add can generate share link to perm check (#3535)

2025-04-28 03:10:45 +00:00 · 2019-05-24 18:19:01 +08:00 · 2019-05-24 18:19:01 +08:00 · 17b5312fb0
commit 17b5312fb0
parent 32dce0cd0f
2 changed files with 9 additions and 1 deletions
--- a/seahub/api2/endpoints/wikis.py
+++ b/seahub/api2/endpoints/wikis.py
@ -96,7 +96,7 @@ class WikisView(APIView):
            return api_error(status.HTTP_404_NOT_FOUND, error_msg)

        # check perm
-        if not request.user.permissions.can_publish_repo():
+        if not (request.user.permissions.can_publish_repo() and request.user.permissions.can_generate_share_link()):
            error_msg = 'Permission denied.'
            return api_error(status.HTTP_403_FORBIDDEN, error_msg)

--- a/tests/api/endpoints/test_wikis.py
+++ b/tests/api/endpoints/test_wikis.py
@ -19,6 +19,8 @@ TEST_CAN_USE_WIKI_FALSE['default']['can_use_wiki'] = False
 TEST_CAN_PUBLISH_REPO_FALSE = copy.deepcopy(ENABLED_ROLE_PERMISSIONS)
 TEST_CAN_PUBLISH_REPO_FALSE['default']['can_publish_repo'] = False

+TEST_CAN_GENERATE_SHARE_LINK = copy.deepcopy(ENABLED_ROLE_PERMISSIONS)
+TEST_CAN_GENERATE_SHARE_LINK['default']['can_generate_share_link'] = False

@override_settings(ENABLE_WIKI=True)
 class WikisViewTest(BaseTestCase):
@ -101,6 +103,12 @@ class WikisViewTest(BaseTestCase):
            })
            self.assertEqual(403, resp.status_code)

+    def test_403_when_add_wiki_with_can_generate_share_link_false(self):
+        with patch('seahub.role_permissions.utils.ENABLED_ROLE_PERMISSIONS', TEST_CAN_GENERATE_SHARE_LINK):
+            resp = self.client.post(self.url, {
+                'repo_id': self.repo.id,
+            })
+            self.assertEqual(403, resp.status_code)

 class WikiViewTest(BaseTestCase):
    def setUp(self):