kallithea Changeset - 162bf5c978f8

Changeset - 162bf5c978f8

Parent rev.

Child rev.

[Not reviewed]

beta

0 3 0

Marcin Kuzminski - 14 years ago 2012-03-29 21:21:29
marcin@python-works.com

fixed missing permissions check on forks page

3 files changed with 63 insertions and 9 deletions:

docs/changelog.rst

rhodecode/controllers/forks.py

rhodecode/tests/functional/test_forks.py

0 comments (0 inline, 0 general)

docs/changelog.rst

➞

Show inline comments

@@ @@ -19,6 +19,7 @@ fixes @@
 +++++
 - fixed dev-version marker for stable when served from source codes
 - fixed missing permission checks on show forks page
 .3.4 (**2012-03-28**)
 ----------------------

rhodecode/controllers/forks.py

➞

Show inline comments

@@ @@ -35,7 +35,7 @@ import rhodecode.lib.helpers as h @@
 from rhodecode.lib.helpers import Page
 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \
     NotAnonymous
+    NotAnonymous, HasRepoPermissionAny
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.model.db import Repository, RepoGroup, UserFollowing, User
 from rhodecode.model.repo import RepoModel
@@ @@ -103,7 +103,13 @@ class ForksController(BaseRepoController @@
     def forks(self, repo_name):
         p = int(request.params.get('page', 1))
         repo_id = c.rhodecode_db_repo.repo_id
         d = Repository.get_repo_forks(repo_id)
         d = []
         for r in Repository.get_repo_forks(repo_id):
             if not HasRepoPermissionAny(
                 'repository.read', 'repository.write', 'repository.admin'
             )(r.repo_name, 'get forks check'):
                 continue
             d.append(r)
         c.forks_pager = Page(d, page=p, items_per_page=20)
         c.forks_data = render('/forks/forks_data.html')

rhodecode/tests/functional/test_forks.py

➞

Show inline comments

 from rhodecode.tests import *
 from rhodecode.model.db import Repository
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.user import UserModel
 class TestForksController(TestController):
     def setUp(self):
         self.username = u'forkuser'
         self.password = u'qweqwe'
         self.u1 = UserModel().create_or_update(
             username=self.username, password=self.password,
             email=u'fork_king@rhodecode.org', name=u'u1', lastname=u'u1'
+        )
         self.Session.commit()
     def tearDown(self):
         self.Session.delete(self.u1)
         self.Session.commit()
     def test_index(self):
         self.log_user()
         repo_name = HG_REPO
@@ @@ -12,7 +28,6 @@ class TestForksController(TestController @@
         self.assertTrue("""There are no forks yet""" in response.body)
     def test_index_with_fork(self):
         self.log_user()
@@ @@ -34,7 +49,6 @@ class TestForksController(TestController @@
         response = self.app.get(url(controller='forks', action='forks',
                                     repo_name=repo_name))
         self.assertTrue("""<a href="/%s/summary">"""
                          """vcs_test_hg_fork</a>""" % fork_name
                          in response.body)
@@ @@ -42,9 +56,6 @@ class TestForksController(TestController @@
         #remove this fork
         response = self.app.delete(url('repo', repo_name=fork_name))
     def test_z_fork_create(self):
         self.log_user()
         fork_name = HG_FORK
@@ @@ -71,11 +82,9 @@ class TestForksController(TestController @@
         self.assertEqual(fork_repo.repo_name, fork_name)
         self.assertEqual(fork_repo.fork.repo_name, repo_name)
         #test if fork is visible in the list ?
         response = response.follow()
         # check if fork is marked as fork
         # wait for cache to expire
         import time
@@ @@ -84,3 +93,41 @@ class TestForksController(TestController @@
                                     repo_name=fork_name))
         self.assertTrue('Fork of %s' % repo_name in response.body)
     def test_zz_fork_permission_page(self):
         usr = self.log_user(self.username, self.password)['user_id']
         repo_name = HG_REPO
         forks = self.Session.query(Repository)\
             .filter(Repository.fork_id != None)\
             .all()
         self.assertEqual(1, len(forks))
         # set read permissions for this
         RepoModel().grant_user_permission(repo=forks[0],
                                           user=usr,
                                           perm='repository.read')
         self.Session.commit()
         response = self.app.get(url(controller='forks', action='forks',
                                     repo_name=repo_name))
         response.mustcontain('<div style="padding:5px 3px 3px 42px;">fork of vcs test</div>')
     def test_zzz_fork_permission_page(self):
         usr = self.log_user(self.username, self.password)['user_id']
         repo_name = HG_REPO
         forks = self.Session.query(Repository)\
             .filter(Repository.fork_id != None)\
             .all()
         self.assertEqual(1, len(forks))
         # set none
         RepoModel().grant_user_permission(repo=forks[0],
                                           user=usr, perm='repository.none')
         self.Session.commit()
         # fork shouldn't be there
         response = self.app.get(url(controller='forks', action='forks',
                                     repo_name=repo_name))
         response.mustcontain('There are no forks yet')

0 comments (0 inline, 0 general)