From 411d4e7abbe1226f4c0913b5de4f673a8e73901f Mon Sep 17 00:00:00 2001 From: Jimmy Zelinskie Date: Wed, 5 Aug 2015 17:07:35 -0400 Subject: [PATCH] tag history requires READ instead of WRITE Fixes #315. --- endpoints/api/tag.py | 2 +- test/test_api_security.py | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/endpoints/api/tag.py b/endpoints/api/tag.py index a7b54fdf8..5246ee9c6 100644 --- a/endpoints/api/tag.py +++ b/endpoints/api/tag.py @@ -15,7 +15,7 @@ from auth.auth_context import get_authenticated_user class ListRepositoryTags(RepositoryParamResource): """ Resource for listing full repository tag history, alive *and dead*. """ - @require_repo_write + @require_repo_read @parse_args @query_param('specificTag', 'Filters the tags to the specific tag.', type=str, default='') @query_param('limit', 'Limit to the number of results to return per page. Max 100.', type=int, default=50) diff --git a/test/test_api_security.py b/test/test_api_security.py index 4f14fb9cc..0f0b7994e 100644 --- a/test/test_api_security.py +++ b/test/test_api_security.py @@ -1831,16 +1831,16 @@ class TestListRepositoryTagsTn96PublicPublicrepo(ApiTestCase): self._set_url(ListRepositoryTags, tag="TN96", repository="public/publicrepo") def test_get_anonymous(self): - self._run_test('GET', 401, None, None) + self._run_test('GET', 200, None, None) def test_get_freshuser(self): - self._run_test('GET', 403, 'freshuser', None) + self._run_test('GET', 200, 'freshuser', None) def test_get_reader(self): - self._run_test('GET', 403, 'reader', None) + self._run_test('GET', 200, 'reader', None) def test_get_devtable(self): - self._run_test('GET', 403, 'devtable', None) + self._run_test('GET', 200, 'devtable', None) class TestListRepositoryTagsTn96DevtableShared(ApiTestCase): @@ -1855,7 +1855,7 @@ class TestListRepositoryTagsTn96DevtableShared(ApiTestCase): self._run_test('GET', 403, 'freshuser', None) def test_get_reader(self): - self._run_test('GET', 403, 'reader', None) + self._run_test('GET', 200, 'reader', None) def test_get_devtable(self): self._run_test('GET', 200, 'devtable', None) @@ -1873,7 +1873,7 @@ class TestListRepositoryTagsTn96BuynlargeOrgrepo(ApiTestCase): self._run_test('GET', 403, 'freshuser', None) def test_get_reader(self): - self._run_test('GET', 403, 'reader', None) + self._run_test('GET', 200, 'reader', None) def test_get_devtable(self): self._run_test('GET', 200, 'devtable', None)