##// END OF EJS Templates
fixed missing permissions check on forks page
marcink -
r2176:162bf5c9 beta
parent child Browse files
Show More
@@ -19,6 +19,7 b' fixes'
19 +++++
19 +++++
20
20
21 - fixed dev-version marker for stable when served from source codes
21 - fixed dev-version marker for stable when served from source codes
22 - fixed missing permission checks on show forks page
22
23
23 1.3.4 (**2012-03-28**)
24 1.3.4 (**2012-03-28**)
24 ----------------------
25 ----------------------
@@ -35,7 +35,7 b' import rhodecode.lib.helpers as h'
35
35
36 from rhodecode.lib.helpers import Page
36 from rhodecode.lib.helpers import Page
37 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \
37 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \
38 NotAnonymous
38 NotAnonymous, HasRepoPermissionAny
39 from rhodecode.lib.base import BaseRepoController, render
39 from rhodecode.lib.base import BaseRepoController, render
40 from rhodecode.model.db import Repository, RepoGroup, UserFollowing, User
40 from rhodecode.model.db import Repository, RepoGroup, UserFollowing, User
41 from rhodecode.model.repo import RepoModel
41 from rhodecode.model.repo import RepoModel
@@ -103,7 +103,13 b' class ForksController(BaseRepoController'
103 def forks(self, repo_name):
103 def forks(self, repo_name):
104 p = int(request.params.get('page', 1))
104 p = int(request.params.get('page', 1))
105 repo_id = c.rhodecode_db_repo.repo_id
105 repo_id = c.rhodecode_db_repo.repo_id
106 d = Repository.get_repo_forks(repo_id)
106 d = []
107 for r in Repository.get_repo_forks(repo_id):
108 if not HasRepoPermissionAny(
109 'repository.read', 'repository.write', 'repository.admin'
110 )(r.repo_name, 'get forks check'):
111 continue
112 d.append(r)
107 c.forks_pager = Page(d, page=p, items_per_page=20)
113 c.forks_pager = Page(d, page=p, items_per_page=20)
108
114
109 c.forks_data = render('/forks/forks_data.html')
115 c.forks_data = render('/forks/forks_data.html')
@@ -1,9 +1,25 b''
1 from rhodecode.tests import *
1 from rhodecode.tests import *
2
2
3 from rhodecode.model.db import Repository
3 from rhodecode.model.db import Repository
4 from rhodecode.model.repo import RepoModel
5 from rhodecode.model.user import UserModel
6
4
7
5 class TestForksController(TestController):
8 class TestForksController(TestController):
6
9
10 def setUp(self):
11 self.username = u'forkuser'
12 self.password = u'qweqwe'
13 self.u1 = UserModel().create_or_update(
14 username=self.username, password=self.password,
15 email=u'fork_king@rhodecode.org', name=u'u1', lastname=u'u1'
16 )
17 self.Session.commit()
18
19 def tearDown(self):
20 self.Session.delete(self.u1)
21 self.Session.commit()
22
7 def test_index(self):
23 def test_index(self):
8 self.log_user()
24 self.log_user()
9 repo_name = HG_REPO
25 repo_name = HG_REPO
@@ -12,7 +28,6 b' class TestForksController(TestController'
12
28
13 self.assertTrue("""There are no forks yet""" in response.body)
29 self.assertTrue("""There are no forks yet""" in response.body)
14
30
15
16 def test_index_with_fork(self):
31 def test_index_with_fork(self):
17 self.log_user()
32 self.log_user()
18
33
@@ -34,7 +49,6 b' class TestForksController(TestController'
34 response = self.app.get(url(controller='forks', action='forks',
49 response = self.app.get(url(controller='forks', action='forks',
35 repo_name=repo_name))
50 repo_name=repo_name))
36
51
37
38 self.assertTrue("""<a href="/%s/summary">"""
52 self.assertTrue("""<a href="/%s/summary">"""
39 """vcs_test_hg_fork</a>""" % fork_name
53 """vcs_test_hg_fork</a>""" % fork_name
40 in response.body)
54 in response.body)
@@ -42,9 +56,6 b' class TestForksController(TestController'
42 #remove this fork
56 #remove this fork
43 response = self.app.delete(url('repo', repo_name=fork_name))
57 response = self.app.delete(url('repo', repo_name=fork_name))
44
58
45
46
47
48 def test_z_fork_create(self):
59 def test_z_fork_create(self):
49 self.log_user()
60 self.log_user()
50 fork_name = HG_FORK
61 fork_name = HG_FORK
@@ -71,11 +82,9 b' class TestForksController(TestController'
71 self.assertEqual(fork_repo.repo_name, fork_name)
82 self.assertEqual(fork_repo.repo_name, fork_name)
72 self.assertEqual(fork_repo.fork.repo_name, repo_name)
83 self.assertEqual(fork_repo.fork.repo_name, repo_name)
73
84
74
75 #test if fork is visible in the list ?
85 #test if fork is visible in the list ?
76 response = response.follow()
86 response = response.follow()
77
87
78
79 # check if fork is marked as fork
88 # check if fork is marked as fork
80 # wait for cache to expire
89 # wait for cache to expire
81 import time
90 import time
@@ -84,3 +93,41 b' class TestForksController(TestController'
84 repo_name=fork_name))
93 repo_name=fork_name))
85
94
86 self.assertTrue('Fork of %s' % repo_name in response.body)
95 self.assertTrue('Fork of %s' % repo_name in response.body)
96
97 def test_zz_fork_permission_page(self):
98 usr = self.log_user(self.username, self.password)['user_id']
99 repo_name = HG_REPO
100
101 forks = self.Session.query(Repository)\
102 .filter(Repository.fork_id != None)\
103 .all()
104 self.assertEqual(1, len(forks))
105
106 # set read permissions for this
107 RepoModel().grant_user_permission(repo=forks[0],
108 user=usr,
109 perm='repository.read')
110 self.Session.commit()
111
112 response = self.app.get(url(controller='forks', action='forks',
113 repo_name=repo_name))
114
115 response.mustcontain('<div style="padding:5px 3px 3px 42px;">fork of vcs test</div>')
116
117 def test_zzz_fork_permission_page(self):
118 usr = self.log_user(self.username, self.password)['user_id']
119 repo_name = HG_REPO
120
121 forks = self.Session.query(Repository)\
122 .filter(Repository.fork_id != None)\
123 .all()
124 self.assertEqual(1, len(forks))
125
126 # set none
127 RepoModel().grant_user_permission(repo=forks[0],
128 user=usr, perm='repository.none')
129 self.Session.commit()
130 # fork shouldn't be there
131 response = self.app.get(url(controller='forks', action='forks',
132 repo_name=repo_name))
133 response.mustcontain('There are no forks yet')
General Comments 0
You need to be logged in to leave comments. Login now