allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject [12/16] git commit: [#1687] ticket:589 Check if token allowed to import forum
Date Wed, 04 Jun 2014 20:52:11 GMT
[#1687] ticket:589 Check if token allowed to import forum


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/fd00be03
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/fd00be03
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/fd00be03

Branch: refs/heads/master
Commit: fd00be035d37c0b7e4218f1e33d7ddaccbc6baaf
Parents: 2392ea7
Author: Igor Bondarenko <jetmind2@gmail.com>
Authored: Wed May 28 13:47:51 2014 +0000
Committer: Dave Brondsema <dbrondsema@slashdotmedia.com>
Committed: Tue Jun 3 15:27:23 2014 +0000

----------------------------------------------------------------------
 Allura/allura/model/oauth.py                    |   8 ++
 .../forgediscussion/controllers/root.py         |   5 +-
 .../tests/functional/test_import.py             | 134 ++++++++-----------
 3 files changed, 65 insertions(+), 82 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/fd00be03/Allura/allura/model/oauth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/model/oauth.py b/Allura/allura/model/oauth.py
index 86dcb42..b09a8ec 100644
--- a/Allura/allura/model/oauth.py
+++ b/Allura/allura/model/oauth.py
@@ -21,6 +21,8 @@ import oauth2 as oauth
 from pylons import tmpl_context as c, app_globals as g
 
 import pymongo
+from paste.deploy.converters import aslist
+from tg import config
 from ming import schema as S
 from ming.orm import session
 from ming.orm import FieldProperty, RelationProperty, ForeignIdProperty
@@ -134,3 +136,9 @@ class OAuthAccessToken(OAuthToken):
         if user is None:
             user = c.user
         return cls.query.find(dict(user_id=user._id, type='access')).all()
+
+    def can_import_forum(self):
+        tokens = aslist(config.get('oauth.can_import_forum', ''), ',')
+        if self.api_key in tokens:
+            return True
+        return False

http://git-wip-us.apache.org/repos/asf/allura/blob/fd00be03/ForgeDiscussion/forgediscussion/controllers/root.py
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/controllers/root.py b/ForgeDiscussion/forgediscussion/controllers/root.py
index b315dca..9256662 100644
--- a/ForgeDiscussion/forgediscussion/controllers/root.py
+++ b/ForgeDiscussion/forgediscussion/controllers/root.py
@@ -349,9 +349,8 @@ class RootRestController(BaseController):
         require_access(c.project, 'admin')
         if username_mapping is None:
             username_mapping = '{}'
-        if c.api_token.get_capability('import') != [c.project.neighborhood.name, c.project.shortname]:
-            log.error('Import capability is not enabled for %s',
-                      c.project.shortname)
+        if not c.api_token.can_import_forum():
+            log.error('Import capability is not enabled for %s', c.project.shortname)
             raise exc.HTTPForbidden(detail='Import is not allowed')
         try:
             doc = json.loads(doc)

http://git-wip-us.apache.org/repos/asf/allura/blob/fd00be03/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/tests/functional/test_import.py b/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
index deeb349..73b0a8f 100644
--- a/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
+++ b/ForgeDiscussion/forgediscussion/tests/functional/test_import.py
@@ -21,9 +21,11 @@ from datetime import datetime, timedelta
 from nose.tools import assert_equal
 
 import ming
+from tg import config
 from pylons import tmpl_context as c
 
 from allura import model as M
+from allura.lib import helpers as h
 from alluratest.controller import TestRestApiBase
 
 
@@ -36,20 +38,15 @@ class TestImportController(TestRestApiBase):  # TestController):
         self.json_text = open(here_dir + '/data/sf.json').read()
 
     def test_no_capability(self):
-        self.set_api_ticket({'import2': ['Projects', 'test']})
-        resp = self.api_post('/rest/p/test/discussion/perform_import',
-                             doc=self.json_text)
-        assert resp.status_int == 403
+        with h.push_config(config, **{'oauth.can_import_forum': 'some,fake,tokens'}):
+            resp = self.api_post('/rest/p/test/discussion/perform_import',
+                                 doc=self.json_text)
+            assert resp.status_int == 403
 
-        self.set_api_ticket({'import': ['Projects', 'test2']})
-        resp = self.api_post('/rest/p/test/discussion/perform_import',
-                             doc=self.json_text)
-        assert resp.status_int == 403
-
-        self.set_api_ticket({'import': ['Projects', 'test']})
-        resp = self.api_post('/rest/p/test/discussion/perform_import',
-                             doc=self.json_text)
-        assert resp.status_int == 200
+        with h.push_config(config, **{'oauth.can_import_forum': self.token('test-admin').api_key}):
+            resp = self.api_post('/rest/p/test/discussion/perform_import',
+                                 doc=self.json_text)
+            assert resp.status_int == 200
 
     def test_validate_import(self):
         r = self.api_post('/rest/p/test/discussion/validate_import',
@@ -57,76 +54,55 @@ class TestImportController(TestRestApiBase):  # TestController):
         assert not r.json['errors']
 
