Merge pull request #1294 from coreos-inc/partialperms
Change permissions to only load required by default
This commit is contained in:
josephschorr
commit
edb157c5cb
3 changed files with 187 additions and 83 deletions
|
|
@ -69,11 +69,11 @@ app.register_blueprint(webhooks, url_prefix='/webhooks')
|
|||
BASE_QUERY_COUNT = 0
|
||||
|
||||
# The number of queries we run for logged in users on API calls.
|
||||
BASE_LOGGEDIN_QUERY_COUNT = BASE_QUERY_COUNT + 2
|
||||
BASE_LOGGEDIN_QUERY_COUNT = BASE_QUERY_COUNT + 1
|
||||
|
||||
# The number of queries we run for logged in users on API calls that check
|
||||
# access permissions.
|
||||
BASE_ACCESS_QUERY_COUNT = BASE_LOGGEDIN_QUERY_COUNT + 1
|
||||
BASE_PERM_ACCESS_QUERY_COUNT = BASE_LOGGEDIN_QUERY_COUNT + 2
|
||||
|
||||
NO_ACCESS_USER = 'freshuser'
|
||||
READ_ACCESS_USER = 'reader'
|
||||
|
|
@ -265,7 +265,7 @@ class TestUserStarredRepositoryList(ApiTestCase):
|
|||
self.login(READ_ACCESS_USER)
|
||||
|
||||
# Queries: Base + the list query
|
||||
with assert_query_count(BASE_ACCESS_QUERY_COUNT + 1):
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 1):
|
||||
self.getJsonResponse(StarredRepositoryList, expected_code=200)
|
||||
|
||||
def test_star_repo_guest(self):
|
||||
|
|
@ -280,7 +280,7 @@ class TestUserStarredRepositoryList(ApiTestCase):
|
|||
self.login(READ_ACCESS_USER)
|
||||
|
||||
# Queries: Base + the list query
|
||||
with assert_query_count(BASE_ACCESS_QUERY_COUNT + 1):
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 1):
|
||||
json = self.getJsonResponse(StarredRepositoryList)
|
||||
assert json['repositories'] == []
|
||||
|
||||
|
|
@ -686,6 +686,16 @@ class TestConductSearch(ApiTestCase):
|
|||
self.assertEquals(json['results'][0]['name'], 'readers')
|
||||
|
||||
|
||||
def test_explicit_permission(self):
|
||||
self.login('reader')
|
||||
|
||||
json = self.getJsonResponse(ConductSearch,
|
||||
params=dict(query='shared'))
|
||||
|
||||
self.assertEquals(1, len(json['results']))
|
||||
self.assertEquals(json['results'][0]['kind'], 'repository')
|
||||
self.assertEquals(json['results'][0]['name'], 'shared')
|
||||
|
||||
|
||||
class TestGetMatchingEntities(ApiTestCase):
|
||||
def test_notinorg(self):
|
||||
|
|
@ -1374,7 +1384,7 @@ class TestListRepos(ApiTestCase):
|
|||
self.login(READ_ACCESS_USER)
|
||||
|
||||
# Queries: Base + the list query
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 1):
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 2):
|
||||
json = self.getJsonResponse(RepositoryList, params=dict(public=True))
|
||||
|
||||
self.assertGreater(len(json['repositories']), 0)
|
||||
|
|
@ -1393,8 +1403,8 @@ class TestListRepos(ApiTestCase):
|
|||
def test_listrepos_allparams(self):
|
||||
self.login(ADMIN_ACCESS_USER)
|
||||
|
||||
# Queries: Base + the list query + the popularity and last modified queries
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 3):
|
||||
# Queries: Base + the list query + the popularity and last modified queries + full perms load
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 4):
|
||||
json = self.getJsonResponse(RepositoryList,
|
||||
params=dict(namespace=ORGANIZATION,
|
||||
public=False,
|
||||
|
|
@ -1854,8 +1864,8 @@ class TestRepoBuilds(ApiTestCase):
|
|||
def test_getrepo_nobuilds(self):
|
||||
self.login(ADMIN_ACCESS_USER)
|
||||
|
||||
# Queries: Base + the list query
|
||||
with assert_query_count(BASE_ACCESS_QUERY_COUNT + 1):
|
||||
# Queries: Permission + the list query
|
||||
with assert_query_count(2):
|
||||
json = self.getJsonResponse(RepositoryBuildList,
|
||||
params=dict(repository=ADMIN_ACCESS_USER + '/simple'))
|
||||
|
||||
|
|
@ -1864,8 +1874,8 @@ class TestRepoBuilds(ApiTestCase):
|
|||
def test_getrepobuilds(self):
|
||||
self.login(ADMIN_ACCESS_USER)
|
||||
|
||||
# Queries: Base + the list query
|
||||
with assert_query_count(BASE_ACCESS_QUERY_COUNT + 1):
|
||||
# Queries: Permission + the list query
|
||||
with assert_query_count(2):
|
||||
json = self.getJsonResponse(RepositoryBuildList,
|
||||
params=dict(repository=ADMIN_ACCESS_USER + '/building'))
|
||||
|
||||
|
|
@ -2295,9 +2305,10 @@ class TestListAndDeleteTag(ApiTestCase):
|
|||
def test_listtagpagination(self):
|
||||
self.login(ADMIN_ACCESS_USER)
|
||||
|
||||
latest_image = model.tag.get_tag_image(ADMIN_ACCESS_USER, "complex", "prod")
|
||||
|
||||
for i in xrange(1, 100):
|
||||
model.tag.create_or_update_tag(ADMIN_ACCESS_USER, "complex", "tag" + str(i),
|
||||
"1d8cbff4e0363d1826c6a0b64ef0bc501d8cbff4e0363d1826c6a0b64ef0bc50")
|
||||
model.tag.create_or_update_tag(ADMIN_ACCESS_USER, "complex", "tag" + str(i), latest_image.docker_image_id)
|
||||
|
||||
json = self.getJsonResponse(ListRepositoryTags,
|
||||
params=dict(repository=ADMIN_ACCESS_USER + '/complex', page=2))
|
||||
|
|
@ -2591,12 +2602,12 @@ class TestUserRobots(ApiTestCase):
|
|||
params=dict(robot_shortname='coolbot'),
|
||||
expected_code=201)
|
||||
|
||||
# Queries: Base + the list query
|
||||
with assert_query_count(BASE_ACCESS_QUERY_COUNT + 1):
|
||||
# Queries: Base + the lookup query
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 1):
|
||||
self.getJsonResponse(UserRobotList)
|
||||
|
||||
# Queries: Base + the list query
|
||||
with assert_query_count(BASE_ACCESS_QUERY_COUNT + 1):
|
||||
# Queries: Base + the lookup query
|
||||
with assert_query_count(BASE_LOGGEDIN_QUERY_COUNT + 1):
|
||||
self.getJsonResponse(UserRobotList, params=dict(permissions=True))
|
||||
|
||||
|
||||
|
|
|
|||
Reference in a new issue