[Patchew-devel] [PATCH] PUT for result
Paolo Bonzini
pbonzini at redhat.com
Wed Jul 25 12:52:59 UTC 2018
On 25/07/2018 02:55, Shubham Jain wrote:
> I'm still stuck. I don't know how to do this part. Could you give some
> hints?
Ok. First of all you should study the permission system in Django
(has_permission, has_object_permission) and understand how
PatchewPermission implements it.
In particular has_group_permission, has_project_permission and
has_message_permission are only used for write operations. Read-only
requests (those that use permissions.SAFE_METHODS) are allowed before
you reach those methods.
Then, the first step is to add an initial version of
has_result_permission that calls has_object_permission recursively on
result.obj.
If that check fails, you might still have write access to the result, if
you are in a particular group. The group depends on the result that you
are trying to modify. To do, has_result_permission has to retrieve
result.renderer.allowed_groups, and apply the same algorithm that is in
has_group_permission.
Have you had any progress in replacing the *-report API calls with PUT
in patchew-cli?
Thanks,
Paolo
>
> On Wed, Jul 25, 2018 at 6:25 AM Shubham Jain <shubhamjain7495 at gmail.com
> <mailto:shubhamjain7495 at gmail.com>> wrote:
>
> Add put for result and add authorization to git plugin
> ---
> api/rest.py | 2 +-
> mods/git.py | 6 +++---
> patchew-cli | 3 +++
> 3 files changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/api/rest.py b/api/rest.py
> index a9b6be3..9c0c6ea 100644
> --- a/api/rest.py
> +++ b/api/rest.py
> @@ -478,7 +478,7 @@ class ResultSerializerFull(ResultSerializer):
> log = CharField(required=False)
>
> class ResultsViewSet(mixins.ListModelMixin, mixins.RetrieveModelMixin,
> - viewsets.GenericViewSet):
> + mixins.UpdateModelMixin, viewsets.GenericViewSet):
> lookup_field = 'name'
> lookup_value_regex = '[^/]+'
> filter_backends = (filters.OrderingFilter,)
> diff --git a/mods/git.py b/mods/git.py
> index 924547a..4438c6c 100644
> --- a/mods/git.py
> +++ b/mods/git.py
> @@ -19,7 +19,7 @@ from django.utils.html import format_html
> from mod import PatchewModule
> from event import declare_event, register_handler, emit_event
> from api.models import Message, MessageProperty, Project, Result
> -from api.rest import PluginMethodField
> +from api.rest import PluginMethodField, PatchewPermission
> from api.views import APILoginRequiredView, prepare_series
> from patchew.logviewer import LogView
> from schema import *
> @@ -43,10 +43,10 @@ class GitLogViewer(LogView):
> return obj.git_result
>
>
> -class GitModule(PatchewModule):
> +class GitModule(PatchewModule, PatchewPermission):
> """Git module"""
> name = "git"
> -
> + allowed_groups = ('importers', )
> project_property_schema = \
> ArraySchema("git", desc="Configuration for git module",
> members=[
> diff --git a/patchew-cli b/patchew-cli
> index cdedbb6..29fc033 100755
> --- a/patchew-cli
> +++ b/patchew-cli
> @@ -551,8 +551,11 @@ class TesterCommand(SubCommand):
> return ret
>
> def test_one(self, name, project, no_clean_up, capabilities):
> + url = "projects/" + "1" + "/results/" + name
> + print(url)
> r = self.api_do("testing-get", project=project, tester=name,
> capabilities=capabilities)
> + r = self.rest_api_do(url)
> if not r:
> return False
> print("Running test '%s'" % r["test"]["name"])
> --
> 2.15.1 (Apple Git-101)
>
More information about the Patchew-devel
mailing list