[api] fix history access of project meta data

openSUSE · Oct 12, 2010 · 756f003 · 756f003
1 parent ad9479e
commit 756f003
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 12 deletions.
diff --git a/src/api/app/controllers/source_controller.rb b/src/api/app/controllers/source_controller.rb
@@ -960,20 +960,20 @@ def file
         return
       end
       allowed = permissions.package_change? pack
-    end
 
-    # ACL(file): access behaves like project not existing
+      # ACL(file): access behaves like project not existing
-    if pack.disabled_for?('access', nil, nil) and not @http_user.can_access?(pack)
+      if pack.disabled_for?('access', nil, nil) and not @http_user.can_access?(pack)
-      render_error :status => 404, :errorcode => 'not_found',
+        render_error :status => 404, :errorcode => 'not_found',
-      :message => "The given package #{package_name} does not exist in project #{project_name}"
+        :message => "The given package #{package_name} does not exist in project #{project_name}"
-      return
+        return
-    end
+      end
 
-    # ACL(file): source access gives permisson denied
+      # ACL(file): source access gives permisson denied
-    if pack.disabled_for?('sourceaccess', nil, nil) and not @http_user.can_source_access?(pack)
+      if pack.disabled_for?('sourceaccess', nil, nil) and not @http_user.can_source_access?(pack)
-      render_error :status => 403, :errorcode => "source_access_no_permission",
+        render_error :status => 403, :errorcode => "source_access_no_permission",
-      :message => "no read access to package #{package_name}, project #{project_name}"
+        :message => "no read access to package #{package_name}, project #{project_name}"
-      return
+        return
+      end
     end
 
     if request.get?

diff --git a/src/api/test/functional/source_controller_test.rb b/src/api/test/functional/source_controller_test.rb
@@ -1190,6 +1190,19 @@ def test_add_file_to_package
     assert_response :success
   end
 
+  def test_get_project_meta_history
+    ActionController::IntegrationTest::reset_auth 
+    get "/source/kde4/_project/_history"
+    assert_response 401
+    prepare_request_with_user "fredlibs", "geröllheimer"
+    get "/source/kde4/_project/_history"
+    assert_response :success
+    assert_tag( :tag => "revisionlist" )
+    get "/source/kde4/_project/_history?meta=1"
+    assert_response :success
+    assert_tag( :tag => "revisionlist" )
+  end
+
   def test_remove_and_undelete_operations
     ActionController::IntegrationTest::reset_auth 
     delete "/source/kde4/kdelibs"