allura
| Revisión | dd64b9401ad41dc3c92aff955d7c5a56ab300952 (tree) |
|---|---|
| Tiempo | 2012-07-11 13:58:37 |
| Autor | Dave Brondsema <dbrondsema@geek...> |
| Commiter | Dave Brondsema |
[#4272] do "read" checks in the rest api ticket index
ForgeTracker/forgetracker/tests/functional/test_root.py (diff) ForgeTracker/forgetracker/tracker_main.py (diff)| @@ -163,12 +163,21 @@ class TestFunctionalController(TrackerTestController): | ||
| 163 | 163 | r = self.app.get('/p/test/bugs/search/?q=ticket', extra_environ=env) |
| 164 | 164 | assert '1 results' in r |
| 165 | 165 | assert 'Private Ticket' not in r |
| 166 | + # ... or in search feed... | |
| 167 | + r = self.app.get('/p/test/bugs/search_feed?q=ticket', extra_environ=env) | |
| 168 | + assert 'Private Ticket' not in r | |
| 166 | 169 | # ...and can't get to the private ticket directly. |
| 167 | 170 | r = self.app.get(ticket_view.request.url, extra_environ=env) |
| 168 | 171 | assert 'Private Ticket' not in r |
| 169 | 172 | # ... and it doesn't appear in the feed |
| 170 | 173 | r = self.app.get('/p/test/bugs/feed.atom') |
| 171 | 174 | assert 'Private Ticket' not in r |
| 175 | + # ... or in the API ... | |
| 176 | + r = self.app.get('/rest/p/test/bugs/2/') | |
| 177 | + assert 'Private Ticket' not in r | |
| 178 | + assert '/auth/?return_to' in r.headers['Location'] | |
| 179 | + r = self.app.get('/rest/p/test/bugs/') | |
| 180 | + assert 'Private Ticket' not in r | |
| 172 | 181 | |
| 173 | 182 | @td.with_tool('test', 'Tickets', 'doc-bugs') |
| 174 | 183 | def test_two_trackers(self): |
| @@ -1304,10 +1304,14 @@ class RootRestController(BaseController): | ||
| 1304 | 1304 | require_access(c.app, 'read') |
| 1305 | 1305 | |
| 1306 | 1306 | @expose('json:') |
| 1307 | - def index(self, **kw): | |
| 1308 | - return dict(tickets=[ | |
| 1309 | - dict(ticket_num=t.ticket_num, summary=t.summary) | |
| 1310 | - for t in TM.Ticket.query.find(dict(app_config_id=c.app.config._id)).sort('ticket_num') ]) | |
| 1307 | + def index(self, limit=100, page=0, **kw): | |
| 1308 | + results = TM.Ticket.paged_query(c.app.config, c.user, query={}, | |
| 1309 | + limit=int(limit), page=int(page)) | |
| 1310 | + results['tickets'] = [dict(ticket_num=t.ticket_num, summary=t.summary) | |
| 1311 | + for t in results['tickets']] | |
| 1312 | + results.pop('q', None) | |
| 1313 | + results.pop('sort', None) | |
| 1314 | + return results | |
| 1311 | 1315 | |
| 1312 | 1316 | @expose() |
| 1313 | 1317 | @h.vardec |
sado
Fork
allura