export_import: limit APIs to admin users (#88132)
gitea/combo/pipeline/head This commit looks good
Details
gitea/combo/pipeline/head This commit looks good
Details
This commit is contained in:
parent
50cd07545c
commit
820bab39b7
|
@ -40,7 +40,7 @@ klasses['roles'] = Group
|
|||
|
||||
|
||||
class Index(GenericAPIView):
|
||||
permission_classes = (permissions.IsAuthenticated,)
|
||||
permission_classes = (permissions.IsAdminUser,)
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
if is_portal_agent():
|
||||
|
@ -128,7 +128,7 @@ def get_component_bundle_entry(request, component, order):
|
|||
|
||||
|
||||
class ListComponents(GenericAPIView):
|
||||
permission_classes = (permissions.IsAuthenticated,)
|
||||
permission_classes = (permissions.IsAdminUser,)
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
klass = klasses[kwargs['component_type']]
|
||||
|
@ -146,7 +146,7 @@ list_components = ListComponents.as_view()
|
|||
|
||||
|
||||
class ExportComponent(GenericAPIView):
|
||||
permission_classes = (permissions.IsAuthenticated,)
|
||||
permission_classes = (permissions.IsAdminUser,)
|
||||
|
||||
def get(self, request, uuid, *args, **kwargs):
|
||||
serialisation = get_object_or_404(Page, uuid=uuid).get_serialized_page()
|
||||
|
@ -157,7 +157,7 @@ export_component = ExportComponent.as_view()
|
|||
|
||||
|
||||
class ComponentDependencies(GenericAPIView):
|
||||
permission_classes = (permissions.IsAuthenticated,)
|
||||
permission_classes = (permissions.IsAdminUser,)
|
||||
|
||||
def get(self, request, uuid, *args, **kwargs):
|
||||
klass = klasses[kwargs['component_type']]
|
||||
|
@ -200,7 +200,7 @@ def component_redirect(request, component_type, uuid):
|
|||
|
||||
|
||||
class BundleCheck(GenericAPIView):
|
||||
permission_classes = (permissions.IsAuthenticated,)
|
||||
permission_classes = (permissions.IsAdminUser,)
|
||||
|
||||
def put(self, request, *args, **kwargs):
|
||||
tar_io = io.BytesIO(request.read())
|
||||
|
@ -311,7 +311,7 @@ bundle_check = BundleCheck.as_view()
|
|||
|
||||
|
||||
class BundleImport(GenericAPIView):
|
||||
permission_classes = (permissions.IsAuthenticated,)
|
||||
permission_classes = (permissions.IsAdminUser,)
|
||||
action = 'import_bundle'
|
||||
|
||||
def put(self, request, *args, **kwargs):
|
||||
|
@ -338,7 +338,6 @@ bundle_import = BundleImport.as_view()
|
|||
|
||||
|
||||
class BundleDeclare(BundleImport):
|
||||
permission_classes = (permissions.IsAuthenticated,)
|
||||
action = 'declare_bundle'
|
||||
|
||||
|
||||
|
@ -346,7 +345,7 @@ bundle_declare = BundleDeclare.as_view()
|
|||
|
||||
|
||||
class BundleUnlink(GenericAPIView):
|
||||
permission_classes = (permissions.IsAuthenticated,)
|
||||
permission_classes = (permissions.IsAdminUser,)
|
||||
|
||||
def post(self, request, *args, **kwargs):
|
||||
if request.POST.get('application'):
|
||||
|
|
|
@ -28,8 +28,8 @@ from .wcs.utils import MockedRequestResponse, mocked_requests_send
|
|||
pytestmark = pytest.mark.django_db
|
||||
|
||||
|
||||
def test_object_types(settings, app, john_doe):
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
def test_object_types(settings, app, admin_user):
|
||||
app.authorization = ('Basic', (admin_user.username, admin_user.username))
|
||||
resp = app.get('/api/export-import/')
|
||||
assert resp.json == {
|
||||
'data': [
|
||||
|
@ -71,8 +71,8 @@ def test_object_types(settings, app, john_doe):
|
|||
}
|
||||
|
||||
|
||||
def test_list(app, john_doe):
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
def test_list(app, admin_user):
|
||||
app.authorization = ('Basic', (admin_user.username, admin_user.username))
|
||||
Page.objects.all().delete()
|
||||
page = Page(title='Test', slug='test', template_name='standard')
