This commit is contained in:
parent
68ae071267
commit
ea2b64b602
|
@ -79,7 +79,10 @@ def test_workflow_trigger(pub, local_user):
|
|||
|
||||
# verify trigger presence (not-404 response)
|
||||
formdata.store() # reset
|
||||
get_app(pub).get(sign_uri(formdata.get_url() + 'jump/trigger/XXX'), status=403) # not 404: ok
|
||||
resp = get_app(pub).get(
|
||||
sign_uri(formdata.get_url() + 'jump/trigger/XXX'), headers={'accept': 'application/json'}, status=403
|
||||
) # not 404: ok
|
||||
assert resp.json['err_desc'] == 'wrong HTTP method (must be POST)'
|
||||
assert formdef.data_class().get(formdata.id).status == 'wf-st1'
|
||||
get_app(pub).get(sign_uri(formdata.get_url() + 'jump/trigger/ABC'), status=404)
|
||||
# jump, and then test trigger is not available
|
||||
|
@ -385,8 +388,17 @@ def test_workflow_trigger_http_auth_access(pub, local_user):
|
|||
access.store()
|
||||
|
||||
app = get_app(pub)
|
||||
app.set_authorization(('Basic', ('test', 'wrong')))
|
||||
resp = app.post(
|
||||
formdata.get_url() + 'jump/trigger/XXX/', headers={'accept': 'application/json'}, status=403
|
||||
)
|
||||
assert resp.json['err_desc'] == 'user not authenticated'
|
||||
|
||||
app.set_authorization(('Basic', ('test', '12345')))
|
||||
app.post(formdata.get_url() + 'jump/trigger/XXX/', status=403)
|
||||
resp = app.post(
|
||||
formdata.get_url() + 'jump/trigger/XXX/', headers={'accept': 'application/json'}, status=403
|
||||
)
|
||||
assert resp.json['err_desc'] == 'unsufficient roles'
|
||||
assert formdef.data_class().get(formdata.id).status == 'wf-st1' # no change
|
||||
|
||||
access.roles = [role]
|
||||
|
|
|
@ -80,11 +80,14 @@ class TriggerDirectory(Directory):
|
|||
if not item.get_target_status():
|
||||
raise errors.PublishError('broken jump / missing target')
|
||||
if not get_request().get_method() == 'POST':
|
||||
raise errors.AccessForbiddenError()
|
||||
raise errors.AccessForbiddenError('wrong HTTP method (must be POST)')
|
||||
if signed_request and not item.by:
|
||||
pass
|
||||
elif not item.check_auth(self.formdata, user):
|
||||
raise errors.AccessForbiddenError()
|
||||
else:
|
||||
if not user:
|
||||
raise errors.AccessForbiddenError('user not authenticated')
|
||||
if not item.check_auth(self.formdata, user):
|
||||
raise errors.AccessForbiddenError('unsufficient roles')
|
||||
if item.check_condition(self.formdata, trigger=component):
|
||||
workflow_data = None
|
||||
if hasattr(get_request(), '_json'):
|
||||
|
|
Loading…
Reference in New Issue