     def test_import_anon(self):
-        api_ticket = M.ApiTicket(
-            user_id=c.user._id, capabilities={'import': ['Projects', 'test']},
-            expires=datetime.utcnow() + timedelta(days=1))
-        ming.orm.session(api_ticket).flush()
-        self.set_api_token(api_ticket)
-
-        r = self.api_post('/rest/p/test/discussion/perform_import',
-                          doc=self.json_text)
-        assert not r.json['errors'], r.json['errors']
-        r = self.app.get('/p/test/discussion/')
-        assert 'Open Discussion' in str(r)
-        assert 'Welcome to Open Discussion' in str(r)
-        for link in r.html.findAll('a'):
-            if 'Welcome to Open Discussion' in str(link):
-                break
-        r = self.app.get(link.get('href'))
-        assert '2009-11-19' in str(r)
-        assert 'Welcome to Open Discussion' in str(r)
-        assert 'Anonymous' in str(r)
+        with h.push_config(config, **{'oauth.can_import_forum': self.token('test-admin').api_key}):
+            r = self.api_post('/rest/p/test/discussion/perform_import',
+                              doc=self.json_text)
+            assert not r.json['errors'], r.json['errors']
+            r = self.app.get('/p/test/discussion/')
+            assert 'Open Discussion' in str(r)
+            assert 'Welcome to Open Discussion' in str(r)
+            for link in r.html.findAll('a'):
+                if 'Welcome to Open Discussion' in str(link):
+                    break
+            r = self.app.get(link.get('href'))
+            assert '2009-11-19' in str(r)
+            assert 'Welcome to Open Discussion' in str(r)
+            assert 'Anonymous' in str(r)
 
     def test_import_map(self):
-        api_ticket = M.ApiTicket(
-            user_id=c.user._id, capabilities={'import': ['Projects', 'test']},
-            expires=datetime.utcnow() + timedelta(days=1))
-        ming.orm.session(api_ticket).flush()
-        self.set_api_token(api_ticket)
-
-        r = self.api_post('/rest/p/test/discussion/perform_import',
-                          doc=self.json_text,
-                          username_mapping=json.dumps(dict(rick446='test-user')))
-        assert not r.json['errors'], r.json['errors']
-        r = self.app.get('/p/test/discussion/')
-        assert 'Open Discussion' in str(r)
-        assert 'Welcome to Open Discussion' in str(r)
-        for link in r.html.findAll('a'):
-            if 'Welcome to Open Discussion' in str(link):
-                break
-        r = self.app.get(link.get('href'))
-        assert '2009-11-19' in str(r)
-        assert 'Welcome to Open Discussion' in str(r)
-        assert 'Test User' in str(r)
-        assert 'Anonymous' not in str(r)
+        with h.push_config(config, **{'oauth.can_import_forum': self.token('test-admin').api_key}):
+            r = self.api_post('/rest/p/test/discussion/perform_import',
+                              doc=self.json_text,
+                              username_mapping=json.dumps(dict(rick446='test-user')))
+            assert not r.json['errors'], r.json['errors']
+            r = self.app.get('/p/test/discussion/')
+            assert 'Open Discussion' in str(r)
+            assert 'Welcome to Open Discussion' in str(r)
+            for link in r.html.findAll('a'):
+                if 'Welcome to Open Discussion' in str(link):
+                    break
+            r = self.app.get(link.get('href'))
+            assert '2009-11-19' in str(r)
+            assert 'Welcome to Open Discussion' in str(r)
+            assert 'Test User' in str(r)
+            assert 'Anonymous' not in str(r)
 
     def test_import_create(self):
-        api_ticket = M.ApiTicket(
-            user_id=c.user._id, capabilities={'import': ['Projects', 'test']},
-            expires=datetime.utcnow() + timedelta(days=1))
-        ming.orm.session(api_ticket).flush()
-        self.set_api_token(api_ticket)
-
-        r = self.api_post('/rest/p/test/discussion/perform_import',
-                          doc=self.json_text, create_users='True')
-        assert not r.json['errors'], r.json['errors']
-        r = self.app.get('/p/test/discussion/')
-        assert 'Open Discussion' in str(r)
-        assert 'Welcome to Open Discussion' in str(r)
-        for link in r.html.findAll('a'):
-            if 'Welcome to Open Discussion' in str(link):
-                break
-        r = self.app.get(link.get('href'))
-        assert '2009-11-19' in str(r)
-        assert 'Welcome to Open Discussion' in str(r)
-        assert 'Anonymous' not in str(r)
-        assert 'test-rick446' in str(r)
-
-    def set_api_ticket(self, caps={'import': ['Projects', 'test']}):
-        api_ticket = M.ApiTicket(user_id=c.user._id, capabilities=caps,
-                                 expires=datetime.utcnow() + timedelta(days=1))
-        ming.orm.session(api_ticket).flush()
-        self.set_api_token(api_ticket)
+        with h.push_config(config, **{'oauth.can_import_forum': self.token('test-admin').api_key}):
+            r = self.api_post('/rest/p/test/discussion/perform_import',
+                              doc=self.json_text, create_users='True')
+            assert not r.json['errors'], r.json['errors']
+            r = self.app.get('/p/test/discussion/')
+            assert 'Open Discussion' in str(r)
+            assert 'Welcome to Open Discussion' in str(r)
+            for link in r.html.findAll('a'):
+                if 'Welcome to Open Discussion' in str(link):
+                    break
+            r = self.app.get(link.get('href'))
+            assert '2009-11-19' in str(r)
+            assert 'Welcome to Open Discussion' in str(r)
+            assert 'Anonymous' not in str(r)
+            assert 'test-rick446' in str(r)
 
     @staticmethod
     def time_normalize(t):


Mime
View raw message