|
||||
page.save()
|
||||
|
@ -115,8 +115,8 @@ def test_list(app, john_doe):
|
|||
}
|
||||
|
||||
|
||||
def test_export_page(app, john_doe):
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
def test_export_page(app, admin_user):
|
||||
app.authorization = ('Basic', (admin_user.username, admin_user.username))
|
||||
Page.objects.all().delete()
|
||||
page = Page(title='Test', slug='test', template_name='standard')
|
||||
page.save()
|
||||
|
@ -126,8 +126,8 @@ def test_export_page(app, john_doe):
|
|||
app.get('/api/export-import/pages/%s/' % uuid.uuid4(), status=404)
|
||||
|
||||
|
||||
def test_export_page_with_role(app, john_doe):
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
def test_export_page_with_role(app, admin_user):
|
||||
app.authorization = ('Basic', (admin_user.username, admin_user.username))
|
||||
group = Group(name='plop')
|
||||
group.save()
|
||||
Page.objects.all().delete()
|
||||
|
@ -138,8 +138,8 @@ def test_export_page_with_role(app, john_doe):
|
|||
assert resp.json['data']['fields']['groups'] == ['plop']
|
||||
|
||||
|
||||
def test_page_dependencies(app, john_doe):
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
def test_page_dependencies(app, admin_user):
|
||||
app.authorization = ('Basic', (admin_user.username, admin_user.username))
|
||||
page = Page.objects.create(title='Test', slug='test', template_name='standard')
|
||||
resp = app.get(f'/api/export-import/pages/{page.uuid}/dependencies/')
|
||||
assert resp.json == {'data': [], 'err': 0}
|
||||
|
@ -147,8 +147,8 @@ def test_page_dependencies(app, john_doe):
|
|||
app.get('/api/export-import/pages/%s/dependencies/' % uuid.uuid4(), status=404)
|
||||
|
||||
|
||||
def test_page_dependencies_groups(app, john_doe):
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
def test_page_dependencies_groups(app, admin_user):
|
||||
app.authorization = ('Basic', (admin_user.username, admin_user.username))
|
||||
group1 = Group(name='plop1')
|
||||
group1.save()
|
||||
group2 = Group(name='plop2')
|
||||
|
@ -172,8 +172,8 @@ def test_page_dependencies_groups(app, john_doe):
|
|||
}
|
||||
|
||||
|
||||
def test_page_dependencies_children(app, john_doe):
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
def test_page_dependencies_children(app, admin_user):
|
||||
app.authorization = ('Basic', (admin_user.username, admin_user.username))
|
||||
page = Page(title='Test', slug='test', template_name='standard')
|
||||
page.save()
|
||||
page2 = Page(title='Child', slug='child', template_name='standard', parent=page)
|
||||
|
@ -198,8 +198,7 @@ def test_page_dependencies_children(app, john_doe):
|
|||
}
|
||||
|
||||
|
||||
def test_page_redirect(app, john_doe):
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
def test_page_redirect(app):
|
||||
page = Page(title='Test', slug='test', template_name='standard')
|
||||
page.save()
|
||||
redirect_url = f'/api/export-import/pages/{page.uuid}/redirect/'
|
||||
|
@ -257,7 +256,7 @@ def create_bundle(elements, *args, **kwargs):
|
|||
|
||||
|
||||
@pytest.fixture
|
||||
def bundle(app, john_doe):
|
||||
def bundle(app, admin_user):
|
||||
page, dummy = Page.objects.get_or_create(
|
||||
slug='test', defaults={'title': 'Test Page', 'template_name': 'standard'}
|
||||
)
|
||||
|
@ -270,8 +269,8 @@ def bundle(app, john_doe):
|
|||
)
|
||||
|
||||
|
||||
def test_bundle_import(app, john_doe):
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
def test_bundle_import(app, admin_user):
|
||||
app.authorization = ('Basic', (admin_user.username, admin_user.username))
|
||||
|
||||
bundles = []
|
||||
for version_number in ['42.0', '42.1']:
|
||||
|
@ -387,8 +386,8 @@ def test_bundle_import(app, john_doe):
