diff options
| -rw-r--r-- | 3rd_party/static/testapi-ui/app.js | 14 | ||||
| -rw-r--r-- | 3rd_party/static/testapi-ui/components/results/resultsController.js | 2 | ||||
| -rw-r--r-- | opnfv_testapi/resources/test_handlers.py | 22 |
3 files changed, 28 insertions, 10 deletions
diff --git a/3rd_party/static/testapi-ui/app.js b/3rd_party/static/testapi-ui/app.js index 02cd768..edf7663 100644 --- a/3rd_party/static/testapi-ui/app.js +++ b/3rd_party/static/testapi-ui/app.js @@ -55,11 +55,11 @@ templateUrl: 'testapi-ui/components/guidelines/guidelines.html', controller: 'GuidelinesController as ctrl' }). - state('communityResults', { - url: '/community_results', - templateUrl: 'testapi-ui/components/results/results.html', - controller: 'ResultsController as ctrl' - }). + // state('communityResults', { + // url: '/community_results', + // templateUrl: 'testapi-ui/components/results/results.html', + // controller: 'ResultsController as ctrl' + // }). state('userResults', { url: '/user_results', templateUrl: 'testapi-ui/components/results/results.html', @@ -78,7 +78,7 @@ }). state('authPortal', { url: '/auth_portal', - templateUrl: 'testapi-ui/components/auth/authPortal.html' + templateUrl: 'testapi-ui/components/auth/authPortal.html' }). state('authFailure', { url: '/auth_failure', @@ -173,7 +173,7 @@ $rootScope.auth.doSignIn = doSignIn; $rootScope.auth.doSignOut = doSignOut; $rootScope.auth.doSignCheck = doSignCheck; - + var sign_in_url = testapiApiUrl + '/auth/signin'; var sign_out_url = testapiApiUrl + '/auth/signout'; diff --git a/3rd_party/static/testapi-ui/components/results/resultsController.js b/3rd_party/static/testapi-ui/components/results/resultsController.js index aa593dc..03c367c 100644 --- a/3rd_party/static/testapi-ui/components/results/resultsController.js +++ b/3rd_party/static/testapi-ui/components/results/resultsController.js @@ -111,7 +111,7 @@ // need auth to browse ctrl.isUserResults = $state.current.name === 'userResults'; - ctrl.currentUser = $scope.auth.name; + ctrl.currentUser = $scope.auth.currentUser ? $scope.auth.currentUser.openid : null; console.log($scope.auth); // Should only be on user-results-page if authenticated. diff --git a/opnfv_testapi/resources/test_handlers.py b/opnfv_testapi/resources/test_handlers.py index 82cf9ae..5ecb176 100644 --- a/opnfv_testapi/resources/test_handlers.py +++ b/opnfv_testapi/resources/test_handlers.py @@ -74,6 +74,10 @@ class TestsCLHandler(GenericTestHandler): 'per_page': CONF.api_results_per_page } + curr_user = self.get_secure_cookie(auth_const.OPENID) + if curr_user is None: + raises.Unauthorized(message.no_auth()) + query = yield self.set_query() yield self._list(query=query, **limitations) logging.debug('list end') @@ -145,9 +149,23 @@ class TestsGURHandler(GenericTestHandler): raise gen.Return('API response validation enabled') @swagger.operation(nickname="deleteTestById") + @web.asynchronous + @gen.coroutine def delete(self, test_id): - query = {'_id': objectid.ObjectId(test_id)} - self._delete(query=query) + curr_user = self.get_secure_cookie(auth_const.OPENID) + curr_user_role = self.get_secure_cookie(auth_const.ROLE) + if curr_user is not None: + query = {'_id': objectid.ObjectId(test_id)} + test_data = yield dbapi.db_find_one(self.table, query) + if not test_data: + raises.NotFound(message.not_found(self.table, query)) + if curr_user == test_data['owner'] or \ + curr_user_role.find('administrator') != -1: + self._delete(query=query) + else: + raises.Forbidden(message.no_auth()) + else: + raises.Unauthorized(message.no_auth()) @swagger.operation(nickname="updateTestById") @web.asynchronous |