pylons import app_globals as g
-from nose.tools import assert_equal
 import mock
-import json
+from nose.tools import assert_equal, assert_in, assert_not_in
 
 from allura.tests import decorators as td
 from alluratest.controller import TestRestApiBase
@@ -71,6 +71,30 @@ class TestRestHome(TestRestApiBase):
         r = self.api_get('/rest/p/test/')
         assert r.status_int == 200
 
+    @td.with_tool('test', 'Tickets', 'bugs')
+    @td.with_tool('test', 'Tickets', 'private-bugs')
+    def test_project_data(self):
+        # Deny anonymous to see 'private-bugs' tool
+        role = M.ProjectRole.by_name('*anonymous')._id
+        read_permission = M.ACE.allow(role, 'read')
+        app = M.Project.query.get(shortname='test').app_instance('private-bugs')
+        if read_permission in app.config.acl:
+            app.config.acl.remove(read_permission)
+
+        # admin sees both 'Tickets' tools
+        r = self.api_get('/rest/p/test/')
+        assert_equal(r.json['name'], 'test')
+        tool_mounts = [t['mount_point'] for t in r.json['tools']]
+        assert_in('bugs', tool_mounts)
+        assert_in('private-bugs', tool_mounts)
+
+        # anonymous sees only non-private tool
+        r = self.app.get('/rest/p/test/', extra_environ={'username': '*anonymous'})
+        assert_equal(r.json['name'], 'test')
+        tool_mounts = [t['mount_point'] for t in r.json['tools']]
+        assert_in('bugs', tool_mounts)
+        assert_not_in('private-bugs', tool_mounts)
+
     def test_unicode(self):
         self.app.post(
             '/wiki/tést/update',

[2/2] git commit: [#5294] ticket:320 Check permissions on project REST controller

Posted by br...@apache.org.

[#5294] ticket:320 Check permissions on project REST controller


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/c8311bbe
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/c8311bbe
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/c8311bbe

Branch: refs/heads/master
Commit: c8311bbe6cec1b58edfc8ef577e0c1f992f45ac5
Parents: 974fa9f
Author: Igor Bondarenko <je...@gmail.com>
Authored: Mon Apr 22 09:26:53 2013 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri Apr 26 20:31:33 2013 +0000

----------------------------------------------------------------------
 Allura/allura/controllers/rest.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/c8311bbe/Allura/allura/controllers/rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py
index c90a1ef..cf03733 100644
--- a/Allura/allura/controllers/rest.py
+++ b/Allura/allura/controllers/rest.py
@@ -281,5 +281,5 @@ class ProjectRestController(object):
         return dict(
             name=c.project.shortname,
             tools=[dict(name=t.tool_name, mount_point=t.options.mount_point, label=t.options.mount_label)
-                   for t in c.project.app_configs]
+                   for t in c.project.app_configs if h.has_access(t, 'read')]
         )