Make shared nodes world-gettable

2016-07-13 12:28:01 +02:00 · 2016-07-13 12:28:01 +02:00 · 9cd7198005
commit 9cd7198005
parent 53c0eec8f1
2 changed files with 51 additions and 1 deletions
--- a/pillar/application/modules/nodes.py
+++ b/pillar/application/modules/nodes.py
@ -44,6 +44,7 @@ def share_node(node_id):
    if not short_code:
        if request.method == 'POST':
            short_code = generate_and_store_short_code(node)
+            make_world_gettable(node)
            status = 201
        else:
            return '', 204
@ -88,6 +89,24 @@ def generate_and_store_short_code(node):
    return short_code


+def make_world_gettable(node):
+    nodes_coll = current_app.data.driver.db['nodes']
+    node_id = node['_id']
+
+    log.debug('Ensuring the world can read node %s', node_id)
+
+    world_perms = set(node.get('permissions', {}).get('world', []))
+    world_perms.add(u'GET')
+    world_perms = list(world_perms)
+
+    result = nodes_coll.update_one({'_id': node_id},
+                                   {'$set': {'permissions.world': world_perms}})
+
+    if result.matched_count != 1:
+        log.warning('Unable to update node %s with new permissions.world=%r', node_id, world_perms)
+        raise InternalServerError('Unable to update node %s with new permissions' % node_id)
+
+
 def create_short_code(node):
    """Generates a new 'short code' for the node."""

--- a/tests/test_nodes.py
+++ b/tests/test_nodes.py
@ -239,7 +239,15 @@ class NodeSharingTest(AbstractPillarTest):
    def setUp(self, **kwargs):
        AbstractPillarTest.setUp(self, **kwargs)

-        self.project_id, _ = self.ensure_project_exists()
+        self.project_id, _ = self.ensure_project_exists(
+            project_overrides={
+                u'category': 'home',
+                u'permissions':
+                    {u'groups': [{u'group': ctd.EXAMPLE_ADMIN_GROUP_ID,
+                                  u'methods': [u'GET', u'POST', u'PUT', u'DELETE']}],
+                     u'users': [],
+                     u'world': []}}
+        )
        self.user_id = self.create_user(groups=[ctd.EXAMPLE_ADMIN_GROUP_ID])
        self.create_valid_auth_token(self.user_id, 'token')

@ -266,6 +274,29 @@ class NodeSharingTest(AbstractPillarTest):

        self._check_share_data(share_data)

+    def test_anonymous_access_shared_node(self):
+        # Anonymous user should not have access
+        self.get('/nodes/%s' % self.node_id, expected_status=403)
+
+        # Share the node
+        self.post('/nodes/%s/share' % self.node_id, auth_token='token',
+                  expected_status=201)
+
+        # Check that an anonymous user has acces.
+        resp = self.get('/nodes/%s' % self.node_id)
+        self.assertEqual(str(self.node_id), resp.json()['_id'])
+
+    def test_other_user_access_shared_node(self):
+        # Share the node
+        self.post('/nodes/%s/share' % self.node_id, auth_token='token',
+                  expected_status=201)
+
+        # Check that another user has access
+        other_user_id = self.create_user(user_id=24 * 'a')
+        self.create_valid_auth_token(other_user_id, 'other-token')
+        resp = self.get('/nodes/%s' % self.node_id, auth_token='other-token')
+        self.assertEqual(str(self.node_id), resp.json()['_id'])
+
    def test_get_share_data__unshared_node(self):
        self.get('/nodes/%s/share' % self.node_id,
                 expected_status=204,