# HG changeset patch # User dfraser # Date 1242043898 0 # Node ID a8c84285e67ab40fa802ad98c336ba12ca726169 # Parent 8ffe90404a8cf47f3815483f863b7741cd901a70 Complete rights restrictions for build configs etc - see #384. Also enhance tests to work with this code (but don't yet check that rights are restricted properly) Moved repos lookup outside of config loop for optimisation diff --git a/bitten/tests/web_ui.py b/bitten/tests/web_ui.py --- a/bitten/tests/web_ui.py +++ b/bitten/tests/web_ui.py @@ -46,8 +46,9 @@ get_node=lambda path, rev=None: Mock(get_history=lambda: [], isdir=True), normalize_path=lambda path: path, - sync=lambda: None + sync=lambda: None, ) + self.repos.authz = Mock(has_permission=lambda path: True, assert_permission=lambda path: None) self.env.get_repository = lambda authname=None: self.repos def tearDown(self): @@ -57,7 +58,7 @@ PermissionSystem(self.env).grant_permission('joe', 'BUILD_VIEW') req = Mock(method='GET', base_path='', cgi_location='', path_info='/build', href=Href('/trac'), args={}, chrome={}, - perm=PermissionCache(self.env, 'joe')) + perm=PermissionCache(self.env, 'joe'), authname='joe') module = BuildConfigController(self.env) assert module.match_request(req) @@ -82,6 +83,7 @@ range(123, 111, -1)]) self.repos = Mock(get_node=lambda path, rev=None: root, sync=lambda: None, normalize_path=lambda path: path) + self.repos.authz = Mock(has_permission=lambda path: True, assert_permission=lambda path: None) module = BuildConfigController(self.env) assert module.match_request(req) @@ -107,6 +109,7 @@ range(123, 110, -1)]) self.repos = Mock(get_node=lambda path, rev=None: root, sync=lambda: None, normalize_path=lambda path: path) + self.repos.authz = Mock(has_permission=lambda path: True, assert_permission=lambda path: None) module = BuildConfigController(self.env) assert module.match_request(req) @@ -137,6 +140,7 @@ normalize_path=lambda path: path, sync=lambda: None ) + self.repos.authz = Mock(has_permission=lambda path: True, assert_permission=lambda path: None) self.env.get_repository = lambda authname=None: self.repos def tearDown(self): diff --git a/bitten/web_ui.py b/bitten/web_ui.py --- a/bitten/web_ui.py +++ b/bitten/web_ui.py @@ -178,13 +178,12 @@ show_all = True data['show_all'] = show_all + repos = self.env.get_repository(req.authname) + if hasattr(repos, 'sync'): + repos.sync() + configs = [] for config in BuildConfig.select(self.env, include_inactive=show_all): - - repos = self.env.get_repository(req.authname) - if hasattr(repos, 'sync'): - repos.sync() - if not repos.authz.has_permission(config.path): continue @@ -260,8 +259,15 @@ db = self.env.get_db_cnx() + repos = self.env.get_repository(req.authname) + if hasattr(repos, 'sync'): + repos.sync() + configs = [] for config in BuildConfig.select(self.env, include_inactive=False): + if not repos.authz.has_permission(config.path): + continue + self.log.debug(config.name) if not config.active: continue @@ -317,6 +323,12 @@ db = self.env.get_db_cnx() config = BuildConfig.fetch(self.env, config_name, db=db) + + repos = self.env.get_repository(req.authname) + if hasattr(repos, 'sync'): + repos.sync() + repos.authz.assert_permission(config.path) + data = {'title': 'Build Configuration "%s"' \ % config.label or config.name, 'page_mode': 'view_config'} @@ -493,6 +505,7 @@ data['build']['can_delete'] = ('BUILD_DELETE' in req.perm) repos = self.env.get_repository(req.authname) + repos.authz.assert_permission(config.path) chgset = repos.get_changeset(build.rev) data['build']['chgset_author'] = chgset.author @@ -527,10 +540,18 @@ "AND b.status IN (%s, %s) ORDER BY b.stopped", (start, stop, Build.SUCCESS, Build.FAILURE)) + repos = self.env.get_repository(req.authname) + if hasattr(repos, 'sync'): + repos.sync() + event_kinds = {Build.SUCCESS: 'successbuild', Build.FAILURE: 'failedbuild'} for id, config, label, rev, platform, stopped, status in cursor: + config_object = BuildConfig.fetch(self.env, config, db=db) + if not repos.authz.has_permission(config_object.path): + continue + errors = [] if status == Build.FAILURE: for step in BuildStep.select(self.env, build=id,