# HG changeset patch # User Marcin Kuzminski # Date 2013-05-11 23:19:06 # Node ID ad4a680113b74caf2481963d50b8a4bd899df228 # Parent 54bc7a89f09066f77de05af1f1285e95bd2d5552 Gist: implemented delete of gists by owner, or super admin diff --git a/rhodecode/controllers/admin/gists.py b/rhodecode/controllers/admin/gists.py --- a/rhodecode/controllers/admin/gists.py +++ b/rhodecode/controllers/admin/gists.py @@ -41,7 +41,7 @@ from rhodecode.lib.base import BaseContr from rhodecode.lib.auth import LoginRequired, NotAnonymous from rhodecode.lib.utils2 import safe_str, safe_int, time_to_datetime from rhodecode.lib.helpers import Page -from webob.exc import HTTPNotFound +from webob.exc import HTTPNotFound, HTTPForbidden from sqlalchemy.sql.expression import or_ from rhodecode.lib.vcs.exceptions import VCSError @@ -151,6 +151,16 @@ class GistsController(BaseController): # h.form(url('gist', id=ID), # method='delete') # url('gist', id=ID) + gist = GistModel().get_gist(id) + owner = gist.gist_owner == c.rhodecode_user.user_id + if h.HasPermissionAny('hg.admin')() or owner: + GistModel().delete(gist) + Session().commit() + h.flash(_('Deleted gist %s') % gist.gist_access_id, category='success') + else: + raise HTTPForbidden() + + return redirect(url('gists')) @LoginRequired() def show(self, id, format='html'): diff --git a/rhodecode/templates/admin/gists/show.html b/rhodecode/templates/admin/gists/show.html --- a/rhodecode/templates/admin/gists/show.html +++ b/rhodecode/templates/admin/gists/show.html @@ -48,9 +48,11 @@
${c.gist.gist_description}
## only owner should see that - %if c.gist.owner.username == c.rhodecode_user.username: + %if h.HasPermissionAny('hg.admin')() or c.gist.gist_owner == c.rhodecode_user.user_id: ##${h.link_to(_('Edit'),h.url(''),class_="ui-btn")} - ##${h.link_to(_('Delete'),h.url(''),class_="ui-btn red")} + ${h.form(url('gist', id=c.gist.gist_id),method='delete')} + ${h.submit('remove_gist', _('Delete'),class_="ui-btn red",onclick="return confirm('"+_('Confirm to delete this gist')+"');")} + ${h.end_form()} %endif
diff --git a/rhodecode/tests/functional/test_admin_gists.py b/rhodecode/tests/functional/test_admin_gists.py --- a/rhodecode/tests/functional/test_admin_gists.py +++ b/rhodecode/tests/functional/test_admin_gists.py @@ -5,11 +5,12 @@ from rhodecode.model.db import User, Gis def _create_gist(f_name, content='some gist', lifetime=-1, - description='gist-desc', gist_type='public'): + description='gist-desc', gist_type='public', + owner=TEST_USER_ADMIN_LOGIN): gist_mapping = { f_name: {'content': content} } - user = User.get_by_username(TEST_USER_ADMIN_LOGIN) + user = User.get_by_username(owner) gist = GistModel().create(description, owner=user, gist_mapping=gist_mapping, gist_type=gist_type, lifetime=lifetime) @@ -109,8 +110,21 @@ class TestGistsController(TestController response = self.app.put(url('gist', id=1)) def test_delete(self): - self.skipTest('not implemented') - response = self.app.delete(url('gist', id=1)) + self.log_user() + gist = _create_gist('delete-me') + response = self.app.delete(url('gist', id=gist.gist_id)) + self.checkSessionFlash(response, 'Deleted gist %s' % gist.gist_id) + + def test_delete_normal_user_his_gist(self): + self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS) + gist = _create_gist('delete-me', owner=TEST_USER_REGULAR_LOGIN) + response = self.app.delete(url('gist', id=gist.gist_id)) + self.checkSessionFlash(response, 'Deleted gist %s' % gist.gist_id) + + def test_delete_normal_user_not_his_own_gist(self): + self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS) + gist = _create_gist('delete-me') + response = self.app.delete(url('gist', id=gist.gist_id), status=403) def test_show(self): gist = _create_gist('gist-show-me')