#373: refactoring, added specs
This commit is contained in:
parent
c41fc4d0bb
commit
7d0b2998dc
|
@ -1,12 +1,14 @@
|
|||
class Api::V1::PlatformsController < Api::V1::BaseController
|
||||
before_filter :authenticate_user!
|
||||
skip_before_filter :authenticate_user!, only: :allowed
|
||||
skip_before_filter :authenticate_user!, only: [:show, :platforms_for_build, :members] if APP_CONFIG['anonymous_access']
|
||||
skip_before_filter :authenticate_user!, only: %i(show platforms_for_build members cached_chroot) if APP_CONFIG['anonymous_access']
|
||||
before_filter :set_token, only: %i(allowed cached_chroot)
|
||||
|
||||
load_and_authorize_resource except: :allowed
|
||||
load_and_authorize_resource except: %i(allowed cached_chroot)
|
||||
load_resource only: :cached_chroot
|
||||
|
||||
def allowed
|
||||
if Platform.allowed?(params[:path] || '', request)
|
||||
if Platform.allowed?(params[:path] || '', @token)
|
||||
render nothing: true
|
||||
else
|
||||
render nothing: true, status: 403
|
||||
|
@ -21,6 +23,14 @@ class Api::V1::PlatformsController < Api::V1::BaseController
|
|||
def show
|
||||
end
|
||||
|
||||
def cached_chroot
|
||||
if sha1 = @platform.cached_chroot(@token, params[:arch])
|
||||
redirect_to "#{APP_CONFIG['file_store_url']}/api/v1/file_stores/#{sha1}"
|
||||
else
|
||||
render nothing: true, status: 403
|
||||
end
|
||||
end
|
||||
|
||||
def platforms_for_build
|
||||
@platforms = Platform.main.opened.paginate(paginate_params)
|
||||
render :index
|
||||
|
@ -72,4 +82,12 @@ class Api::V1::PlatformsController < Api::V1::BaseController
|
|||
destroy_subject @platform
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def set_token
|
||||
if request.authorization.present?
|
||||
@token, pass = *ActionController::HttpAuthentication::Basic::user_name_and_password(request)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -7,6 +7,7 @@ class Platform < ActiveRecord::Base
|
|||
include Owner
|
||||
include EventLoggable
|
||||
|
||||
CACHED_CHROOT_PRODUCT_NAME = 'cached-chroot'
|
||||
AUTOMATIC_METADATA_REGENERATIONS = %w(day week)
|
||||
VISIBILITIES = %w(open hidden)
|
||||
NAME_PATTERN = /[\w\-\.]+/
|
||||
|
@ -211,32 +212,39 @@ class Platform < ActiveRecord::Base
|
|||
end
|
||||
|
||||
# Checks access rights to platform and caching for 1 day.
|
||||
def self.allowed?(path, request)
|
||||
def self.allowed?(path, token)
|
||||
platform_name = path.gsub(/^[\/]+/, '')
|
||||
.match(/^(#{NAME_PATTERN}\/|#{NAME_PATTERN}$)/)
|
||||
|
||||
return true unless platform_name
|
||||
platform_name = platform_name[0].gsub(/\//, '')
|
||||
|
||||
if request.authorization.present?
|
||||
token, pass = *ActionController::HttpAuthentication::Basic::user_name_and_password(request)
|
||||
end
|
||||
|
||||
Rails.cache.fetch([platform_name, token, :platform_allowed], expires_in: 2.minutes) do
|
||||
platform = Platform.find_by name: platform_name
|
||||
next false unless platform
|
||||
next true unless platform.hidden?
|
||||
next false unless token
|
||||
next true if platform.tokens.by_active.where(authentication_token: token).exists?
|
||||
platform.has_access?(token)
|
||||
end
|
||||
end
|
||||
|
||||
user = User.find_by authentication_token: token
|
||||
def cached_chroot(token, arch)
|
||||
return false if personal?
|
||||
Rails.cache.fetch([:cached_chroot, token, name, arch], expires_in: 10.minutes) do
|
||||
product = products.where(name: CACHED_CHROOT_PRODUCT_NAME).first
|
||||
next false unless product
|
||||
pbl = product.product_build_lists.for_status(ProductBuildList::BUILD_COMPLETED).recent.first
|
||||
next false unless pbl
|
||||
next false if hidden? && !has_access?(token)
|
||||
pbl.results.results.find{ |r| r['file_name'] =~ /^cached-chroot-#{arch}/ } || false
|
||||
end
|
||||
end
|
||||
|
||||
def has_access?(token)
|
||||
return true if tokens.by_active.where(authentication_token: token).exists?
|
||||
user = User.find_by(authentication_token: token)
|
||||
current_ability = Ability.new(user)
|
||||
if user && current_ability.can?(:show, platform)
|
||||
true
|
||||
else
|
||||
false
|
||||
end
|
||||
end
|
||||
user && current_ability.can?(:show, self) ? true : false
|
||||
end
|
||||
|
||||
def self.autostart_metadata_regeneration(value)
|
||||
|
|
|
@ -33,13 +33,14 @@ Rosa::Application.routes.draw do
|
|||
put :publish_into_testing
|
||||
}
|
||||
end
|
||||
resources :arches, only: [:index]
|
||||
resources :platforms, only: [:index, :show, :update, :destroy, :create] do
|
||||
resources :arches, only: :index
|
||||
resources :platforms, only: %i(index show update destroy create), constraints: { id: Platform::NAME_PATTERN } do
|
||||
collection {
|
||||
get :platforms_for_build
|
||||
get :allowed
|
||||
}
|
||||
member {
|
||||
get :cached_chroot
|
||||
get :members
|
||||
put :add_member
|
||||
delete :remove_member
|
||||
|
|
|
@ -12,6 +12,7 @@ shared_examples_for 'api platform user with reader rights' do
|
|||
get :members, id: @platform.id, format: :json
|
||||
response.should render_template(:members)
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
shared_examples_for 'api platform user with owner rights' do
|
||||
|
@ -192,6 +193,12 @@ shared_examples_for 'api platform user without reader rights for hidden platform
|
|||
response.body.should == {"message" => "Access violation to this page!"}.to_json
|
||||
end
|
||||
end
|
||||
|
||||
it "should not be able to perform cached_chroot action" do
|
||||
get :cached_chroot, id: @platform.id, format: :json
|
||||
response.status.should == 403
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
shared_examples_for "api platform user with show rights" do
|
||||
|
@ -200,6 +207,13 @@ shared_examples_for "api platform user with show rights" do
|
|||
response.should render_template(:show)
|
||||
end
|
||||
|
||||
it 'should be able to perform cached_chroot action' do
|
||||
Rails.stub_chain(:cache, :fetch).and_return('sha1')
|
||||
http_login (@admin || @user).authentication_token, '' if @platform.hidden?
|
||||
get :cached_chroot, id: @platform.id, format: :json
|
||||
response.should redirect_to("#{APP_CONFIG['file_store_url']}/api/v1/file_stores/sha1")
|
||||
end
|
||||
|
||||
it 'should be able to perform platforms_for_build action' do
|
||||
get :platforms_for_build, format: :json
|
||||
response.should render_template(:index)
|
||||
|
|
Loading…
Reference in New Issue