Change permissions model so that non-admins do not get org-wide read

Fixes #1684
2016-08-04 16:23:09 -04:00 · 2016-08-04 16:23:09 -04:00 · c4daf1cc3d
commit c4daf1cc3d
parent 5a4e557d90
5 changed files with 225 additions and 102 deletions
--- a/test/registry_tests.py
+++ b/test/registry_tests.py
@ -1012,10 +1012,17 @@ class RegistryTestsMixin(object):
  def test_create_repo_creator_user(self):
    self.do_push('buynlarge', 'newrepo', 'creator', 'password')

+    # Pull the repository as creator, as they created it.
+    self.do_pull('buynlarge', 'newrepo', 'creator', 'password')
+
    # Pull the repository as devtable, which should succeed because the repository is owned by the
    # org.
    self.do_pull('buynlarge', 'newrepo', 'devtable', 'password')

+    # Attempt to pull the repository as reader, which should fail.
+    self.do_pull('buynlarge', 'newrepo', 'reader', 'password',
+                 expect_failure=FailureCodes.UNAUTHORIZED)
+

  def test_create_repo_robot_owner(self):
    # Lookup the robot's password.