#192: added new specs, some refactoring of controller
This commit is contained in:
parent
4d719f2d88
commit
4a3b694af7
|
@ -12,31 +12,26 @@ class Api::V1::PlatformsController < Api::V1::BaseController
|
||||||
platform_name = url.gsub(/^http\:\/\/.*#{downloads_url}[\/]+/, '')
|
platform_name = url.gsub(/^http\:\/\/.*#{downloads_url}[\/]+/, '')
|
||||||
.gsub(/\/.*/, '')
|
.gsub(/\/.*/, '')
|
||||||
platform = Platform.find_by_name platform_name
|
platform = Platform.find_by_name platform_name
|
||||||
|
has_access = platform.present?
|
||||||
if platform && platform.hidden?
|
if platform && platform.hidden?
|
||||||
token = url.gsub(/^http\:\/\//, '').match(/.*\:\@/)
|
token = url.gsub(/^http\:\/\//, '').match(/.*\:\@/)
|
||||||
token = token[0].gsub(/\:\@/, '') if token
|
token = token[0].gsub(/\:\@/, '') if token
|
||||||
if token.present?
|
if has_access = token.present?
|
||||||
if platform.tokens.where(:authentication_token => token).exists?
|
if platform.tokens.where(:authentication_token => token).exists?
|
||||||
render :inline => 'true'
|
has_access = true
|
||||||
else # find user by token and check ability
|
else # find user by token and check ability
|
||||||
user = User.find_by_authentication_token token
|
user = User.find_by_authentication_token token
|
||||||
@current_ability = nil
|
@current_ability = nil
|
||||||
@current_user = user
|
@current_user = user
|
||||||
if user && can?(:read, platform)
|
has_access = user && can?(:read, platform)
|
||||||
render :inline => 'true'
|
|
||||||
else
|
|
||||||
render :inline => 'false', :status => 403
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
else # no token for hidden platform
|
|
||||||
render :inline => 'false', :status => 403
|
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
if has_access
|
||||||
|
render :inline => 'true'
|
||||||
else
|
else
|
||||||
if platform # platform open
|
render :inline => 'false', :status => 403
|
||||||
render :inline => 'true'
|
|
||||||
else # platform does not exist
|
|
||||||
render :inline => 'false', :status => 403
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -288,6 +288,12 @@ describe Api::V1::PlatformsController do
|
||||||
get :allowed, :url => "http://#{@platform.owner.authentication_token}:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
|
get :allowed, :url => "http://#{@platform.owner.authentication_token}:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
|
||||||
response.status.should == 200
|
response.status.should == 200
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'ensures that status 403 if user token correct but user has no ability to read platform' do
|
||||||
|
user = FactoryGirl.create(:user)
|
||||||
|
get :allowed, :url => "http://#{user.authentication_token}:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
|
||||||
|
response.status.should == 403
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue