allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jetm...@apache.org
Subject [2/3] allura git commit: [#8023] ticket:867 added check authorization, changed check user rights
Date Fri, 04 Dec 2015 09:29:59 GMT
[#8023] ticket:867 added check authorization, changed check user rights


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/2216bd39
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/2216bd39
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/2216bd39

Branch: refs/heads/ib/8023
Commit: 2216bd395ac382840704555e76b0d1efc27bd4c5
Parents: fde3f60
Author: Denis Kotov <deniskkotov@gmail.com>
Authored: Thu Dec 3 16:26:14 2015 +0200
Committer: Igor Bondarenko <jetmind2@gmail.com>
Committed: Fri Dec 4 11:28:53 2015 +0200

----------------------------------------------------------------------
 Allura/allura/lib/plugin.py        |  6 +++++-
 Allura/allura/tests/test_plugin.py | 20 ++++++++++++++++----
 2 files changed, 21 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/2216bd39/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index e2f6e5b..8b7a282 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -1316,7 +1316,11 @@ class ThemeProvider(object):
         note = SiteNotification.current()
         if note is None:
             return None
-        if note.user_role is not None and not c.user.my_projects_by_role_name(note.user_role).first():
+        if note.user_role is not None and c.user.is_anonymous():
+            return None
+        projects = c.user.my_projects_by_role_name(note.user_role)
+        if note.user_role is not None and \
+                projects.count() == 0 or (projects.count() == 1 and projects.first().is_user_project):
             return None
         cookie = request.cookies.get('site-notification', '').split('-')
         if len(cookie) == 3 and cookie[0] == str(note._id):

http://git-wip-us.apache.org/repos/asf/allura/blob/2216bd39/Allura/allura/tests/test_plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_plugin.py b/Allura/allura/tests/test_plugin.py
index bf05335..0d55330 100644
--- a/Allura/allura/tests/test_plugin.py
+++ b/Allura/allura/tests/test_plugin.py
@@ -384,13 +384,25 @@ class TestThemeProvider(object):
     def test_get_site_notification_with_role(self, SiteNotification, User):
         note = SiteNotification.current.return_value
         note.user_role = 'Test'
-        first = User.my_projects_by_role_name.return_value.first
-        first.return_value = True
-        assert_is(ThemeProvider().get_site_notification(), note)
+        projects = User.my_projects_by_role_name.return_value
+
+        User.is_anonymous.return_value = True
+        assert_is(ThemeProvider().get_site_notification(), None)
+
+        User.is_anonymous.return_value = False
+        projects.count.return_value = 0
+        assert_is(ThemeProvider().get_site_notification(), None)
 
-        first.return_value = False
+        projects.count.return_value = 1
+        projects.first.return_value.is_user_project = True
         assert_is(ThemeProvider().get_site_notification(), None)
 
+        projects.first.return_value.is_user_project = False
+        assert_is(ThemeProvider().get_site_notification(), note)
+
+        projects.count.return_value = 2
+        assert_is(ThemeProvider().get_site_notification(), note)
+
     @patch('allura.model.notification.SiteNotification')
     def test_get_site_notification_without_role(self, SiteNotification):
         note = SiteNotification.current.return_value


Mime
View raw message