incubator-allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john...@apache.org
Subject [10/50] git commit: [#4831] ticket:339 record tool's permission changes in the project audit log
Date Tue, 28 May 2013 16:01:02 GMT
[#4831] ticket:339 record tool's permission changes in the project audit log


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/99a2fe00
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/99a2fe00
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/99a2fe00

Branch: refs/heads/cj/5913
Commit: 99a2fe009acf020dc9f64ba1a956983d97b8d21d
Parents: b5bca03
Author: Yuriy Arhipov <yuriyarhipovua@yandex.ru>
Authored: Fri May 17 10:31:27 2013 +0400
Committer: Tim Van Steenburgh <tvansteenburgh@gmail.com>
Committed: Thu May 23 14:29:11 2013 +0000

----------------------------------------------------------------------
 Allura/allura/app.py                         |   14 ++++++++++++++
 Allura/allura/ext/admin/admin_main.py        |    4 ++--
 Allura/allura/tests/functional/test_admin.py |   20 ++++++++++++++++++++
 3 files changed, 36 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/99a2fe00/Allura/allura/app.py
----------------------------------------------------------------------
diff --git a/Allura/allura/app.py b/Allura/allura/app.py
index 124f084..466f355 100644
--- a/Allura/allura/app.py
+++ b/Allura/allura/app.py
@@ -506,15 +506,29 @@ class DefaultAdminController(BaseController):
     @h.vardec
     @require_post()
     def update(self, card=None, **kw):
+        old_acl = self.app.config.acl
         self.app.config.acl = []
         for args in card:
             perm = args['id']
             new_group_ids = args.get('new', [])
+            del_group_ids = []
             group_ids = args.get('value', [])
             if isinstance(new_group_ids, basestring):
                 new_group_ids = [ new_group_ids ]
             if isinstance(group_ids, basestring):
                 group_ids = [ group_ids ]
+
+            for acl in old_acl:
+                if (acl['permission']==perm) and (str(acl['role_id']) not in group_ids):
+                    del_group_ids.append(str(acl['role_id']))
+
+            if new_group_ids or del_group_ids:
+                model.AuditLog.log('updated "%s" permissions: "%s" => "%s" for %s' % (
+                    perm,
+                    ', '.join(map(lambda id: model.ProjectRole.query.get(_id=ObjectId(id)).name,
group_ids+del_group_ids)),
+                    ', '.join(map(lambda id: model.ProjectRole.query.get(_id=ObjectId(id)).name,
group_ids+new_group_ids)),
+                    self.app.config.options['mount_point']))
+
             role_ids = map(ObjectId, group_ids + new_group_ids)
             self.app.config.acl += [
                 model.ACE.allow(r, perm) for r in role_ids]

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/99a2fe00/Allura/allura/ext/admin/admin_main.py
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/admin_main.py b/Allura/allura/ext/admin/admin_main.py
index 433fade..6f6dcea 100644
--- a/Allura/allura/ext/admin/admin_main.py
+++ b/Allura/allura/ext/admin/admin_main.py
@@ -706,13 +706,13 @@ class GroupsController(BaseController):
     @h.vardec
     def change_perm(self, role_id, permission, allow="true", **kw):
         if allow=="true":
-            M.AuditLog.log('granted permission %s to group with id %s', permission, role_id)
+            M.AuditLog.log('granted permission %s to group %s', permission, M.ProjectRole.query.get(_id=ObjectId(role_id)).name)
             c.project.acl.append(M.ACE.allow(ObjectId(role_id), permission))
         else:
             admin_group_id = str(M.ProjectRole.by_name('Admin')._id)
             if admin_group_id == role_id and permission == 'admin':
                 return dict(error='You cannot remove the admin permission from the admin
group.')
-            M.AuditLog.log('revoked permission %s from group with id %s', permission, role_id)
+            M.AuditLog.log('revoked permission %s from group %s', permission, M.ProjectRole.query.get(_id=ObjectId(role_id)).name)
             c.project.acl.remove(M.ACE.allow(ObjectId(role_id), permission))
         g.post_event('project_updated')
         return self._map_group_permissions()

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/99a2fe00/Allura/allura/tests/functional/test_admin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_admin.py b/Allura/allura/tests/functional/test_admin.py
index e23d49c..a2bcceb 100644
--- a/Allura/allura/tests/functional/test_admin.py
+++ b/Allura/allura/tests/functional/test_admin.py
@@ -385,6 +385,26 @@ class TestProjectAdmin(TestController):
         assert_equals(p.labels, ['asdf'])
         assert form['labels'].value == 'asdf'
 
+    @td.with_wiki
+    def test_log_permission(self):
+        r = self.app.get('/admin/wiki/permissions')
+        select = r.html.find('select', {'name': 'card-0.new'})
+        opt_admin = select.find(text='Admin').parent
+        opt_developer = select.find(text='Developer').parent
+        assert opt_admin.name == 'option'
+        assert opt_developer.name == 'option'
+
+        with audits('updated "admin" permissions: "Admin" => "Admin, Developer" for wiki'):
+            self.app.post('/admin/wiki/update', params={
+                        'card-0.new': opt_developer['value'],
+                        'card-0.value': opt_admin['value'],
+                        'card-0.id': 'admin'})
+
+        with audits('updated "admin" permissions: "Admin, Developer" => "Admin" for wiki'):
+            self.app.post('/admin/wiki/update', params={
+                        'card-0.value': opt_admin['value'],
+                        'card-0.id': 'admin'})
+
     def test_project_permissions(self):
         r = self.app.get('/admin/permissions/')
         assert len(r.html.findAll('input', {'name': 'card-0.value'})) == 1


Mime
View raw message