incubator-allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john...@apache.org
Subject [01/50] git commit: [#6392] ticket:432 Fix bug with saving permissions when there are blocked users
Date Thu, 03 Oct 2013 17:14:06 GMT
Updated Branches:
  refs/heads/cj/6422 05ff83e59 -> 21a2113b9 (forced update)


[#6392] ticket:432 Fix bug with saving permissions when there are blocked users


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/52b70435
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/52b70435
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/52b70435

Branch: refs/heads/cj/6422
Commit: 52b70435c67873c3cecd94b95dbdcf4003898131
Parents: 19327f4
Author: Igor Bondarenko <jetmind2@gmail.com>
Authored: Fri Sep 13 13:29:48 2013 +0300
Committer: Tim Van Steenburgh <tvansteenburgh@gmail.com>
Committed: Tue Sep 24 17:36:24 2013 +0000

----------------------------------------------------------------------
 Allura/allura/app.py                         | 29 ++++++++++++++++++++---
 Allura/allura/tests/functional/test_admin.py | 22 +++++++++++++++++
 2 files changed, 48 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/52b70435/Allura/allura/app.py
----------------------------------------------------------------------
diff --git a/Allura/allura/app.py b/Allura/allura/app.py
index a9a8816..74d9c4d 100644
--- a/Allura/allura/app.py
+++ b/Allura/allura/app.py
@@ -730,18 +730,41 @@ class DefaultAdminController(BaseController):
             if isinstance(group_ids, basestring):
                 group_ids = [ group_ids ]
 
+            # ACE.deny() entries for blocked users will end up in del_group_ids after the
following
             for acl in old_acl:
                 if (acl['permission']==perm) and (str(acl['role_id']) not in group_ids):
                     del_group_ids.append(str(acl['role_id']))
 
-            if new_group_ids or del_group_ids:
+            get_role = lambda _id: model.ProjectRole.query.get(_id=ObjectId(_id))
+            groups = map(get_role, group_ids)
+            new_groups = map(get_role, new_group_ids)
+            del_groups = map(get_role, del_group_ids)
+
+            def split_group_user_roles(roles):
+                group_roles = []
+                user_roles = []
+                for role in roles:
+                    if role.user_id and not role.name:
+                        user_roles.append(role)
+                    else:
+                        group_roles.append(role)
+                return group_roles, user_roles
+
+            del_groups, user_roles = split_group_user_roles(del_groups)
+
+            if new_groups or del_groups:
                 model.AuditLog.log('updated "%s" permission: "%s" => "%s" for %s' % (
                     perm,
-                    ', '.join(map(lambda id: model.ProjectRole.query.get(_id=ObjectId(id)).name,
group_ids+del_group_ids)),
-                    ', '.join(map(lambda id: model.ProjectRole.query.get(_id=ObjectId(id)).name,
group_ids+new_group_ids)),
+                    ', '.join(map(lambda role: role.name, groups+del_groups)),
+                    ', '.join(map(lambda role: role.name, groups+new_groups)),
                     self.app.config.options['mount_point']))
 
             role_ids = map(ObjectId, group_ids + new_group_ids)
             self.app.config.acl += [
                 model.ACE.allow(r, perm) for r in role_ids]
+
+            # Add all ACEs for user roles back
+            user_roles_ids = map(lambda role: role._id, user_roles)
+            user_aces = filter(lambda ace: ace.permission == perm and ace.role_id in user_roles_ids,
old_acl)
+            self.app.config.acl += user_aces
         redirect(request.referer)

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/52b70435/Allura/allura/tests/functional/test_admin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_admin.py b/Allura/allura/tests/functional/test_admin.py
index a0378e1..b5a3569 100644
--- a/Allura/allura/tests/functional/test_admin.py
+++ b/Allura/allura/tests/functional/test_admin.py
@@ -229,6 +229,28 @@ class TestProjectAdmin(TestController):
         r = self.app.get('/admin/wiki/permissions')
         assert '<a href="#" class="block-list">' not in r
 
+    @td.with_wiki
+    def test_blocked_users_remains_after_saving_all_permissions(self):
+        self.app.post('/admin/wiki/block_user', params={'username': 'test-user', 'perm':
'read', 'reason': 'Comment'})
+        self.app.post('/admin/wiki/block_user', params={'username': 'test-user', 'perm':
'post', 'reason': 'Comment'})
+        user = M.User.by_username('test-user')
+        user_role = user.project_role()
+        app = M.Project.query.get(shortname='test').app_instance('wiki')
+        assert M.ACL.contains(M.ACE.deny(user_role._id, 'read'), app.acl)
+        assert M.ACL.contains(M.ACE.deny(user_role._id, 'post'), app.acl)
+        old_acl = app.acl
+
+        permissions_page = self.app.get('/admin/wiki/permissions')
+        permissions_page.forms[0].submit()
+
+        # deny ACEs for user still should be there
+        app = M.Project.query.get(shortname='test').app_instance('wiki')
+        assert M.ACL.contains(M.ACE.deny(user_role._id, 'read'), app.acl)
+        assert M.ACL.contains(M.ACE.deny(user_role._id, 'post'), app.acl)
+        # ...and all old ACEs also
+        for ace in old_acl:
+            assert_in(ace, app.acl)
+
     def test_tool_permissions(self):
         BUILTIN_APPS = ['activity', 'blog', 'discussion', 'git', 'link',
                 'shorturl', 'svn', 'tickets', 'userstats', 'wiki']


Mime
View raw message