MirrorMirror
/
funkwhale
mirror of https://dev.funkwhale.audio/funkwhale/funkwhale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ensure follower is approved to access library

This commit is contained in:
Eliot Berriot 2018-04-17 23:08:15 +02:00
parent 899ba31162
commit c17f7eefde
No known key found for this signature in database
GPG Key ID: DD6965E2476E5C27
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api/funkwhale_api/federation/permissions.py
View File

@ -16,4 +16,5 @@ class LibraryFollower(BasePermission):
return False
library = actors.SYSTEM_ACTORS['library'].get_actor_instance()
return library.followers.filter(url=actor.url).exists()
return library.received_follows.filter(
approved=True, actor=actor).exists()

17
api/tests/federation/test_permissions.py
View File

@ -30,11 +30,26 @@ def test_library_follower_actor_non_follower(
assert check is False
def test_library_follower_actor_follower_not_approved(
factories, api_request, anonymous_user, settings):
settings.FEDERATION_MUSIC_NEEDS_APPROVAL = True
library = actors.SYSTEM_ACTORS['library'].get_actor_instance()
follow = factories['federation.Follow'](target=library, approved=False)
view = APIView.as_view()
permission = permissions.LibraryFollower()
request = api_request.get('/')
setattr(request, 'user', anonymous_user)
setattr(request, 'actor', follow.actor)
check = permission.has_permission(request, view)
assert check is False
def test_library_follower_actor_follower(
factories, api_request, anonymous_user, settings):
settings.FEDERATION_MUSIC_NEEDS_APPROVAL = True
library = actors.SYSTEM_ACTORS['library'].get_actor_instance()
follow = factories['federation.Follow'](target=library)
follow = factories['federation.Follow'](target=library, approved=True)
view = APIView.as_view()
permission = permissions.LibraryFollower()
request = api_request.get('/')