Change permissions to only load required by default
Permissions now load just the namespace and/or repository permissions requested, with a fallback to a full permissions load if necessary.
This commit is contained in:
Joseph Schorr
parent
685dd1a925
commit
a3aa4592cf
3 changed files with 167 additions and 70 deletions
|
|
@ -69,11 +69,11 @@ app.register_blueprint(webhooks, url_prefix='/webhooks')
|
|||
BASE_QUERY_COUNT = 0
|
||||
|
||||
# The number of queries we run for logged in users on API calls.
|
||||
BASE_LOGGEDIN_QUERY_COUNT = BASE_QUERY_COUNT + 2
|
||||
BASE_LOGGEDIN_QUERY_COUNT = BASE_QUERY_COUNT + 1
|
||||
|
||||
# The number of queries we run for logged in users on API calls that check
|
||||
# access permissions.
|
||||
BASE_ACCESS_QUERY_COUNT = BASE_LOGGEDIN_QUERY_COUNT + 1
|
||||
BASE_PERM_ACCESS_QUERY_COUNT = BASE_LOGGEDIN_QUERY_COUNT + 2
|
||||
|
||||
NO_ACCESS_USER = 'freshuser'
|
||||
READ_ACCESS_USER = 'reader'
|
||||
|
|
@ -265,7 +265,7 @@ class TestUserStarredRepositoryList(ApiTestCase):
|
|||
self.login(READ_ACCESS_USER)
|
||||
|
||||
# Queries: Base + the list query
|
||||
with assert_query_count(BASE_ACCESS_QUERY_COUNT + 1):
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 1):
|
||||
self.getJsonResponse(StarredRepositoryList, expected_code=200)
|
||||
|
||||
def test_star_repo_guest(self):
|
||||
|
|
@ -280,7 +280,7 @@ class TestUserStarredRepositoryList(ApiTestCase):
|
|||
self.login(READ_ACCESS_USER)
|
||||
|
||||
# Queries: Base + the list query
|
||||
with assert_query_count(BASE_ACCESS_QUERY_COUNT + 1):
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 1):
|
||||
json = self.getJsonResponse(StarredRepositoryList)
|
||||
assert json['repositories'] == []
|
||||
|
||||
|
|
@ -667,6 +667,16 @@ class TestConductSearch(ApiTestCase):
|
|||
self.assertEquals(json['results'][0]['name'], 'readers')
|
||||
|
||||
|
||||
def test_explicit_permission(self):
|
||||
self.login('reader')
|
||||
|
||||
json = self.getJsonResponse(ConductSearch,
|
||||
params=dict(query='shared'))
|
||||
|
||||
self.assertEquals(1, len(json['results']))
|
||||
self.assertEquals(json['results'][0]['kind'], 'repository')
|
||||
self.assertEquals(json['results'][0]['name'], 'shared')
|
||||
|
||||
|
||||
class TestGetMatchingEntities(ApiTestCase):
|
||||
def test_notinorg(self):
|
||||
|
|
@ -1355,7 +1365,7 @@ class TestListRepos(ApiTestCase):
|
|||
self.login(READ_ACCESS_USER)
|
||||
|
||||
# Queries: Base + the list query
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 1):
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 2):
|
||||
json = self.getJsonResponse(RepositoryList, params=dict(public=True))
|
||||
|
||||
self.assertGreater(len(json['repositories']), 0)
|
||||
|
|
@ -1374,8 +1384,8 @@ class TestListRepos(ApiTestCase):
|
|||
def test_listrepos_allparams(self):
|
||||
self.login(ADMIN_ACCESS_USER)
|
||||
|
||||
# Queries: Base + the list query + the popularity and last modified queries
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 3):
|
||||
# Queries: Base + the list query + the popularity and last modified queries + full perms load
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 4):
|
||||
json = self.getJsonResponse(RepositoryList,
|
||||
params=dict(namespace=ORGANIZATION,
|
||||
public=False,
|
||||
|
|
@ -1835,8 +1845,8 @@ class TestRepoBuilds(ApiTestCase):
|
|||
def test_getrepo_nobuilds(self):
|
||||
self.login(ADMIN_ACCESS_USER)
|
||||
|
||||
# Queries: Base + the list query
|
||||
with assert_query_count(BASE_ACCESS_QUERY_COUNT + 1):
|
||||
# Queries: Permission + the list query
|
||||
with assert_query_count(2):
|
||||
json = self.getJsonResponse(RepositoryBuildList,
|
||||
params=dict(repository=ADMIN_ACCESS_USER + '/simple'))
|
||||
|
||||
|
|
@ -1845,8 +1855,8 @@ class TestRepoBuilds(ApiTestCase):
|
|||
def test_getrepobuilds(self):
|
||||
self.login(ADMIN_ACCESS_USER)
|
||||
|
||||
# Queries: Base + the list query
|
||||
with assert_query_count(BASE_ACCESS_QUERY_COUNT + 1):
|
||||
# Queries: Permission + the list query
|
||||
with assert_query_count(2):
|
||||
json = self.getJsonResponse(RepositoryBuildList,
|
||||
params=dict(repository=ADMIN_ACCESS_USER + '/building'))
|
||||
|
||||
|
|
@ -2572,12 +2582,12 @@ class TestUserRobots(ApiTestCase):
|
|||
params=dict(robot_shortname='coolbot'),
|
||||
expected_code=201)
|
||||
|
||||
# Queries: Base + the list query
|
||||
with assert_query_count(BASE_ACCESS_QUERY_COUNT + 1):
|
||||
# Queries: Base + the lookup query
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 1):
|
||||
self.getJsonResponse(UserRobotList)
|
||||
|
||||
# Queries: Base + the list query
|
||||
with assert_query_count(BASE_ACCESS_QUERY_COUNT + 1):
|
||||
# Queries: Base + the lookup query
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 1):
|
||||
self.getJsonResponse(UserRobotList, params=dict(permissions=True))
|
||||
|
||||
|
||||
|
|
|
|||
Reference in a new issue