Skip to content

Commit 8ea3039

Browse files
authored
Merge pull request #1217 from thunderstore-io/cyberstorm-api-package-listing-permission
Update getting package listing visibility (TS-2915)
2 parents c846eb7 + 488ff9e commit 8ea3039

File tree

2 files changed

+49
-1
lines changed

2 files changed

+49
-1
lines changed

django/thunderstore/api/cyberstorm/tests/test_package_listing.py

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
import pytest
66
from django.db import connection
7+
from django.http import Http404
78
from django.test.utils import CaptureQueriesContext
89
from rest_framework.test import APIClient
910

@@ -36,6 +37,47 @@ def get_listing_url(package_listing) -> str:
3637
return f"{base_url}/{community_id}/{namespace_id}/{package_name}/status/"
3738

3839

40+
@pytest.mark.django_db
41+
@pytest.mark.parametrize("user_type", TestUserTypes.options())
42+
def test_get_custom_package_listing__rejected_package_visibility_user_types(
43+
user_type,
44+
) -> None:
45+
listing = PackageListingFactory(review_status="rejected")
46+
47+
community_id = listing.community.identifier
48+
namespace = listing.package.namespace.name
49+
package_name = listing.package.name
50+
user = TestUserTypes.get_user_by_type(user_type)
51+
52+
expected_visibility = {
53+
TestUserTypes.no_user: False,
54+
TestUserTypes.unauthenticated: False,
55+
TestUserTypes.regular_user: False,
56+
TestUserTypes.deactivated_user: False,
57+
TestUserTypes.service_account: False,
58+
TestUserTypes.site_admin: True,
59+
TestUserTypes.superuser: True,
60+
}
61+
62+
is_visible = expected_visibility[user_type]
63+
64+
if is_visible:
65+
listing = get_custom_package_listing(
66+
community_id,
67+
namespace,
68+
package_name,
69+
user=user,
70+
)
71+
else:
72+
with pytest.raises(Http404):
73+
listing = get_custom_package_listing(
74+
community_id,
75+
namespace,
76+
package_name,
77+
user=user,
78+
)
79+
80+
3981
@pytest.mark.django_db
4082
def test_get_custom_package_listing__returns_objects_matching_args() -> None:
4183
expected = PackageListingFactory()

django/thunderstore/api/cyberstorm/views/package_listing.py

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
Sum,
1313
Value,
1414
)
15+
from django.http import Http404
1516
from drf_yasg.utils import swagger_auto_schema
1617
from rest_framework import serializers, status
1718
from rest_framework.exceptions import PermissionDenied
@@ -34,6 +35,7 @@
3435
conditional_swagger_auto_schema,
3536
)
3637
from thunderstore.community.models.package_listing import PackageListing
38+
from thunderstore.core.types import UserType
3739
from thunderstore.repository.models.package import get_package_dependants
3840
from thunderstore.repository.models.package_version import PackageVersion
3941
from thunderstore.repository.views.package.detail import PermissionsChecker
@@ -122,6 +124,7 @@ def get_object(self):
122124
community_id=self.kwargs["community_id"],
123125
namespace_id=self.kwargs["namespace_id"],
124126
package_name=self.kwargs["package_name"],
127+
user=self.request.user,
125128
)
126129

127130

@@ -141,12 +144,12 @@ def get_custom_package_listing(
141144
community_id: str,
142145
namespace_id: str,
143146
package_name: str,
147+
user: UserType = None,
144148
) -> CustomListing:
145149
listing_ref = PackageListing.objects.filter(pk=OuterRef("pk"))
146150

147151
qs = (
148152
PackageListing.objects.active()
149-
.filter_by_community_approval_rule()
150153
.select_related(
151154
"community",
152155
"package__latest",
@@ -185,6 +188,9 @@ def get_custom_package_listing(
185188
package__name=package_name,
186189
)
187190

191+
if not listing.can_be_viewed_by_user(user):
192+
raise Http404()
193+
188194
dependencies = (
189195
listing.package.latest.dependencies.listed_in(community_id)
190196
.annotate(community_identifier=Value(community_id, CharField()))

0 commit comments

Comments
 (0)