allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject [07/10] allura git commit: [#7633] ticket:768 Add has_access API for ForgeActivity
Date Mon, 01 Jun 2015 15:16:26 GMT
[#7633] ticket:768 Add has_access API for ForgeActivity


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/f46f13c7
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/f46f13c7
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/f46f13c7

Branch: refs/heads/master
Commit: f46f13c758526ccd82d64fc7e7d42eb1cc028a42
Parents: e1e7cdf
Author: Igor Bondarenko <jetmind2@gmail.com>
Authored: Fri May 15 09:22:16 2015 +0000
Committer: Dave Brondsema <dave@brondsema.net>
Committed: Mon Jun 1 11:15:35 2015 -0400

----------------------------------------------------------------------
 ForgeActivity/forgeactivity/main.py             |  3 +-
 .../forgeactivity/tests/functional/test_rest.py | 56 ++++++++++++++++++++
 2 files changed, 58 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/f46f13c7/ForgeActivity/forgeactivity/main.py
----------------------------------------------------------------------
diff --git a/ForgeActivity/forgeactivity/main.py b/ForgeActivity/forgeactivity/main.py
index e0b22c8..9bb6029 100644
--- a/ForgeActivity/forgeactivity/main.py
+++ b/ForgeActivity/forgeactivity/main.py
@@ -32,6 +32,7 @@ from allura.app import Application
 from allura import version
 from allura import model as M
 from allura.controllers import BaseController
+from allura.controllers.rest import AppRestControllerMixin
 from allura.lib.security import require_authenticated, require_access
 from allura.model.timeline import perm_check, get_activity_object
 from allura.lib import helpers as h
@@ -206,7 +207,7 @@ class ForgeActivityController(BaseController):
             following=follow)
 
 
-class ForgeActivityRestController(BaseController):
+class ForgeActivityRestController(BaseController, AppRestControllerMixin):
 
     def __init__(self, app, *args, **kw):
         super(ForgeActivityRestController, self).__init__(*args, **kw)

http://git-wip-us.apache.org/repos/asf/allura/blob/f46f13c7/ForgeActivity/forgeactivity/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/ForgeActivity/forgeactivity/tests/functional/test_rest.py b/ForgeActivity/forgeactivity/tests/functional/test_rest.py
new file mode 100644
index 0000000..4a26d0c
--- /dev/null
+++ b/ForgeActivity/forgeactivity/tests/functional/test_rest.py
@@ -0,0 +1,56 @@
+from datadiff.tools import assert_equal
+
+from tg import config
+from alluratest.controller import TestRestApiBase
+
+
+class TestActivityHasAccessAPI(TestRestApiBase):
+
+    def setUp(self, *args, **kwargs):
+        super(TestActivityHasAccessAPI, self).setUp(*args, **kwargs)
+        self._enabled = config.get('activitystream.enabled', 'false')
+        config['activitystream.enabled'] = 'true'
+
+    def tearDown(self, *args, **kwargs):
+        super(TestActivityHasAccessAPI, self).tearDown(*args, **kwargs)
+        config['activitystream.enabled'] = self._enabled
+
+    def test_has_access_no_params(self):
+        r = self.api_get('/rest/p/test/activity/has_access', status=404)
+        r = self.api_get('/rest/p/test/activity/has_access?user=root', status=404)
+        r = self.api_get('/rest/p/test/activity/has_access?perm=read', status=404)
+
+    def test_has_access_unknown_params(self):
+        """Unknown user and/or permission always False for has_access API"""
+        r = self.api_get(
+            '/rest/p/test/activity/has_access?user=babadook&perm=read',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+        r = self.api_get(
+            '/rest/p/test/activity/has_access?user=test-user&perm=jump',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+
+    def test_has_access_not_admin(self):
+        """
+        User which has no 'admin' permission on neighborhood can't use
+        has_access API
+        """
+        self.api_get(
+            '/rest/p/test/activity/has_access?user=test-admin&perm=admin',
+            user='test-user',
+            status=403)
+
+    def test_has_access(self):
+        r = self.api_get(
+            '/rest/p/test/activity/has_access?user=test-admin&perm=admin',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], True)
+        r = self.api_get(
+            '/rest/p/test/activity/has_access?user=test-user&perm=admin',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)


Mime
View raw message