Skip to content

Commit

Permalink
[fix] Get product configuration with view permission
Browse files Browse the repository at this point in the history
The getProductConfiguration() function on Product endpoint requires a
current product in the URL for checking view permission. The requirement
of having view permission has been added in
8953b30. However there is no "current
product" in the Product endpoint URL queries, but the product id is
provided through a function parameter.
  • Loading branch information
bruntib committed Oct 25, 2024
1 parent 585323a commit 454d978
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 1 deletion.
6 changes: 5 additions & 1 deletion web/server/codechecker_server/api/product_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,8 @@ def __require_permission(self, required, args=None):
with DBSession(self.__session) as session:
if args is None:
args = dict(self.__permission_args)

if 'config_db_session' not in args:
args['config_db_session'] = session

# Anonymous access is only allowed if authentication is
Expand Down Expand Up @@ -254,7 +256,9 @@ def getProductConfiguration(self, product_id):
Get the product configuration --- WITHOUT THE DB PASSWORD --- of the
given product.
"""
self.__require_permission([permissions.PRODUCT_VIEW])
self.__require_permission([permissions.PRODUCT_VIEW], {
'productID': product_id
})

with DBSession(self.__session) as session:
product = session.query(Product).get(product_id)
Expand Down
1 change: 1 addition & 0 deletions web/tests/functional/products/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ def setup_class_common(workspace_name):

# Export the test configuration to the workspace.
env.export_test_cfg(TEST_WORKSPACE, test_config)
env.enable_auth(TEST_WORKSPACE)


def teardown_class_common():
Expand Down
13 changes: 13 additions & 0 deletions web/tests/functional/products/test_products.py
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,19 @@ def test_get_product_data(self):
Confidentiality.CONFIDENTIAL,
"Default Confidentiality was not Confidential")

def test_get_product_config_auth_server(self):
"""
Test if product configuration can be retrieved from an authenticated
server.
"""
pr_client = env.setup_product_client(
self.test_workspace, product=self.product_name)
product_id = pr_client.getCurrentProduct().id

pr_client = env.setup_product_client(self.test_workspace)
pr_config = pr_client.getProductConfiguration(product_id)
self.assertIsNotNone(pr_config)

def test_editing(self):
"""
Test editing the product details (without reconnecting it).
Expand Down

0 comments on commit 454d978

Please sign in to comment.