haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-08-22 00:43:28 +00:00
Code Issues Releases Wiki Activity

update permission check wehn unstar item

Browse Source
This commit is contained in:
sniper-py 2019-05-14 10:44:38 +08:00 committed by lian
parent 3cc43d9041
commit 88b24c609c
2 changed files with 49 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
seahub/api2/endpoints/starred_items.py
View File

@ -195,13 +195,20 @@ class StarredItems(APIView):
error_msg = 'path invalid.' error_msg = 'path invalid.'
return api_error(status.HTTP_400_BAD_REQUEST, error_msg) return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
# permission check # handler path if item exist
if not check_folder_permission(request, repo_id, '/'): if seafile_api.get_dir_id_by_path(repo_id, path):
error_msg = 'Permission denied.' path = normalize_dir_path(path)
return api_error(status.HTTP_403_FORBIDDEN, error_msg) elif seafile_api.get_file_id_by_path(repo_id, path):
path = normalize_file_path(path)
email = request.user.username
# database record check
if not UserStarredFiles.objects.get_starred_item(email, repo_id, path):
error_msg = 'Item %s not found.' % path
return api_error(status.HTTP_404_NOT_FOUND, error_msg)
# unstar a item # unstar a item
email = request.user.username
try: try:
UserStarredFiles.objects.delete_starred_item(email, repo_id, path) UserStarredFiles.objects.delete_starred_item(email, repo_id, path)
except Exception as e: except Exception as e:

38
tests/api/endpoints/test_starred_items.py
View File

@ -1,5 +1,5 @@
import json import json
from tests.common.utils import randstring
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse
@ -85,6 +85,24 @@ class StarredItemsTest(BaseTestCase):
# confirm file is unstarred # confirm file is unstarred
assert is_file_starred(self.user_name, self.repo_id, self.file) is False assert is_file_starred(self.user_name, self.repo_id, self.file) is False
def test_can_not_unstar_file_when_path_is_wrong(self):
self.login_as(self.user)
# first star a file
data = {'repo_id': self.repo_id, 'path': self.file}
resp = self.client.post(self.url, data)
self.assertEqual(200, resp.status_code)
# confirm file is starred
assert is_file_starred(self.user_name, self.repo_id, self.file) is True
# can not unstar a file when path is wrong
resp = self.client.delete(self.url + '?repo_id=%s&path=%s' % (self.repo_id, self.file[:2] + randstring(5) + self.file[2:]))
self.assertEqual(404, resp.status_code)
# confirm file is starred
assert is_file_starred(self.user_name, self.repo_id, self.file) is True
def test_can_unstar_folder(self): def test_can_unstar_folder(self):
self.login_as(self.user) self.login_as(self.user)
@ -102,3 +120,21 @@ class StarredItemsTest(BaseTestCase):
# confirm folder is unstarred # confirm folder is unstarred
assert is_file_starred(self.user_name, self.repo_id, self.folder_path) is False assert is_file_starred(self.user_name, self.repo_id, self.folder_path) is False
def test_can_not_unstar_folder_when_path_is_wrong(self):
self.login_as(self.user)
# first star a folder
data = {'repo_id': self.repo_id, 'path': self.folder_path}
resp = self.client.post(self.url, data)
self.assertEqual(200, resp.status_code)
# confirm folder is starred
assert is_file_starred(self.user_name, self.repo_id, self.folder_path) is True
# can not unstar a folder when path is wrong
resp = self.client.delete(self.url + '?repo_id=%s&path=%s' % (self.repo_id, self.folder_path[:2] + randstring(5) + self.folder_path[2:]))
self.assertEqual(404, resp.status_code)
# confirm folder is starred
assert is_file_starred(self.user_name, self.repo_id, self.folder_path) is True