entrouvert
/
passerelle
15
0
Fork 0
Code Issues Pull Requests 15 Releases Activity

actesweb: add group write permission on demand files (#30143)

This commit is contained in:
Serghei Mihai 2019-01-28 18:32:43 +01:00
parent 38149ceacb
commit 7a30fa535b
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
passerelle/apps/actesweb/models.py
View File

@ -89,6 +89,6 @@ class ActesWeb(BaseResource):
tempfile_name = tpf.name
os.rename(tempfile_name, filepath)
# set read only permission for owner and group
os.chmod(filepath, stat.S_IRUSR|stat.S_IRGRP)
os.chmod(filepath, stat.S_IRUSR|stat.S_IRGRP|stat.S_IWGRP)
demand_id = '%s_%s' % (application_id, os.path.basename(filepath))
return {'data': {'demand_id': demand_id}}

6
tests/test_actesweb.py
View File

@ -158,9 +158,11 @@ def test_demand_creation(app, payload, actesweb):
response = app.post_json(url, params=payload['death'])
demand_id = response.json['data']['demand_id']
demfile = get_demand_filepath(actesweb, demand_id)
# make sure only owner and group can read file
assert bool(os.stat(demfile).st_mode & stat.S_IRGRP)
# make sure only owner can read file
assert bool(os.stat(demfile).st_mode & stat.S_IRUSR)
# make sure group can read and write (move) file
assert bool(os.stat(demfile).st_mode & stat.S_IRGRP)
assert bool(os.stat(demfile).st_mode & stat.S_IWGRP)
# and no others
assert not bool(os.stat(demfile).st_mode & stat.S_IRWXO)
assert_file_content_values(