MirrorMirror
/
funkwhale
mirror of https://dev.funkwhale.audio/funkwhale/funkwhale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dedicated permission to access library data via activity pub

This commit is contained in:
Eliot Berriot 2018-04-06 17:58:16 +02:00
parent b75872866c
commit 4ce9f9bf08
No known key found for this signature in database
GPG Key ID: DD6965E2476E5C27
2 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
api/funkwhale_api/federation/permissions.py Normal file
View File

@ -0,0 +1,19 @@
from django.conf import settings
from rest_framework.permissions import BasePermission
from . import actors
class LibraryFollower(BasePermission):
def has_permission(self, request, view):
if not settings.FEDERATION_MUSIC_NEEDS_APPROVAL:
return True
actor = getattr(request, 'actor', None)
if actor is None:
return False
library = actors.SYSTEM_ACTORS['library'].get_actor_instance()
return library.followers.filter(url=actor.url).exists()

45
api/tests/federation/test_permissions.py Normal file
View File

@ -0,0 +1,45 @@
from rest_framework.views import APIView
from funkwhale_api.federation import actors
from funkwhale_api.federation import permissions
def test_library_follower(
factories, api_request, anonymous_user, settings):
settings.FEDERATION_MUSIC_NEEDS_APPROVAL = True
view = APIView.as_view()
permission = permissions.LibraryFollower()
request = api_request.get('/')
setattr(request, 'user', anonymous_user)
check = permission.has_permission(request, view)
assert check is False
def test_library_follower_actor_non_follower(
factories, api_request, anonymous_user, settings):
settings.FEDERATION_MUSIC_NEEDS_APPROVAL = True
actor = factories['federation.Actor']()
view = APIView.as_view()
permission = permissions.LibraryFollower()
request = api_request.get('/')
setattr(request, 'user', anonymous_user)
setattr(request, 'actor', actor)
check = permission.has_permission(request, view)
assert check is False
def test_library_follower_actor_follower(
factories, api_request, anonymous_user, settings):
settings.FEDERATION_MUSIC_NEEDS_APPROVAL = True
library = actors.SYSTEM_ACTORS['library'].get_actor_instance()
follow = factories['federation.Follow'](target=library)
view = APIView.as_view()
permission = permissions.LibraryFollower()
request = api_request.get('/')
setattr(request, 'user', anonymous_user)
setattr(request, 'actor', follow.actor)
check = permission.has_permission(request, view)
assert check is True