allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject [05/10] allura git commit: [#7633] ticket:768 Add has_access API for ForgeBlog
Date Mon, 01 Jun 2015 15:16:24 GMT
[#7633] ticket:768 Add has_access API for ForgeBlog


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/02c7f242
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/02c7f242
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/02c7f242

Branch: refs/heads/master
Commit: 02c7f242c20ea2304c5d25fc0155d8a5a4fc86b9
Parents: cace0ac
Author: Igor Bondarenko <jetmind2@gmail.com>
Authored: Thu May 14 15:20:08 2015 +0000
Committer: Dave Brondsema <dave@brondsema.net>
Committed: Mon Jun 1 11:15:32 2015 -0400

----------------------------------------------------------------------
 Allura/allura/controllers/rest.py               |  6 +++
 ForgeBlog/forgeblog/main.py                     |  3 +-
 .../forgeblog/tests/functional/test_rest.py     | 40 ++++++++++++++++++++
 3 files changed, 48 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/02c7f242/Allura/allura/controllers/rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py
index 7ac9df5..df5b0ea 100644
--- a/Allura/allura/controllers/rest.py
+++ b/Allura/allura/controllers/rest.py
@@ -263,6 +263,12 @@ def rest_has_access(obj, user, perm):
     return resp
 
 
+class AppRestControllerMixin(object):
+    @expose('json:')
+    def has_access(self, user, perm):
+        return rest_has_access(c.app, user, perm)
+
+
 class NeighborhoodRestController(object):
 
     def __init__(self, neighborhood):

http://git-wip-us.apache.org/repos/asf/allura/blob/02c7f242/ForgeBlog/forgeblog/main.py
----------------------------------------------------------------------
diff --git a/ForgeBlog/forgeblog/main.py b/ForgeBlog/forgeblog/main.py
index b4dcd4a..edfe1f0 100644
--- a/ForgeBlog/forgeblog/main.py
+++ b/ForgeBlog/forgeblog/main.py
@@ -47,6 +47,7 @@ from allura.lib.widgets import form_fields as ffw
 from allura.lib.widgets.search import SearchResults, SearchHelp
 from allura import model as M
 from allura.controllers import BaseController, AppDiscussionController, AppDiscussionRestController
+from allura.controllers.rest import AppRestControllerMixin
 from allura.controllers.feed import FeedArgs, FeedController
 
 # Local imports
@@ -469,7 +470,7 @@ class BlogAdminController(DefaultAdminController):
         redirect(c.project.url() + 'admin/tools')
 
 
-class RootRestController(BaseController):
+class RootRestController(BaseController, AppRestControllerMixin):
 
     def __init__(self):
         self._discuss = AppDiscussionRestController()

http://git-wip-us.apache.org/repos/asf/allura/blob/02c7f242/ForgeBlog/forgeblog/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/ForgeBlog/forgeblog/tests/functional/test_rest.py b/ForgeBlog/forgeblog/tests/functional/test_rest.py
index 05e06c8..3fc7647 100644
--- a/ForgeBlog/forgeblog/tests/functional/test_rest.py
+++ b/ForgeBlog/forgeblog/tests/functional/test_rest.py
@@ -212,3 +212,43 @@ class TestBlogApi(TestRestApiBase):
         assert_equal(r.json['count'], 3)
         assert_equal(r.json['limit'], 1)
         assert_equal(r.json['page'], 2)
+
+    def test_has_access_no_params(self):
+        r = self.api_get('/rest/p/test/blog/has_access', status=404)
+        r = self.api_get('/rest/p/test/blog/has_access?user=root', status=404)
+        r = self.api_get('/rest/p/test/blog/has_access?perm=read', status=404)
+
+    def test_has_access_unknown_params(self):
+        """Unknown user and/or permission always False for has_access API"""
+        r = self.api_get(
+            '/rest/p/test/blog/has_access?user=babadook&perm=read',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+        r = self.api_get(
+            '/rest/p/test/blog/has_access?user=test-user&perm=jump',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+
+    def test_has_access_not_admin(self):
+        """
+        User which has no 'admin' permission on neighborhood can't use
+        has_access API
+        """
+        self.api_get(
+            '/rest/p/test/blog/has_access?user=test-admin&perm=admin',
+            user='test-user',
+            status=403)
+
+    def test_has_access(self):
+        r = self.api_get(
+            '/rest/p/test/blog/has_access?user=test-admin&perm=post',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], True)
+        r = self.api_get(
+            '/rest/p/test/blog/has_access?user=*anonymous&perm=admin',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)


Mime
View raw message