[ci] Allow anonymous access for API calls to orderkiwirepos (global_c…

…ommand_orderkiwirepos)
openSUSE · Oct 17, 2016 · c9c4f0f · c9c4f0f
1 parent 7b1a879
commit c9c4f0f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/src/api/app/controllers/source_controller.rb b/src/api/app/controllers/source_controller.rb
@@ -19,8 +19,8 @@ class IllegalRequest < APIException
   validate_action update_project_meta: { request: :project, response: :status}
   validate_action update_package_meta: { request: :package, response: :status}
 
-  skip_before_action :extract_user, only: [:lastevents_public]
-  skip_before_action :require_login, only: [:lastevents_public]
+  skip_before_action :extract_user, only: [:lastevents_public, :global_command_orderkiwirepos]
+  skip_before_action :require_login, only: [:lastevents_public, :global_command_orderkiwirepos]
 
   before_action :require_valid_project_name, except: [ :index, :lastevents, :lastevents_public,
                                                        :global_command_orderkiwirepos, :global_command_branch,

diff --git a/src/api/test/functional/source_controller_test.rb b/src/api/test/functional/source_controller_test.rb
@@ -70,7 +70,8 @@ def test_post_orderkiwirepos
 
   def test_anonymous_access_for_global_commands
     post '/source?cmd=orderkiwirepos'
-    assert_response 401
+    # anonymous access allowed here, just forwarding the request to backend fails
+    assert_response 400
 
     post '/source?cmd=createmaintenanceincident'
     assert_response 401