Skip to content

Commit

Permalink
[#1210] Fix auth tests and tweak auth functions
Browse files Browse the repository at this point in the history 
Add the anon access decorator to some functions as they require it in
some circumstances.

The storage controller was calling `is_authorized_boolean` directly,
which should be never done (same for `is_authorized`).

It would be god to refactor password_reset out of user_update, so
user_update does not require anon access.
  • Loading branch information
@amercader
amercader committed Aug 27, 2013
1 parent 923118c commit 13f07b7
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 10 deletions.
8 changes: 4 additions & 4 deletions ckan/controllers/storage.py
View file
Expand Up @@ -15,7 +15,7 @@
from ckan.lib.base import BaseController, c, request, render, config, h, abort
from ckan.lib.jsonp import jsonpify
import ckan.model as model
import ckan.new_authz as new_authz
import ckan.logic as logic

try:
from cStringIO import StringIO
Expand Down Expand Up @@ -97,9 +97,9 @@ def authorize(method, bucket, key, user, ofs):
# now check user stuff
context = {'user': c.user,
'model': model}
is_authorized = new_authz.is_authorized_boolean(
'file_upload', context, {})
if not is_authorized:
try:
logic.check_access('file_upload', context, {})
except logic.NotAuthorized:
h.flash_error('Not authorized to upload files.')
abort(401)

Expand Down
3 changes: 2 additions & 1 deletion ckan/logic/auth/create.py
View file
Expand Up @@ -3,7 +3,7 @@

from ckan.common import _


@logic.auth_allow_anonymous_access
def package_create(context, data_dict=None):
user = context['user']

Expand Down Expand Up @@ -103,6 +103,7 @@ def rating_create(context, data_dict):
# No authz check in the logic function
return {'success': True}

@logic.auth_allow_anonymous_access
def user_create(context, data_dict=None):
user = context['user']

Expand Down
3 changes: 2 additions & 1 deletion ckan/logic/auth/update.py
View file
Expand Up @@ -10,7 +10,7 @@
def make_latest_pending_package_active(context, data_dict):
return new_authz.is_authorized('package_update', context, data_dict)


@logic.auth_allow_anonymous_access
def package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
Expand Down Expand Up @@ -176,6 +176,7 @@ def group_edit_permissions(context, data_dict):
return {'success': True}


@logic.auth_allow_anonymous_access
def user_update(context, data_dict):
user = context['user']

Expand Down
13 changes: 9 additions & 4 deletions ckan/tests/logic/test_init.py
View file
Expand Up @@ -3,7 +3,7 @@
import ckan.model as model
import ckan.logic as logic

from ckan.lib.create_test_data import CreateTestData
from ckan.lib import create_test_data


class TestMemberLogic(object):
Expand All @@ -14,20 +14,25 @@ def test_model_name_to_class(self):
model,
'inexistent_model_name')

class TestCheckAccess(object):

class TestCheckAccess(object):

@classmethod
def setup_class(cls):
model.Session.close_all()
model.repo.delete_all()

@classmethod
def teardown_class(cls):
model.Session.close_all()
model.repo.delete_all()

def setup(self):
model.repo.rebuild_db()

def test_check_access_auth_user_obj_is_set(self):

CreateTestData.create_test_user()
create_test_data.CreateTestData.create_test_user()

user_name = 'tester'
context = {'user': user_name}
Expand All @@ -40,7 +45,7 @@ def test_check_access_auth_user_obj_is_set(self):

def test_check_access_auth_user_obj_is_not_set_when_ignoring_auth(self):

CreateTestData.create_test_user()
create_test_data.CreateTestData.create_test_user()

user_name = 'tester'
context = {'user': user_name, 'ignore_auth': True}
Expand Down

0 comments on commit 13f07b7

Please sign in to comment.