allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john...@apache.org
Subject git commit: [#7163] Configure activity tool for anon read access
Date Tue, 11 Feb 2014 23:40:14 GMT
Updated Branches:
  refs/heads/master 1ad33e158 -> 76071dc37


[#7163] Configure activity tool for anon read access

Signed-off-by: Tim Van Steenburgh <tvansteenburgh@gmail.com>


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/76071dc3
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/76071dc3
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/76071dc3

Branch: refs/heads/master
Commit: 76071dc3741f43ae569af34c92ed9a7d8158ff2e
Parents: 1ad33e1
Author: Tim Van Steenburgh <tvansteenburgh@gmail.com>
Authored: Tue Feb 11 22:28:00 2014 +0000
Committer: Tim Van Steenburgh <tvansteenburgh@gmail.com>
Committed: Tue Feb 11 22:28:00 2014 +0000

----------------------------------------------------------------------
 ForgeActivity/forgeactivity/main.py                   | 14 ++++++++++++--
 .../forgeactivity/tests/functional/test_root.py       |  9 +++++++++
 2 files changed, 21 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/76071dc3/ForgeActivity/forgeactivity/main.py
----------------------------------------------------------------------
diff --git a/ForgeActivity/forgeactivity/main.py b/ForgeActivity/forgeactivity/main.py
index 4df5dbe..0c7aa08 100644
--- a/ForgeActivity/forgeactivity/main.py
+++ b/ForgeActivity/forgeactivity/main.py
@@ -28,8 +28,9 @@ from webhelpers import feedgenerator as FG
 
 from allura.app import Application
 from allura import version
+from allura import model as M
 from allura.controllers import BaseController
-from allura.lib.security import require_authenticated
+from allura.lib.security import require_authenticated, require_access
 from allura.model.timeline import perm_check
 from allura.lib import helpers as h
 from allura.lib.decorators import require_post
@@ -58,7 +59,10 @@ class ForgeActivityApp(Application):
         return []
 
     def install(self, project):
-        pass  # pragma no cover
+        role_anon = M.ProjectRole.by_name('*anonymous')._id
+        self.config.acl = [
+            M.ACE.allow(role_anon, 'read'),
+        ]
 
     def uninstall(self, project):
         pass  # pragma no cover
@@ -77,6 +81,9 @@ class ForgeActivityController(BaseController):
         setattr(self, 'feed.atom', self.feed)
         setattr(self, 'feed.rss', self.feed)
 
+    def _check_security(self):
+        require_access(c.app, 'read')
+
     def _before(self, *args, **kw):
         """Runs before each request to this controller.
 
@@ -193,6 +200,9 @@ class ForgeActivityRestController(BaseController):
         super(ForgeActivityRestController, self).__init__(*args, **kw)
         self.app = app
 
+    def _check_security(self):
+        require_access(c.app, 'read')
+
     @expose('json:')
     def index(self, **kw):
         data = self.app.root._get_activities_data(**kw)

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/76071dc3/ForgeActivity/forgeactivity/tests/functional/test_root.py
----------------------------------------------------------------------
diff --git a/ForgeActivity/forgeactivity/tests/functional/test_root.py b/ForgeActivity/forgeactivity/tests/functional/test_root.py
index 2074866..5b6a8d0 100644
--- a/ForgeActivity/forgeactivity/tests/functional/test_root.py
+++ b/ForgeActivity/forgeactivity/tests/functional/test_root.py
@@ -47,6 +47,15 @@ class TestActivityController(TestController):
         config['activitystream.enabled'] = 'false'
         self.app.get('/activity/', status=404)
 
+    @td.with_tool('u/test-user-1', 'activity')
+    @td.with_user_project('test-user-1')
+    def test_anon_read(self):
+        r = self.app.get('/u/test-user-1',
+                extra_environ={'username': '*anonymous'}).follow().follow()
+        assert r.html.find('div', dict(id='top_nav')).find('a',
+                dict(href='/u/test-user-1/activity/')), \
+                        'No Activity tool in top nav'
+
     @td.with_tool('test', 'activity')
     @patch('forgeactivity.main.g.director')
     def test_index_html(self, director):


Mime
View raw message