|
|||
)
|
||||
|
||||
|
||||
def test_bundle_import_pages_position(app, john_doe):
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
def test_bundle_import_pages_position(app, admin_user):
|
||||
app.authorization = ('Basic', (admin_user.username, admin_user.username))
|
||||
page1 = Page.objects.create(
|
||||
slug='test1',
|
||||
title='Test Page 1',
|
||||
|
@ -930,8 +929,8 @@ def test_bundle_import_pages_position(app, john_doe):
|
|||
assert Page.objects.get(uuid=page2.uuid).parent is None
|
||||
|
||||
|
||||
def test_bundle_declare(app, john_doe):
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
def test_bundle_declare(app, admin_user):
|
||||
app.authorization = ('Basic', (admin_user.username, admin_user.username))
|
||||
|
||||
page, dummy = Page.objects.get_or_create(
|
||||
slug='test', defaults={'title': 'Test Page', 'template_name': 'standard'}
|
||||
|
@ -1031,8 +1030,8 @@ def test_bundle_declare(app, john_doe):
|
|||
)
|
||||
|
||||
|
||||
def test_bundle_unlink(app, john_doe, bundle):
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
def test_bundle_unlink(app, admin_user, bundle):
|
||||
app.authorization = ('Basic', (admin_user.username, admin_user.username))
|
||||
|
||||
application = Application.objects.create(
|
||||
name='Test',
|
||||
|
@ -1086,8 +1085,8 @@ def test_bundle_unlink(app, john_doe, bundle):
|
|||
assert ApplicationElement.objects.count() == 2
|
||||
|
||||
|
||||
def test_bundle_check(app, john_doe):
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
def test_bundle_check(app, admin_user):
|
||||
app.authorization = ('Basic', (admin_user.username, admin_user.username))
|
||||
|
||||
bundles = []
|
||||
for version_number in ['1.0', '2.0']:
|
||||
|
@ -1249,7 +1248,7 @@ def test_bundle_check(app, john_doe):
|
|||
|
||||
|
||||
@mock.patch('requests.Session.send', side_effect=mocked_requests_send)
|
||||
def test_page_dependencies_card_models(mock_send, app, john_doe):
|
||||
def test_page_dependencies_card_models(mock_send, app, admin_user):
|
||||
page = Page.objects.create(
|
||||
title='Test',
|
||||
slug='test',
|
||||
|
@ -1268,7 +1267,7 @@ def test_page_dependencies_card_models(mock_send, app, john_doe):
|
|||
}
|
||||
assert card_dep in page.get_dependencies()
|
||||
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
app.authorization = ('Basic', (admin_user.username, admin_user.username))
|
||||
with mock.patch('requests.Session.get') as requests_get:
|
||||
requests_get.side_effect = ConnectionError()
|
||||
resp = app.get(f'/api/export-import/pages/{page.uuid}/dependencies/', status=400)
|
||||
|
@ -1363,7 +1362,7 @@ def test_page_dependencies_linkslist_cell():
|
|||
|
||||
|
||||
@mock.patch('requests.Session.send', side_effect=mocked_requests_send)
|
||||
def test_page_dependencies_form_cell(mock_send, app, john_doe):
|
||||
def test_page_dependencies_form_cell(mock_send, app, admin_user):
|
||||
page = Page.objects.create(title='Test', slug='test', template_name='standard')
|
||||
cell = WcsFormCell(page=page, placeholder='content', order=0, formdef_reference='default:form-title')
|
||||
cell.save()
|
||||
|
@ -1377,7 +1376,7 @@ def test_page_dependencies_form_cell(mock_send, app, john_doe):
|
|||
'redirect': 'http://127.0.0.1:8999/api/export-import/forms/form-title/redirect/',
|
||||
},
|
||||
} in page.get_dependencies()
|
||||
app.authorization = ('Basic', (john_doe.username, john_doe.username))
|
||||
app.authorization = ('Basic', (admin_user.username, admin_user.username))
|
||||
resp = app.get(f'/api/export-import/pages/{page.uuid}/dependencies/')
|
||||
assert resp.json['data'][0]['type'] == 'forms'
|
||||
|
||||
|
|
Loading…
Reference in New Issue