allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john...@apache.org
Subject [07/11] git commit: [#5650] ticket:323 Test for permission checking
Date Wed, 26 Jun 2013 22:57:02 GMT
[#5650] ticket:323 Test for permission checking


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/fda008fd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/fda008fd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/fda008fd

Branch: refs/heads/master
Commit: fda008fd88d81f7eb17590803119be61ec1532be
Parents: ed29d9d
Author: Igor Bondarenko <jetmind2@gmail.com>
Authored: Fri May 3 13:53:41 2013 +0000
Committer: Cory Johns <cjohns@slashdotmedia.com>
Committed: Wed Jun 26 22:56:12 2013 +0000

----------------------------------------------------------------------
 .../tests/functional/test_rest.py               | 24 ++++++++++++++++++++
 1 file changed, 24 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/fda008fd/ForgeDiscussion/forgediscussion/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/tests/functional/test_rest.py b/ForgeDiscussion/forgediscussion/tests/functional/test_rest.py
index d335d6b..5909822 100644
--- a/ForgeDiscussion/forgediscussion/tests/functional/test_rest.py
+++ b/ForgeDiscussion/forgediscussion/tests/functional/test_rest.py
@@ -3,6 +3,7 @@ from nose.tools import assert_equal
 
 from allura.lib import helpers as h
 from allura.tests import decorators as td
+from allura import model as M
 from alluratest.controller import TestRestApiBase
 from forgediscussion.model import ForumThread
 
@@ -113,3 +114,26 @@ class TestRootRestController(TestDiscussionApiBase):
         assert_equal(resp.json['count'], 2)
         assert_equal(resp.json['page'], 1)
         assert_equal(resp.json['limit'], 1)
+
+    def test_security(self):
+        p = M.Project.query.get(shortname='test')
+        acl = p.app_instance('discussion').config.acl
+        anon = M.ProjectRole.by_name('*anonymous')._id
+        auth = M.ProjectRole.by_name('*authenticated')._id
+        anon_read = M.ACE.allow(anon, 'read')
+        auth_read = M.ACE.allow(auth, 'read')
+        acl.remove(anon_read)
+        acl.append(auth_read)
+        self.api_get('/rest/p/test/discussion/')
+        self.app.get('/rest/p/test/discussion/',
+                     extra_environ={'username': '*anonymous'},
+                     status=401)
+        self.api_get('/rest/p/test/discussion/general/')
+        self.app.get('/rest/p/test/discussion/general/',
+                     extra_environ={'username': '*anonymous'},
+                     status=401)
+        t = ForumThread.query.find({'subject': 'Hi guys'}).first()
+        self.api_get('/rest/p/test/discussion/general/thread/%s/' % t._id)
+        self.app.get('/rest/p/test/discussion/general/thread/%s/' % t._id,
+                     extra_environ={'username': '*anonymous'},
+                     status=401)


Mime
View raw message