allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jetm...@apache.org
Subject git commit: [#7560] ticket:630 Avoid anonymous permissions for private tickets
Date Mon, 18 Aug 2014 11:42:23 GMT
Repository: allura
Updated Branches:
  refs/heads/je/42cc_7560 [created] 40f323652


[#7560] ticket:630 Avoid anonymous permissions for private tickets


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/40f32365
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/40f32365
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/40f32365

Branch: refs/heads/je/42cc_7560
Commit: 40f3236523c81af5e806081589253d5ef4a6de8b
Parents: a16197b
Author: discort <lexad-al@bk.ru>
Authored: Sun Aug 17 13:05:29 2014 +0300
Committer: Igor Bondarenko <jetmind2@gmail.com>
Committed: Mon Aug 18 14:36:55 2014 +0300

----------------------------------------------------------------------
 Allura/allura/lib/validators.py                  | 11 +++++++++++
 Allura/allura/tests/test_validators.py           | 16 ++++++++++++++++
 ForgeTracker/forgetracker/model/ticket.py        |  8 +++++---
 ForgeTracker/forgetracker/widgets/ticket_form.py |  6 ++++--
 4 files changed, 36 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/40f32365/Allura/allura/lib/validators.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/validators.py b/Allura/allura/lib/validators.py
index 5f8256f..344af39 100644
--- a/Allura/allura/lib/validators.py
+++ b/Allura/allura/lib/validators.py
@@ -189,6 +189,17 @@ class UserValidator(fev.FancyValidator):
         return user
 
 
+class AnonymousValidator(fev.FancyValidator):
+
+    def _to_python(self, value, state):
+        from allura.model import User
+        if value:
+            if c.user == User.anonymous():
+                raise fe.Invalid('Log in to Mark as Private', value, state)
+            else:
+                return value
+
+
 class PathValidator(fev.FancyValidator):
 
     def _to_python(self, value, state):

http://git-wip-us.apache.org/repos/asf/allura/blob/40f32365/Allura/allura/tests/test_validators.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_validators.py b/Allura/allura/tests/test_validators.py
index e0b4f2c..f50b8f7 100644
--- a/Allura/allura/tests/test_validators.py
+++ b/Allura/allura/tests/test_validators.py
@@ -97,6 +97,22 @@ class TestUserValidator(unittest.TestCase):
         self.assertEqual(str(cm.exception), "Invalid username")
 
 
+class TestAnonymousValidator(unittest.TestCase):
+    val = v.AnonymousValidator
+
+    @patch('allura.lib.validators.c')
+    def test_valid(self, c):
+        c.user = M.User.by_username('root')
+        self.assertEqual(True, self.val.to_python(True))
+
+    @patch('allura.lib.validators.c')
+    def test_invalid(self, c):
+        c.user = M.User.anonymous()
+        with self.assertRaises(fe.Invalid) as cm:
+            self.val.to_python(True)
+        self.assertEqual(str(cm.exception), "Log in to Mark as Private")
+
+
 class TestMountPointValidator(unittest.TestCase):
 
     @patch('allura.lib.validators.c')

http://git-wip-us.apache.org/repos/asf/allura/blob/40f32365/ForgeTracker/forgetracker/model/ticket.py
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/model/ticket.py b/ForgeTracker/forgetracker/model/ticket.py
index 7ca6176..e4e06da 100644
--- a/ForgeTracker/forgetracker/model/ticket.py
+++ b/ForgeTracker/forgetracker/model/ticket.py
@@ -811,9 +811,11 @@ class Ticket(VersionedArtifact, ActivityObject, VotableArtifact):
                 ACE.allow(role._id, perm) for perm in perms]
             # maintain existing access for developers and the ticket creator,
             # but revoke all access for everyone else
-            self.acl = _allow_all(role_developer, security.all_allowed(self, role_developer))
\
-                + _allow_all(role_creator, security.all_allowed(self, role_creator)) \
-                + [DENY_ALL]
+            acl = _allow_all(role_developer, security.all_allowed(self, role_developer))
+            if role_creator != ProjectRole.anonymous():
+                acl += _allow_all(role_creator, security.all_allowed(self, role_creator))
+            acl += [DENY_ALL]
+            self.acl = acl
         else:
             self.acl = []
     private = property(_get_private, _set_private)

http://git-wip-us.apache.org/repos/asf/allura/blob/40f32365/ForgeTracker/forgetracker/widgets/ticket_form.py
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/widgets/ticket_form.py b/ForgeTracker/forgetracker/widgets/ticket_form.py
index 677dd2a..4248b38 100644
--- a/ForgeTracker/forgetracker/widgets/ticket_form.py
+++ b/ForgeTracker/forgetracker/widgets/ticket_form.py
@@ -17,6 +17,7 @@
 
 from pylons import tmpl_context as c
 from formencode import validators as fev
+from webhelpers.html.builder import literal
 
 import ew as ew_core
 import ew.jinja2_ew as ew
@@ -24,6 +25,7 @@ import ew.jinja2_ew as ew
 from allura import model as M
 from allura.lib.widgets import form_fields as ffw
 from allura.lib import helpers as h
+from allura.lib import validators as v
 
 
 class TicketCustomFields(ew.CompoundField):
@@ -76,8 +78,7 @@ class GenericTicketForm(ew.SimpleForm):
 
         display = field.display(**ctx)
         if ctx['errors'] and field.show_errors and not ignore_errors:
-            display = "%s<div class='error'>%s</div>" % (display,
-                                                         ctx['errors'])
+            display += literal("<div class='error'>{0}</div>".format(ctx['errors']))
         return display
 
     def _add_current_value_to_user_field(self, field, user):
@@ -114,6 +115,7 @@ class GenericTicketForm(ew.SimpleForm):
             ffw.LabelEdit(label='Labels', name='labels',
                           className='ticket_form_tags'),
             ew.Checkbox(name='private', label='Mark as Private',
+                        validator=v.AnonymousValidator(),
                         attrs={'class': 'unlabeled'}),
             ew.InputField(name='attachment', label='Attachment', field_type='file', attrs={
                           'multiple': 'True'}, validator=fev.FieldStorageUploadConverter(if_missing=None)),


Mime
View raw message