allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kentontay...@apache.org
Subject [2/2] allura git commit: fixup! [#4841] Prevents anonymous users from editing other anon comments, including their own.
Date Wed, 21 Feb 2018 16:57:28 GMT
fixup! [#4841] Prevents anonymous users from editing other anon comments, including their own.


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/8b2b4f07
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/8b2b4f07
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/8b2b4f07

Branch: refs/heads/kt/4841
Commit: 8b2b4f07c24156a5174ac812ad70c9e73402d5cd
Parents: 8e445ce
Author: Kenton Taylor <ktaylor@slashdotmedia.com>
Authored: Wed Feb 21 11:50:22 2018 -0500
Committer: Kenton Taylor <ktaylor@slashdotmedia.com>
Committed: Wed Feb 21 11:50:22 2018 -0500

----------------------------------------------------------------------
 Allura/allura/model/discuss.py                       |  2 +-
 .../033-change-comment-anon-permissions.py           | 15 +++------------
 2 files changed, 4 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/8b2b4f07/Allura/allura/model/discuss.py
----------------------------------------------------------------------
diff --git a/Allura/allura/model/discuss.py b/Allura/allura/model/discuss.py
index 32cf68e..4e3d51b 100644
--- a/Allura/allura/model/discuss.py
+++ b/Allura/allura/model/discuss.py
@@ -726,7 +726,7 @@ class Post(Message, VersionedArtifact, ActivityObject):
         author = self.author()
         author_role = ProjectRole.by_user(
             author, project=self.project, upsert=True)
-        if not author.is_anonymous():
+        if True or not author.is_anonymous():
             security.simple_grant(
                 self.acl, author_role._id, 'moderate')
         self.commit()

http://git-wip-us.apache.org/repos/asf/allura/blob/8b2b4f07/scripts/migrations/033-change-comment-anon-permissions.py
----------------------------------------------------------------------
diff --git a/scripts/migrations/033-change-comment-anon-permissions.py b/scripts/migrations/033-change-comment-anon-permissions.py
index 9ef14ce..b5a710c 100644
--- a/scripts/migrations/033-change-comment-anon-permissions.py
+++ b/scripts/migrations/033-change-comment-anon-permissions.py
@@ -25,18 +25,9 @@ from allura.lib import utils, security
 from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter, ArgumentTypeError
 
 
-
-
 log = logging.getLogger(__name__)
 
 
-def add(acl, role):
-    if role not in acl:
-        acl.append(role)
-
-# migration script for change write permission to create + update
-
-
 def arguments():
     parser = ArgumentParser(description="Args for changing anon comment permissions",
                             formatter_class=ArgumentDefaultsHelpFormatter, )
@@ -53,11 +44,10 @@ def main():
     c.project = None # to avoid error in Artifact.__mongometa__.before_save
     project = M.Project.query.get(shortname=args.shortname)
     tool = project.app_config_by_tool_type(args.toolname)
-    
+
     for chunk in utils.chunked_find(ForumPost, {'app_config_id':tool._id}):
         for p in chunk:
             has_access = bool(security.has_access(p, 'moderate', M.User.anonymous()))
-            print "{} has access? {}".format(p.text, has_access)
 
             if has_access:
                 anon_role_id = None
@@ -67,9 +57,10 @@ def main():
                         anon_role_id = acl.role_id
 
                 if anon_role_id:
+                    print "revoking anon moderate privelege for '{}'".format(p._id)
                     security.simple_revoke(p.acl, anon_role_id, 'moderate')
                     session(p).flush(p)
-                
+
 
 if __name__ == '__main__':
     main()


Mime
View raw message