diff --git a/seahub/api2/views.py b/seahub/api2/views.py index 48663fd2c3..f318d0b774 100644 --- a/seahub/api2/views.py +++ b/seahub/api2/views.py @@ -1077,10 +1077,7 @@ class RepoHistoryLimit(APIView): username = request.user.username # no settings for virtual repo - if repo.is_virtual or \ - not config.ENABLE_REPO_HISTORY_SETTING or \ - username != repo_owner: - + if repo.is_virtual or username != repo_owner: error_msg = 'Permission denied.' return api_error(status.HTTP_403_FORBIDDEN, error_msg) diff --git a/tests/api/test_repo_history_limit.py b/tests/api/test_repo_history_limit.py index 614a04eeae..ede0573050 100644 --- a/tests/api/test_repo_history_limit.py +++ b/tests/api/test_repo_history_limit.py @@ -4,6 +4,8 @@ import json from django.core.urlresolvers import reverse +from constance import config + from seahub.test_utils import BaseTestCase class RepoTest(BaseTestCase): @@ -20,6 +22,15 @@ class RepoTest(BaseTestCase): json_resp = json.loads(resp.content) assert json_resp['keep_days'] == -1 + def test_can_get_history_limit_if_setting_not_enabled(self): + self.login_as(self.user) + + config.ENABLE_REPO_HISTORY_SETTING = False + + resp = self.client.get(reverse("api2-repo-history-limit", args=[self.user_repo_id])) + json_resp = json.loads(resp.content) + assert json_resp['keep_days'] == -1 + def test_can_set_history_limit(self): self.login_as(self.user) url = reverse("api2-repo-history-limit", args=[self.user_repo_id]) @@ -74,3 +85,13 @@ class RepoTest(BaseTestCase): data = 'keep_days=%s' % 'invalid-arg' resp = self.client.put(url, data, 'application/x-www-form-urlencoded') self.assertEqual(400, resp.status_code) + + def test_can_not_set_if_setting_not_enabled(self): + self.login_as(self.user) + + config.ENABLE_REPO_HISTORY_SETTING = False + + url = reverse("api2-repo-history-limit", args=[self.user_repo_id]) + data = 'keep_days=%s' % 6 + resp = self.client.put(url, data, 'application/x-www-form-urlencoded') + self.assertEqual(403, resp.status_code)