external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(FastAPI): maintainers are allowed to unflag their packages

Browse source 
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2021-10-15 15:11:45 -07:00
parent 81c9312606
commit 71b3f781f7
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
2 changed files with 27 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
aurweb/routers/packages.py
View file

@ -820,7 +820,7 @@ async def pkgbase_unflag(request: Request, name: str):
pkgbase = get_pkg_or_base(name, PackageBase) pkgbase = get_pkg_or_base(name, PackageBase)
has_cred = request.user.has_credential( has_cred = request.user.has_credential(
"CRED_PKGBASE_UNFLAG", approved=[pkgbase.Flagger]) "CRED_PKGBASE_UNFLAG", approved=[pkgbase.Flagger, pkgbase.Maintainer])
if has_cred: if has_cred:
with db.begin(): with db.begin():
pkgbase.OutOfDateTS = None pkgbase.OutOfDateTS = None

30
test/test_packages_routes.py
View file

@ -1713,7 +1713,9 @@ def test_pkgbase_flag(client: TestClient, user: User, maintainer: User,
# Flag it with a valid comment. # Flag it with a valid comment.
with client as request: with client as request:
resp = request.post(endpoint, {"comments": "Test"}, cookies=cookies) resp = request.post(endpoint, data={
"comments": "Test"
}, cookies=cookies)
assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.status_code == int(HTTPStatus.SEE_OTHER)
assert pkgbase.Flagger == user assert pkgbase.Flagger == user
assert pkgbase.FlaggerComment == "Test" assert pkgbase.FlaggerComment == "Test"
@ -1724,14 +1726,34 @@ def test_pkgbase_flag(client: TestClient, user: User, maintainer: User,
resp = request.get(endpoint, cookies=cookies, allow_redirects=False) resp = request.get(endpoint, cookies=cookies, allow_redirects=False)
assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.status_code == int(HTTPStatus.SEE_OTHER)
# Now, test that the 'maintainer' user can't unflag it, because they with db.begin():
user2 = db.create(User, Username="test2",
Email="test2@example.org",
Passwd="testPassword",
AccountType=user.AccountType)
# Now, test that the 'user2' user can't unflag it, because they
# didn't flag it to begin with. # didn't flag it to begin with.
maint_cookies = {"AURSID": maintainer.login(Request(), "testPassword")} user2_cookies = {"AURSID": user2.login(Request(), "testPassword")}
endpoint = f"/pkgbase/{pkgbase.Name}/unflag" endpoint = f"/pkgbase/{pkgbase.Name}/unflag"
with client as request:
resp = request.post(endpoint, cookies=user2_cookies)
assert resp.status_code == int(HTTPStatus.SEE_OTHER)
assert pkgbase.Flagger == user
# Now, test that the 'maintainer' user can.
maint_cookies = {"AURSID": maintainer.login(Request(), "testPassword")}
with client as request: with client as request:
resp = request.post(endpoint, cookies=maint_cookies) resp = request.post(endpoint, cookies=maint_cookies)
assert resp.status_code == int(HTTPStatus.SEE_OTHER) assert resp.status_code == int(HTTPStatus.SEE_OTHER)
assert pkgbase.Flagger == user assert pkgbase.Flagger is None
# Flag it again.
with client as request:
resp = request.post(f"/pkgbase/{pkgbase.Name}/flag", data={
"comments": "Test"
}, cookies=cookies)
assert resp.status_code == int(HTTPStatus.SEE_OTHER)
# Now, unflag it for real. # Now, unflag it for real.
with client as request: with client as request: