Changes in / [4226ce0:6edc367] in OpenWorkouts-current
- Location:
- ow
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
ow/models/user.py
r4226ce0 r6edc367 6 6 import bcrypt 7 7 from repoze.folder import Folder 8 from pyramid.security import Allow , Deny, Everyone, ALL_PERMISSIONS8 from pyramid.security import Allow 9 9 10 10 from ow.catalog import get_catalog, reindex_object … … 18 18 def __acl__(self): 19 19 permissions = [ 20 (Allow, str(self.uid), 'edit'), 20 21 (Allow, str(self.uid), 'view'), 21 (Allow, str(self.uid), 'edit'),22 (Deny, Everyone, ALL_PERMISSIONS),23 22 ] 24 23 return permissions -
ow/models/workout.py
r4226ce0 r6edc367 6 6 import gpxpy 7 7 from repoze.folder import Folder 8 from pyramid.security import Allow, Deny, Everyone, ALL_PERMISSIONS8 from pyramid.security import Allow, Everyone 9 9 10 10 from ow.utilities import ( … … 29 29 it (for now). If not, everybody can view it, only admins can edit it. 30 30 """ 31 uid = self.__parent__.uid31 # Default permissions 32 32 permissions = [ 33 (Allow, str(uid), 'view'), 34 (Allow, str(uid), 'edit'), 35 (Allow, str(uid), 'delete'), 36 (Deny, Everyone, ALL_PERMISSIONS) 33 (Allow, Everyone, 'view'), 34 (Allow, 'group:admins', 'edit') 37 35 ] 36 37 uid = getattr(self.__parent__, 'uid', None) 38 if uid is not None: 39 # Change permissions in case this workout has an owner 40 permissions = [ 41 (Allow, str(uid), 'view'), 42 (Allow, str(uid), 'edit'), 43 ] 38 44 return permissions 39 45 -
ow/static/js/ow.js
r4226ce0 r6edc367 162 162 y = d3.scaleLinear().rangeRound([height, 0]); 163 163 164 d3.json(url , {credentials: "same-origin"}).then(function (data) {164 d3.json(url).then(function (data) { 165 165 x.domain(data.map(function (d) { 166 166 return d.name; … … 324 324 y = d3.scaleLinear().rangeRound([height, 0]); 325 325 326 d3.json(urls[url] , {credentials: "same-origin"}).then(function (data) {326 d3.json(urls[url]).then(function (data) { 327 327 x.domain(data.map(function (d) { 328 328 return get_name_for_x(d); -
ow/tests/models/test_user.py
r4226ce0 r6edc367 3 3 4 4 import pytest 5 from pyramid.security import Allow , Everyone, Deny, ALL_PERMISSIONS5 from pyramid.security import Allow 6 6 7 7 from ow.models.root import OpenWorkouts … … 33 33 def test__acl__(self, root): 34 34 uid = str(root['john'].uid) 35 permissions = [ 36 (Allow, uid, 'view'), 37 (Allow, uid, 'edit'), 38 (Deny, Everyone, ALL_PERMISSIONS), 39 ] 35 permissions = [(Allow, uid, 'edit'), (Allow, uid, 'view')] 40 36 assert root['john'].__acl__() == permissions 41 37 -
ow/tests/models/test_workout.py
r4226ce0 r6edc367 6 6 7 7 import pytest 8 from pyramid.security import Allow, Everyone , Deny, ALL_PERMISSIONS8 from pyramid.security import Allow, Everyone 9 9 10 10 from ow.models.workout import Workout … … 33 33 def test__acl__(self, root): 34 34 # First check permissions for a workout without parent 35 workout = Workout() 36 with pytest.raises(AttributeError): 37 workout.__acl__() 35 permissions = [(Allow, Everyone, 'view'), 36 (Allow, 'group:admins', 'edit')] 37 workout = Workout() 38 assert workout.__acl__() == permissions 39 38 40 # Now permissions on a workout that has been added to a user 39 41 uid = str(root['john'].uid) 40 workout = root['john']['1'] 41 permissions = [ 42 (Allow, uid, 'view'), 43 (Allow, uid, 'edit'), 44 (Allow, uid, 'delete'), 45 (Deny, Everyone, ALL_PERMISSIONS) 46 ] 47 assert workout.__acl__() == permissions 42 permissions = [(Allow, uid, 'view'), (Allow, uid, 'edit')] 43 assert root['john']['1'].__acl__() == permissions 48 44 49 45 def test_runthrough(self, root): -
ow/views/workout.py
r4226ce0 r6edc367 23 23 @view_config( 24 24 context=User, 25 permission='edit',26 25 name='add-workout-manually', 27 26 renderer='ow:templates/add_manual_workout.pt') … … 60 59 @view_config( 61 60 context=User, 62 permission='edit',63 61 name='add-workout', 64 62 renderer='ow:templates/add_workout.pt') … … 95 93 @view_config( 96 94 context=Workout, 97 permission='edit',98 95 name='edit', 99 96 renderer='ow:templates/edit_manual_workout.pt') … … 142 139 @view_config( 143 140 context=Workout, 144 permission='edit',145 141 name='update-from-file', 146 142 renderer='ow:templates/update_workout_from_file.pt') … … 171 167 @view_config( 172 168 context=Workout, 173 permission='delete',174 169 name='delete', 175 170 renderer='ow:templates/delete_workout.pt') … … 189 184 @view_config( 190 185 context=Workout, 191 permission='view',192 186 renderer='ow:templates/workout.pt') 193 187 def workout(context, request): … … 218 212 For now, simply return the gpx file if it has been attached to the 219 213 workout. 220 221 This view requires no permission, as we access it from an non-authenticated222 request in a separate job, to generate the static map screenshot.223 214 """ 224 215 if not context.has_gpx: … … 238 229 def workout_map(context, request): 239 230 """ 240 Render a page that has only a map with tracking info. 241 This view requires no permission, as we access it from an non-authenticated 242 request in a separate job, to generate the static map screenshot. 231 Render a page that has only a map with tracking info 243 232 """ 244 233 start_point = {}
Note: See TracChangeset
for help on using the changeset viewer.