changeset 2201:c4489bad0cd2

fix acl permissions when getting subscribers
author Ana Balica <ana.balica@gmail.com>
date Mon, 23 Sep 2013 20:43:39 +0200
parents 676c1259bcc9
children 9a719f7dfd9d
files MoinMoin/util/_tests/test_subscriptions.py MoinMoin/util/subscriptions.py
diffstat 2 files changed, 13 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/util/_tests/test_subscriptions.py	Mon Sep 23 20:16:28 2013 +0200
+++ b/MoinMoin/util/_tests/test_subscriptions.py	Mon Sep 23 20:43:39 2013 +0200
@@ -9,7 +9,7 @@
 
 from MoinMoin import user
 from MoinMoin.items import Item
-from MoinMoin.constants.keys import (ITEMID, CONTENTTYPE, NAME, NAMERE, NAMEPREFIX,
+from MoinMoin.constants.keys import (ACL, ITEMID, CONTENTTYPE, NAME, NAMERE, NAMEPREFIX,
                                      SUBSCRIPTIONS, TAGS)
 from MoinMoin.constants.namespaces import NAMESPACE_DEFAULT, NAMESPACE_USERPROFILES
 from MoinMoin.util.subscriptions import get_subscribers, get_matched_subscription_patterns
@@ -67,6 +67,13 @@
             subscribers_names = {subscriber.name for subscriber in subscribers}
             assert subscribers_names == expected_names
 
+        meta = {CONTENTTYPE: u'text/plain;charset=utf-8',
+                ACL: u"{0}: All:read,write".format(user1.name0)}
+        self.item._save(meta, comment=u"")
+        self.item = Item.create(self.item_name)
+        subscribers = get_subscribers(**self.item.meta)
+        assert {subscriber.name for subscriber in subscribers} == {user2.name0}
+
     def test_get_matched_subscription_patterns(self):
         meta = self.item.meta
         patterns = get_matched_subscription_patterns([], **meta)
--- a/MoinMoin/util/subscriptions.py	Mon Sep 23 20:16:28 2013 +0200
+++ b/MoinMoin/util/subscriptions.py	Mon Sep 23 20:43:39 2013 +0200
@@ -44,7 +44,6 @@
             terms.extend(Term(SUBSCRIPTION_IDS, "{0}:{1}:{2}".format(TAGS, namespace, tag))
                          for tag in tags)
     query = Or(terms)
-    # TODO: check ACL behaviour - is this avoiding the protection layer?
     with flaskg.storage.indexer.ix[LATEST_REVS].searcher() as searcher:
         result_iterators = [searcher.search(query, limit=None), ]
         subscription_patterns = searcher.lexicon(SUBSCRIPTION_PATTERNS)
@@ -54,8 +53,11 @@
         for user in chain.from_iterable(result_iterators):
             email = user.get(EMAIL)
             if email:
-                locale = user.get(LOCALE, DEFAULT_LOCALE)
-                subscribers.add(Subscriber(user[ITEMID], user[NAME][0], email, locale))
+                from MoinMoin.user import User
+                u = User(uid=user.get(ITEMID))
+                if u.may.read(name):
+                    locale = user.get(LOCALE, DEFAULT_LOCALE)
+                    subscribers.add(Subscriber(user[ITEMID], user[NAME][0], email, locale))
     return subscribers