incubator-esme-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From esjew...@apache.org
Subject svn commit: r895310 - in /incubator/esme/trunk/server/src: main/scala/org/apache/esme/api/API2.scala test/scala/org/apache/esme/api/API2Test.scala
Date Sat, 02 Jan 2010 23:23:10 GMT
Author: esjewett
Date: Sat Jan  2 23:23:08 2010
New Revision: 895310

URL: http://svn.apache.org/viewvc?rev=895310&view=rev
Log:
[ESME-138] Implement streaming for streaming API endpoints >> Fixes pool authorization
bug, with new unit test

Modified:
    incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/API2.scala
    incubator/esme/trunk/server/src/test/scala/org/apache/esme/api/API2Test.scala

Modified: incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/API2.scala
URL: http://svn.apache.org/viewvc/incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/API2.scala?rev=895310&r1=895309&r2=895310&view=diff
==============================================================================
--- incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/API2.scala (original)
+++ incubator/esme/trunk/server/src/main/scala/org/apache/esme/api/API2.scala Sat Jan  2 23:23:08
2010
@@ -80,6 +80,11 @@
       if !User.checkRole("integration-admin") => unAuthorized
     case Req("api2" :: "users" :: _ :: tokens :: Nil, _, PostRequest)
       if !User.checkRole("integration-admin") => unAuthorized
+    case Req("api2" :: "pools" :: poolId :: _, _, GetRequest)
+      if !Privilege.hasPermission(
+        User.currentUserId.openOr("0").toLong,
+        poolId.toLong,
+        Permission.Read) => unAuthorized
   }
 
   def dispatch: LiftRules.DispatchPF = {

Modified: incubator/esme/trunk/server/src/test/scala/org/apache/esme/api/API2Test.scala
URL: http://svn.apache.org/viewvc/incubator/esme/trunk/server/src/test/scala/org/apache/esme/api/API2Test.scala?rev=895310&r1=895309&r2=895310&view=diff
==============================================================================
--- incubator/esme/trunk/server/src/test/scala/org/apache/esme/api/API2Test.scala (original)
+++ incubator/esme/trunk/server/src/test/scala/org/apache/esme/api/API2Test.scala Sat Jan
 2 23:23:08 2010
@@ -668,7 +668,7 @@
           (mess_res.xml \ "messages") must \\(<id>{theUser.id.toString}</id>)
           (mess_res.xml \ "messages") must \\(<body>test message for pool delta</body>)
         }
-      }
+      }  
 
       "with no session returns 403 (forbidden)" in {
         for (session_res <- get("pools/1/messages")) {
@@ -723,6 +723,28 @@
         } {                               
           res.code must be equalTo 200
         }
+      }    
+
+      "with valid session and new messages but no pool authorization returns 403 (forbidden)"
in {
+		val new_user = find_or_create_user("tester6")
+		val new_toke = AuthToken.create.user(new_user).saveMe
+		val new_token = new_toke.uniqueId.is        
+		
+		for{
+	      sess <- post_session
+	      sessNoAuth <- post("session", "token" -> new_token)  
+     	  pool_res <- sess.post("pools", "poolName" -> "test_pool6") 
+          init <- sessNoAuth.get("pools/6/messages")
+          timeout <- sleep(2000)
+		  mess_res1 <- sess.post("user/messages",
+            "message" -> "test message for pool delta",
+            "pool" -> "test_pool6") 
+          timeout <- sleep(2000)
+          mess_res <- sessNoAuth.get("pools/6/messages")
+        } {                                       
+          mess_res.code must be equalTo 403
+          init.code must be equalTo 403
+        }
       }
 
       "with no session returns 403 (forbidden)" in {



Mime
View raw message