allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jetm...@apache.org
Subject [01/10] allura git commit: [#7633] ticket:768 Add has_access API for neighborhood
Date Fri, 15 May 2015 10:29:45 GMT
Repository: allura
Updated Branches:
  refs/heads/ib/7633 [created] b9443313f


[#7633] ticket:768 Add has_access API for neighborhood


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/5031ba6b
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/5031ba6b
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/5031ba6b

Branch: refs/heads/ib/7633
Commit: 5031ba6babc22b1b310cc48ff05e7c154f1853bf
Parents: 31189d4
Author: Igor Bondarenko <jetmind2@gmail.com>
Authored: Thu May 14 14:37:24 2015 +0000
Committer: Igor Bondarenko <jetmind2@gmail.com>
Committed: Thu May 14 14:37:24 2015 +0000

----------------------------------------------------------------------
 Allura/allura/controllers/rest.py           | 10 ++++++
 Allura/allura/tests/functional/test_rest.py | 40 ++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/5031ba6b/Allura/allura/controllers/rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py
index 8eafa30..788b280 100644
--- a/Allura/allura/controllers/rest.py
+++ b/Allura/allura/controllers/rest.py
@@ -256,6 +256,16 @@ class NeighborhoodRestController(object):
     def __init__(self, neighborhood):
         self._neighborhood = neighborhood
 
+    @expose('json:')
+    def has_access(self, user, perm):
+        security.require_access(self._neighborhood, 'admin')
+        resp = {'result': False}
+        user = M.User.by_username(user)
+        if user:
+            resp['result'] = security.has_access(
+                self._neighborhood, perm, user=user)()
+        return resp
+
     @expose()
     def _lookup(self, name, *remainder):
         provider = plugin.ProjectRegistrationProvider.get()

http://git-wip-us.apache.org/repos/asf/allura/blob/5031ba6b/Allura/allura/tests/functional/test_rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_rest.py b/Allura/allura/tests/functional/test_rest.py
index 43a92d1..3124065 100644
--- a/Allura/allura/tests/functional/test_rest.py
+++ b/Allura/allura/tests/functional/test_rest.py
@@ -208,6 +208,46 @@ class TestRestHome(TestRestApiBase):
         assert_in('bugs', tool_mounts)
         assert_not_in('private-bugs', tool_mounts)
 
+    def test_neighborhood_has_access_no_params(self):
+        r = self.api_get('/rest/p/has_access', status=404)
+        r = self.api_get('/rest/p/has_access?user=test-admin', status=404)
+        r = self.api_get('/rest/p/has_access?perm=read', status=404)
+
+    def test_neighborhood_has_access_unknown_params(self):
+        """Unknown user and/or permission always False for has_access API"""
+        r = self.api_get(
+            '/rest/p/has_access?user=babadook&perm=read',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+        r = self.api_get(
+            '/rest/p/has_access?user=test-admin&perm=jump',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+
+    def test_neighborhood_has_access_not_admin(self):
+        """
+        User which has no 'admin' permission on neighborhood can't use
+        has_access API
+        """
+        self.api_get(
+            '/rest/p/has_access?user=test-admin&perm=admin',
+            user='test-user',
+            status=403)
+
+    def test_neighborhood_has_access(self):
+        r = self.api_get(
+            '/rest/p/has_access?user=root&perm=update',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], True)
+        r = self.api_get(
+            '/rest/p/has_access?user=test-user&perm=update',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+
     def test_unicode(self):
         self.app.post(
             '/wiki/t├ęst/update',


Mime
View raw message