Permalink
Browse files

[api] fix history access of project meta data

  • Loading branch information...
1 parent ad9479e commit 756f0034ec40574170cba2ac2badc970c13905a8 @adrianschroeter adrianschroeter committed Oct 12, 2010
Showing with 25 additions and 12 deletions.
  1. +12 −12 src/api/app/controllers/source_controller.rb
  2. +13 −0 src/api/test/functional/source_controller_test.rb
@@ -960,20 +960,20 @@ def file
return
end
allowed = permissions.package_change? pack
- end
- # ACL(file): access behaves like project not existing
- if pack.disabled_for?('access', nil, nil) and not @http_user.can_access?(pack)
- render_error :status => 404, :errorcode => 'not_found',
- :message => "The given package #{package_name} does not exist in project #{project_name}"
- return
- end
+ # ACL(file): access behaves like project not existing
+ if pack.disabled_for?('access', nil, nil) and not @http_user.can_access?(pack)
+ render_error :status => 404, :errorcode => 'not_found',
+ :message => "The given package #{package_name} does not exist in project #{project_name}"
+ return
+ end
- # ACL(file): source access gives permisson denied
- if pack.disabled_for?('sourceaccess', nil, nil) and not @http_user.can_source_access?(pack)
- render_error :status => 403, :errorcode => "source_access_no_permission",
- :message => "no read access to package #{package_name}, project #{project_name}"
- return
+ # ACL(file): source access gives permisson denied
+ if pack.disabled_for?('sourceaccess', nil, nil) and not @http_user.can_source_access?(pack)
+ render_error :status => 403, :errorcode => "source_access_no_permission",
+ :message => "no read access to package #{package_name}, project #{project_name}"
+ return
+ end
end
if request.get?
@@ -1190,6 +1190,19 @@ def test_add_file_to_package
assert_response :success
end
+ def test_get_project_meta_history
+ ActionController::IntegrationTest::reset_auth
+ get "/source/kde4/_project/_history"
+ assert_response 401
+ prepare_request_with_user "fredlibs", "geröllheimer"
+ get "/source/kde4/_project/_history"
+ assert_response :success
+ assert_tag( :tag => "revisionlist" )
+ get "/source/kde4/_project/_history?meta=1"
+ assert_response :success
+ assert_tag( :tag => "revisionlist" )
+ end
+
def test_remove_and_undelete_operations
ActionController::IntegrationTest::reset_auth
delete "/source/kde4/kdelibs"

0 comments on commit 756f003

Please sign in to comment.