archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Make shared nodes world-gettable

Browse Source
This commit is contained in:
Sybren A. Stüvel 2016-07-13 12:28:01 +02:00
parent 53c0eec8f1
commit 9cd7198005
2 changed files with 51 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pillar/application/modules/nodes.py
View File

@ -44,6 +44,7 @@ def share_node(node_id):
if not short_code: if not short_code:
if request.method == 'POST': if request.method == 'POST':
short_code = generate_and_store_short_code(node) short_code = generate_and_store_short_code(node)
make_world_gettable(node)
status = 201 status = 201
else: else:
return '', 204 return '', 204
@ -88,6 +89,24 @@ def generate_and_store_short_code(node):
return short_code return short_code
def make_world_gettable(node):
nodes_coll = current_app.data.driver.db['nodes']
node_id = node['_id']
log.debug('Ensuring the world can read node %s', node_id)
world_perms = set(node.get('permissions', {}).get('world', []))
world_perms.add(u'GET')
world_perms = list(world_perms)
result = nodes_coll.update_one({'_id': node_id},
{'$set': {'permissions.world': world_perms}})
if result.matched_count != 1:
log.warning('Unable to update node %s with new permissions.world=%r', node_id, world_perms)
raise InternalServerError('Unable to update node %s with new permissions' % node_id)
def create_short_code(node): def create_short_code(node):
"""Generates a new 'short code' for the node.""" """Generates a new 'short code' for the node."""

33
tests/test_nodes.py
View File

@ -239,7 +239,15 @@ class NodeSharingTest(AbstractPillarTest):
def setUp(self, **kwargs): def setUp(self, **kwargs):
AbstractPillarTest.setUp(self, **kwargs) AbstractPillarTest.setUp(self, **kwargs)
self.project_id, _ = self.ensure_project_exists() self.project_id, _ = self.ensure_project_exists(
project_overrides={
u'category': 'home',
u'permissions':
{u'groups': [{u'group': ctd.EXAMPLE_ADMIN_GROUP_ID,
u'methods': [u'GET', u'POST', u'PUT', u'DELETE']}],
u'users': [],
u'world': []}}
)
self.user_id = self.create_user(groups=[ctd.EXAMPLE_ADMIN_GROUP_ID]) self.user_id = self.create_user(groups=[ctd.EXAMPLE_ADMIN_GROUP_ID])
self.create_valid_auth_token(self.user_id, 'token') self.create_valid_auth_token(self.user_id, 'token')
@ -266,6 +274,29 @@ class NodeSharingTest(AbstractPillarTest):
self._check_share_data(share_data) self._check_share_data(share_data)
def test_anonymous_access_shared_node(self):
# Anonymous user should not have access
self.get('/nodes/%s' % self.node_id, expected_status=403)
# Share the node
self.post('/nodes/%s/share' % self.node_id, auth_token='token',
expected_status=201)
# Check that an anonymous user has acces.
resp = self.get('/nodes/%s' % self.node_id)
self.assertEqual(str(self.node_id), resp.json()['_id'])
def test_other_user_access_shared_node(self):
# Share the node
self.post('/nodes/%s/share' % self.node_id, auth_token='token',
expected_status=201)
# Check that another user has access
other_user_id = self.create_user(user_id=24 * 'a')
self.create_valid_auth_token(other_user_id, 'other-token')
resp = self.get('/nodes/%s' % self.node_id, auth_token='other-token')
self.assertEqual(str(self.node_id), resp.json()['_id'])
def test_get_share_data__unshared_node(self): def test_get_share_data__unshared_node(self):
self.get('/nodes/%s/share' % self.node_id, self.get('/nodes/%s/share' % self.node_id,
expected_status=204, expected_status=204,