view-database permission

Also now using 🔒 to indicate private resources - resources that would not be available to the anonymous user. Refs #811
2025-12-10 16:51:24 +01:00 · 2020-06-07 20:50:37 -07:00 · 2020-06-07 20:50:37 -07:00 · 9b42e1a4f5
commit 9b42e1a4f5
parent 613fa551a1
8 changed files with 69 additions and 16 deletions
--- a/tests/test_canned_write.py
+++ b/tests/test_canned_write.py
@ -120,13 +120,12 @@ def test_canned_query_permissions_on_database_page(canned_write_client):
    )
    assert 200 == response.status
    assert [
-        {"name": "add_name", "requires_auth": False},
-        {"name": "add_name_specify_id", "requires_auth": False},
-        {"name": "delete_name", "requires_auth": True},
-        {"name": "update_name", "requires_auth": False},
+        {"name": "add_name", "private": False},
+        {"name": "add_name_specify_id", "private": False},
+        {"name": "delete_name", "private": True},
+        {"name": "update_name", "private": False},
    ] == [
-        {"name": q["name"], "requires_auth": q["requires_auth"]}
-        for q in response.json["queries"]
+        {"name": q["name"], "private": q["private"]} for q in response.json["queries"]
    ]


--- a/tests/test_html.py
+++ b/tests/test_html.py
@ -207,10 +207,7 @@ def test_row_page_does_not_truncate():
        assert response.status == 200
        assert_permissions_checked(
            client.ds,
-            [
-                "view-instance",
-                ("view-table", "table", ("fixtures", "facetable")),
-            ],
+            ["view-instance", ("view-table", "table", ("fixtures", "facetable")),],
        )
        table = Soup(response.body, "html.parser").find("table")
        assert table["class"] == ["rows-and-columns"]
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@ -40,3 +40,39 @@ def test_view_instance(allow, expected_anon, expected_auth):
                path, cookies={"ds_actor": client.ds.sign({"id": "root"}, "actor")},
            )
            assert expected_auth == auth_response.status
+
+
+@pytest.mark.parametrize(
+    "allow,expected_anon,expected_auth",
+    [(None, 200, 200), ({}, 403, 403), ({"id": "root"}, 403, 200),],
+)
+def test_view_database(allow, expected_anon, expected_auth):
+    with make_app_client(
+        metadata={"databases": {"fixtures": {"allow": allow}}}
+    ) as client:
+        for path in (
+            "/fixtures",
+            "/fixtures/compound_three_primary_keys",
+            "/fixtures/compound_three_primary_keys/a,a,a",
+        ):
+            anon_response = client.get(path)
+            assert expected_anon == anon_response.status
+            auth_response = client.get(
+                path, cookies={"ds_actor": client.ds.sign({"id": "root"}, "actor")},
+            )
+            assert expected_auth == auth_response.status
+
+
+def test_database_list_respects_view_database():
+    with make_app_client(
+        metadata={"databases": {"fixtures": {"allow": {"id": "root"}}}},
+        extra_databases={"data.db": "create table names (name text)"},
+    ) as client:
+        anon_response = client.get("/")
+        assert '<a href="/data">data</a></h2>' in anon_response.text
+        assert '<a href="/fixtures">fixtures</a>' not in anon_response.text
+        auth_response = client.get(
+            "/", cookies={"ds_actor": client.ds.sign({"id": "root"}, "actor")},
+        )
+        assert '<a href="/data">data</a></h2>' in auth_response.text
+        assert '<a href="/fixtures">fixtures</a> 🔒</h2>' in auth_response.text