Merge pull request #726 from Kinto/725-redis-get_accessible_object

Fix Redis get_accessible_object implementation.
Kinto · Jul 21, 2016 · 23c8be9 · 23c8be9
1 parent 8d44754
commit 23c8be9
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 4 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -3,6 +3,14 @@ Changelog
 
 This document describes changes between each past release.
 
+3.3.2 (unreleased)
+==================
+
+**Bug fixes**
+
+- Fix Redis get_accessible_object implementation (#725)
+
+
 3.3.1 (2016-07-19)
 ==================
 

diff --git a/kinto/core/permission/redis.py b/kinto/core/permission/redis.py
@@ -100,8 +100,8 @@ def get_accessible_objects(self, principals, bound_permissions=None):
             for key in matched:
                 authorized = self._decode_set(self._client.smembers(key))
                 if len(authorized & principals) > 0:
-                    _, object_id, permission = key.decode('utf-8').split(':')
-                    perms_by_id.setdefault(object_id, set()).add(permission)
+                    _, obj_id, permission = key.decode('utf-8').split(':', 2)
+                    perms_by_id.setdefault(obj_id, set()).add(permission)
 
         return perms_by_id
 

diff --git a/kinto/tests/core/test_permission.py b/kinto/tests/core/test_permission.py
@@ -296,14 +296,15 @@ def test_get_authorized_principals_handles_empty_set(self):
 
     def test_accessible_objects(self):
         self.permission.add_principal_to_ace('id1', 'write', 'user1')
-        self.permission.add_principal_to_ace('id1', 'read', 'group')
+        self.permission.add_principal_to_ace('id1', 'record:create', 'group')
         self.permission.add_principal_to_ace('id2', 'read', 'user1')
         self.permission.add_principal_to_ace('id2', 'read', 'user2')
         self.permission.add_principal_to_ace('id3', 'write', 'user2')
         per_object_ids = self.permission.get_accessible_objects(
             ['user1', 'group'])
         self.assertEquals(sorted(per_object_ids.keys()), ['id1', 'id2'])
-        self.assertEquals(per_object_ids['id1'], set(['read', 'write']))
+        self.assertEquals(per_object_ids['id1'],
+                          set(['write', 'record:create']))
         self.assertEquals(per_object_ids['id2'], set(['read']))
 
     def test_accessible_objects_from_permission(self):