This fixes the problem but allows anyone to read buckets and buckets …

…permissions.
Kinto · Jul 6, 2015 · 822c80a · 822c80a
1 parent 49f0959
commit 822c80a
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/kinto/__init__.py b/kinto/__init__.py
@@ -20,6 +20,7 @@
     'cliquet.project_name': 'Cloud Storage',
     'cliquet.project_docs': 'https://kinto.readthedocs.org/',
     'cliquet.bucket_create_principals': 'system.Authenticated',
+    'cliquet.bucket_read_principals': 'system.Authenticated',
     'multiauth.authorization_policy': (
         'kinto.authorization.AuthorizationPolicy'),
     'multiauth.groupfinder': (

diff --git a/kinto/tests/test_views_buckets.py b/kinto/tests/test_views_buckets.py
@@ -30,11 +30,17 @@ def test_buckets_can_be_put_with_simple_name(self):
         self.assertEqual(self.record['id'], 'beers')
 
     def test_collection_endpoint_lists_them_all(self):
-        resp = self.app.get(self.collection_url, headers=self.headers)
+        resp = self.app.get(self.collection_url,
+                            headers=get_user_headers('alice'))
         records = resp.json['data']
         self.assertEqual(len(records), 1)
         self.assertEqual(records[0]['id'], 'beers')
 
+    def test_anyone_can_read_bucket_information(self):
+        resp = self.app.get(self.record_url, headers=get_user_headers('alice'))
+        record = resp.json['data']
+        self.assertEqual(record['id'], 'beers')
+
     def test_buckets_name_should_be_simple(self):
         self.app.put_json('/buckets/__beers__',
                           MINIMALIST_BUCKET,