From 9cd7198005f6dbd95ed2dd39d3215296887a4e6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Wed, 13 Jul 2016 12:28:01 +0200
Subject: [PATCH] Make shared nodes world-gettable

---
 pillar/application/modules/nodes.py | 19 +++++++++++++++++
 tests/test_nodes.py                 | 33 ++++++++++++++++++++++++++++-
 2 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/pillar/application/modules/nodes.py b/pillar/application/modules/nodes.py
index d6f1446b..0b9ae2e6 100644
--- a/pillar/application/modules/nodes.py
+++ b/pillar/application/modules/nodes.py
@@ -44,6 +44,7 @@ def share_node(node_id):
     if not short_code:
         if request.method == 'POST':
             short_code = generate_and_store_short_code(node)
+            make_world_gettable(node)
             status = 201
         else:
             return '', 204
@@ -88,6 +89,24 @@ def generate_and_store_short_code(node):
     return short_code
 
 
+def make_world_gettable(node):
+    nodes_coll = current_app.data.driver.db['nodes']
+    node_id = node['_id']
+
+    log.debug('Ensuring the world can read node %s', node_id)
+
+    world_perms = set(node.get('permissions', {}).get('world', []))
+    world_perms.add(u'GET')
+    world_perms = list(world_perms)
+
+    result = nodes_coll.update_one({'_id': node_id},
+                                   {'$set': {'permissions.world': world_perms}})
+
+    if result.matched_count != 1:
+        log.warning('Unable to update node %s with new permissions.world=%r', node_id, world_perms)
+        raise InternalServerError('Unable to update node %s with new permissions' % node_id)
+
+
 def create_short_code(node):
     """Generates a new 'short code' for the node."""
 
diff --git a/tests/test_nodes.py b/tests/test_nodes.py
index d70c839c..6a35c3a0 100644
--- a/tests/test_nodes.py
+++ b/tests/test_nodes.py
@@ -239,7 +239,15 @@ class NodeSharingTest(AbstractPillarTest):
     def setUp(self, **kwargs):
         AbstractPillarTest.setUp(self, **kwargs)
 
-        self.project_id, _ = self.ensure_project_exists()
+        self.project_id, _ = self.ensure_project_exists(
+            project_overrides={
+                u'category': 'home',
+                u'permissions':
+                    {u'groups': [{u'group': ctd.EXAMPLE_ADMIN_GROUP_ID,
+                                  u'methods': [u'GET', u'POST', u'PUT', u'DELETE']}],
+                     u'users': [],
+                     u'world': []}}
+        )
         self.user_id = self.create_user(groups=[ctd.EXAMPLE_ADMIN_GROUP_ID])
         self.create_valid_auth_token(self.user_id, 'token')
 
@@ -266,6 +274,29 @@ class NodeSharingTest(AbstractPillarTest):
 
         self._check_share_data(share_data)
 
+    def test_anonymous_access_shared_node(self):
+        # Anonymous user should not have access
+        self.get('/nodes/%s' % self.node_id, expected_status=403)
+
+        # Share the node
+        self.post('/nodes/%s/share' % self.node_id, auth_token='token',
+                  expected_status=201)
+
+        # Check that an anonymous user has acces.
+        resp = self.get('/nodes/%s' % self.node_id)
+        self.assertEqual(str(self.node_id), resp.json()['_id'])
+
+    def test_other_user_access_shared_node(self):
+        # Share the node
+        self.post('/nodes/%s/share' % self.node_id, auth_token='token',
+                  expected_status=201)
+
+        # Check that another user has access
+        other_user_id = self.create_user(user_id=24 * 'a')
+        self.create_valid_auth_token(other_user_id, 'other-token')
+        resp = self.get('/nodes/%s' % self.node_id, auth_token='other-token')
+        self.assertEqual(str(self.node_id), resp.json()['_id'])
+
     def test_get_share_data__unshared_node(self):
         self.get('/nodes/%s/share' % self.node_id,
                  expected_status=204,