You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2013/04/26 22:32:22 UTC
[1/2] git commit: [#5294] ticket:320 Test for permissions on project
REST controller
Updated Branches:
refs/heads/master c0629be43 -> c8311bbe6
[#5294] ticket:320 Test for permissions on project REST controller
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/974fa9f9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/974fa9f9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/974fa9f9
Branch: refs/heads/master
Commit: 974fa9f9a60406763a024fe4636bc64f9d81ea83
Parents: c0629be
Author: Igor Bondarenko <je...@gmail.com>
Authored: Mon Apr 22 09:17:00 2013 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri Apr 26 20:31:30 2013 +0000
----------------------------------------------------------------------
Allura/allura/tests/functional/test_rest.py | 28 ++++++++++++++++++++-
1 files changed, 26 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/974fa9f9/Allura/allura/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_rest.py b/Allura/allura/tests/functional/test_rest.py
index a08e8f7..fcfb373 100644
--- a/Allura/allura/tests/functional/test_rest.py
+++ b/Allura/allura/tests/functional/test_rest.py
@@ -18,11 +18,11 @@
# under the License.
from datetime import datetime, timedelta
+import json
from pylons import app_globals as g
-from nose.tools import assert_equal
import mock
-import json
+from nose.tools import assert_equal, assert_in, assert_not_in
from allura.tests import decorators as td
from alluratest.controller import TestRestApiBase
@@ -71,6 +71,30 @@ class TestRestHome(TestRestApiBase):
r = self.api_get('/rest/p/test/')
assert r.status_int == 200
+ @td.with_tool('test', 'Tickets', 'bugs')
+ @td.with_tool('test', 'Tickets', 'private-bugs')
+ def test_project_data(self):
+ # Deny anonymous to see 'private-bugs' tool
+ role = M.ProjectRole.by_name('*anonymous')._id
+ read_permission = M.ACE.allow(role, 'read')
+ app = M.Project.query.get(shortname='test').app_instance('private-bugs')
+ if read_permission in app.config.acl:
+ app.config.acl.remove(read_permission)
+
+ # admin sees both 'Tickets' tools
+ r = self.api_get('/rest/p/test/')
+ assert_equal(r.json['name'], 'test')
+ tool_mounts = [t['mount_point'] for t in r.json['tools']]
+ assert_in('bugs', tool_mounts)
+ assert_in('private-bugs', tool_mounts)
+
+ # anonymous sees only non-private tool
+ r = self.app.get('/rest/p/test/', extra_environ={'username': '*anonymous'})
+ assert_equal(r.json['name'], 'test')
+ tool_mounts = [t['mount_point'] for t in r.json['tools']]
+ assert_in('bugs', tool_mounts)
+ assert_not_in('private-bugs', tool_mounts)
+
def test_unicode(self):
self.app.post(
'/wiki/tést/update',
[2/2] git commit: [#5294] ticket:320 Check permissions on project
REST controller
Posted by br...@apache.org.
[#5294] ticket:320 Check permissions on project REST controller
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/c8311bbe
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/c8311bbe
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/c8311bbe
Branch: refs/heads/master
Commit: c8311bbe6cec1b58edfc8ef577e0c1f992f45ac5
Parents: 974fa9f
Author: Igor Bondarenko <je...@gmail.com>
Authored: Mon Apr 22 09:26:53 2013 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri Apr 26 20:31:33 2013 +0000
----------------------------------------------------------------------
Allura/allura/controllers/rest.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/c8311bbe/Allura/allura/controllers/rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py
index c90a1ef..cf03733 100644
--- a/Allura/allura/controllers/rest.py
+++ b/Allura/allura/controllers/rest.py
@@ -281,5 +281,5 @@ class ProjectRestController(object):
return dict(
name=c.project.shortname,
tools=[dict(name=t.tool_name, mount_point=t.options.mount_point, label=t.options.mount_label)
- for t in c.project.app_configs]
+ for t in c.project.app_configs if h.has_access(t, 'read')]
)