allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hei...@apache.org
Subject [33/50] [abbrv] allura git commit: [#7633] ticket:768 Add has_access API for user profile
Date Fri, 05 Jun 2015 18:41:48 GMT
[#7633] ticket:768 Add has_access API for user profile


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/7a0878d3
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/7a0878d3
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/7a0878d3

Branch: refs/heads/hs/7873
Commit: 7a0878d300f0b48908726757d20c1d4f7a001488
Parents: f46f13c
Author: Igor Bondarenko <jetmind2@gmail.com>
Authored: Fri May 15 09:30:32 2015 +0000
Committer: Dave Brondsema <dave@brondsema.net>
Committed: Mon Jun 1 11:15:35 2015 -0400

----------------------------------------------------------------------
 Allura/allura/ext/user_profile/user_main.py     |  3 +-
 .../tests/functional/test_user_profile.py       | 48 ++++++++++++++++++++
 2 files changed, 50 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/7a0878d3/Allura/allura/ext/user_profile/user_main.py
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/user_profile/user_main.py b/Allura/allura/ext/user_profile/user_main.py
index 2f71deb..f676bed 100644
--- a/Allura/allura/ext/user_profile/user_main.py
+++ b/Allura/allura/ext/user_profile/user_main.py
@@ -39,6 +39,7 @@ from allura.lib.plugin import AuthenticationProvider
 from allura.model import User, ACE, ProjectRole
 from allura.controllers import BaseController
 from allura.controllers.feed import FeedArgs, FeedController
+from allura.controllers.rest import AppRestControllerMixin
 from allura.lib.decorators import require_post
 from allura.lib.widgets.user_profile import SendMessageForm
 
@@ -211,7 +212,7 @@ class UserProfileController(BaseController, FeedController):
         return redirect(c.project.user_project_of.url())
 
 
-class UserProfileRestController(object):
+class UserProfileRestController(AppRestControllerMixin):
     @expose('json:')
     def index(self, **kw):
         user = c.project.user_project_of

http://git-wip-us.apache.org/repos/asf/allura/blob/7a0878d3/Allura/allura/tests/functional/test_user_profile.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_user_profile.py b/Allura/allura/tests/functional/test_user_profile.py
index c539baf..ffdde56 100644
--- a/Allura/allura/tests/functional/test_user_profile.py
+++ b/Allura/allura/tests/functional/test_user_profile.py
@@ -19,6 +19,7 @@ import mock
 import tg
 from nose.tools import assert_equal, assert_in, assert_not_in
 
+from alluratest.controller import TestRestApiBase
 from allura.model import Project, User
 from allura.tests import decorators as td
 from allura.tests import TestController
@@ -174,3 +175,50 @@ class TestUserProfile(TestController):
         assert_in('Section c', r.body)
         assert_in('Section d', r.body)
         assert_not_in('Section f', r.body)
+
+
+class TestUserProfileHasAccessAPI(TestRestApiBase):
+
+    @td.with_user_project('test-admin')
+    def test_has_access_no_params(self):
+        r = self.api_get('/rest/u/test-admin/profile/has_access', status=404)
+        r = self.api_get('/rest/u/test-admin/profile/has_access?user=root', status=404)
+        r = self.api_get('/rest/u/test-admin/profile/has_access?perm=read', status=404)
+
+    @td.with_user_project('test-admin')
+    def test_has_access_unknown_params(self):
+        """Unknown user and/or permission always False for has_access API"""
+        r = self.api_get(
+            '/rest/u/test-admin/profile/has_access?user=babadook&perm=read',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+        r = self.api_get(
+            '/rest/u/test-admin/profile/has_access?user=test-user&perm=jump',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)
+
+    @td.with_user_project('test-admin')
+    def test_has_access_not_admin(self):
+        """
+        User which has no 'admin' permission on neighborhood can't use
+        has_access API
+        """
+        self.api_get(
+            '/rest/u/test-admin/profile/has_access?user=test-admin&perm=admin',
+            user='test-user',
+            status=403)
+
+    @td.with_user_project('test-admin')
+    def test_has_access(self):
+        r = self.api_get(
+            '/rest/u/test-admin/profile/has_access?user=test-admin&perm=admin',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], True)
+        r = self.api_get(
+            '/rest/u/test-admin/profile/has_access?user=test-user&perm=admin',
+            user='root')
+        assert_equal(r.status_int, 200)
+        assert_equal(r.json['result'], False)


Mime
View raw message