[Rt-commit] rt branch, 3.8-trunk, updated. rt-3.8.5-224-g68d8ac9

Ruslan Zakirov ruz at bestpractical.com
Thu Oct 1 22:43:02 EDT 2009 

The branch, 3.8-trunk has been updated
       via  68d8ac9b54ff33b182fb5bdbece7ebedf317f1e8 (commit)
       via  64d088b864ddab5e4fd735c1553ef7b071b14cad (commit)
      from  b6ed575ae75c1bf86608beefdf05bc67b8e5a95a (commit)

Summary of changes:
 lib/RT/Test.pm               |    5 +++++
 share/html/Admin/autohandler |    6 ++++--
 t/web/config_tab_right.t     |   41 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 50 insertions(+), 2 deletions(-)
 create mode 100644 t/web/config_tab_right.t

- Log -----------------------------------------------------------------
commit 64d088b864ddab5e4fd735c1553ef7b071b14cad
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date:   Fri Oct 2 06:39:53 2009 +0400

    protect our exit code in END block before calling functions

diff --git a/lib/RT/Test.pm b/lib/RT/Test.pm
index d0cf9cf..8100c27 100644
--- a/lib/RT/Test.pm
+++ b/lib/RT/Test.pm
@@ -1132,6 +1132,11 @@ END {
     my $Test = RT::Test->builder;
     return if $Test->{Original_Pid} != $$;
 
+
+    # we are in END block and should protect our exit code
+    # so calls below may call system or kill that clobbers $?
+    local $?;
+
     RT::Test->stop_server;
 
     if ( $ENV{RT_TEST_PARALLEL} && $created_new_db ) {

commit 68d8ac9b54ff33b182fb5bdbece7ebedf317f1e8
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date:   Fri Oct 2 06:41:17 2009 +0400

    show "403: Forbidden" under /Admin/ when user has no right
    
    This is controlled by ShowConfigTab right. Add tests for
    this right.

diff --git a/share/html/Admin/autohandler b/share/html/Admin/autohandler
index 52f2f63..230b0b5 100644
--- a/share/html/Admin/autohandler
+++ b/share/html/Admin/autohandler
@@ -46,8 +46,10 @@
 %# 
 %# END BPS TAGGED BLOCK }}}
 <%init>
-$m->call_next(%ARGS) if $session{'CurrentUser'}->UserObj->HasRight(
+return $m->call_next(%ARGS) if $session{'CurrentUser'}->UserObj->HasRight(
     Right => 'ShowConfigTab',
     Object => $RT::System,
 );
-</%init>
\ No newline at end of file
+
+$m->clear_and_abort(403);
+</%init>
diff --git a/t/web/config_tab_right.t b/t/web/config_tab_right.t
new file mode 100644
index 0000000..4dc9ec0
--- /dev/null
+++ b/t/web/config_tab_right.t
@@ -0,0 +1,41 @@
+#!/usr/bin/perl -w
+use strict;
+use warnings;
+
+use RT::Test tests => 8;
+
+my ($uname, $upass, $user) = ('tester', 'tester');
+{
+    $user = RT::User->new($RT::SystemUser);
+    my ($status, $msg) = $user->Create(
+        Name => $uname,
+        Password => $upass,
+        Disabled => 0,
+        Privileged => 1,
+    );
+    ok($status, 'created a user');
+}
+
+my ($baseurl, $m) = RT::Test->started_ok;
+ok $m->login($uname, $upass), "logged in";
+
+{
+    $m->content_unlike(qr/Configuration/, 'no configuration');
+    $m->get('/Admin/');
+    is $m->status, 403, 'no access to /Admin/';
+}
+
+RT::Test->set_rights(
+    { Principal => $user->PrincipalObj,
+      Right => [qw(ShowConfigTab)],
+    },
+);
+
+{
+    $m->get('/');
+    $m->content_like(qr/Configuration/, 'configuration is there');
+
+    $m->follow_link_ok({text => 'Configuration'});
+    is $m->status, 200, 'user has access to /Admin/';
+}
+

-----------------------------------------------------------------------

More information about the Rt-commit mailing list