[Patchew-devel] [PATCH] test: more testcases around authorization
Paolo Bonzini
pbonzini at redhat.com
Thu May 17 17:30:09 UTC 2018
On 17/05/2018 19:25, Shubham Jain wrote:
> > + if request.user.is_superuser or 'importers' in
> user_group_names:
> > + projects = [p for p in Project.objects.all() if
> p.recognizes(m)]
> > + else:
> > + projects = [p for p in Project.objects.all() if
> p.maintained_by(self.request.user)]
>
> I think the else branch should still union the p.recognizes() filtering.
>
> As you have mentioned in the test case below
> "test_maintainer_of_project_x_import_a_patch_to_project_y()", does this
> mean even if user is maintainer of one project, but result in message is
> simply imported to all the recognised project. If yes, why are we just
> not using only recognised condition?
The idea is that if a user wants to import to a particular project he
maintains, he uses /projects/.../messages. If a user wants to recognize
the projects based on the recipients, he uses /messages.
(In practice the former happens rarely, but it was already complicated
enough and it makes sense to have it as part of the REST API!)
Does it make sense?
Paolo
More information about the Patchew-devel
mailing list