diff --git a/config.yaml.dist b/config.yaml.dist index b4d8832c..abffba0b 100644 --- a/config.yaml.dist +++ b/config.yaml.dist @@ -83,6 +83,7 @@ privileges: 'posts:list': anonymous 'posts:reverse_search': regular 'posts:view': anonymous + 'posts:view:featured': anonymous 'posts:edit:content': power 'posts:edit:flags': regular 'posts:edit:notes': regular diff --git a/server/szurubooru/api/info_api.py b/server/szurubooru/api/info_api.py index c21ba9d1..19b42cb8 100644 --- a/server/szurubooru/api/info_api.py +++ b/server/szurubooru/api/info_api.py @@ -2,7 +2,7 @@ import os from typing import Optional, Dict from datetime import datetime, timedelta from szurubooru import config, rest -from szurubooru.func import posts, users, util +from szurubooru.func import auth, posts, users, util _cache_time = None # type: Optional[datetime] @@ -30,16 +30,9 @@ def _get_disk_usage() -> int: def get_info( ctx: rest.Context, _params: Dict[str, str] = {}) -> rest.Response: post_feature = posts.try_get_current_post_feature() - return { + ret = { 'postCount': posts.get_post_count(), 'diskUsage': _get_disk_usage(), - 'featuredPost': - posts.serialize_post(post_feature.post, ctx.user) - if post_feature else None, - 'featuringTime': post_feature.time if post_feature else None, - 'featuringUser': - users.serialize_user(post_feature.user, ctx.user) - if post_feature else None, 'serverTime': datetime.utcnow(), 'config': { 'userNameRegex': config.config['user_name_regex'], @@ -52,3 +45,12 @@ def get_info( config.config['privileges']), }, } + if auth.has_privilege(ctx.user, 'posts:view:featured'): + ret['featuredPost'] = ( + posts.serialize_post(post_feature.post, ctx.user) + if post_feature else None) + ret['featuringUser'] = ( + users.serialize_user(post_feature.user, ctx.user) + if post_feature else None) + ret['featuringTime'] = post_feature.time if post_feature else None + return ret diff --git a/server/szurubooru/api/post_api.py b/server/szurubooru/api/post_api.py index 234677e4..51deed2f 100644 --- a/server/szurubooru/api/post_api.py +++ b/server/szurubooru/api/post_api.py @@ -163,6 +163,7 @@ def merge_posts( @rest.routes.get('/featured-post/?') def get_featured_post( ctx: rest.Context, _params: Dict[str, str] = {}) -> rest.Response: + auth.verify_privilege(ctx.user, 'posts:view:featured') post = posts.try_get_featured_post() return _serialize_post(ctx, post) diff --git a/server/szurubooru/tests/api/test_info.py b/server/szurubooru/tests/api/test_info.py index be8c941b..b4ee52cc 100644 --- a/server/szurubooru/tests/api/test_info.py +++ b/server/szurubooru/tests/api/test_info.py @@ -1,11 +1,14 @@ from datetime import datetime -from szurubooru import api, db +from szurubooru import api, db, model def test_info_api( - tmpdir, config_injector, context_factory, post_factory, fake_datetime): + tmpdir, config_injector, context_factory, post_factory, user_factory, + fake_datetime): directory = tmpdir.mkdir('data') directory.join('test.txt').write('abc') + auth_user = user_factory(rank=model.User.RANK_REGULAR) + anon_user = user_factory(rank=model.User.RANK_ANONYMOUS) config_injector({ 'data_dir': str(directory), 'user_name_regex': '1', @@ -16,6 +19,7 @@ def test_info_api( 'privileges': { 'test_key1': 'test_value1', 'test_key2': 'test_value2', + 'posts:view:featured': 'regular', }, }) db.session.add_all([post_factory(), post_factory()]) @@ -30,11 +34,12 @@ def test_info_api( 'privileges': { 'testKey1': 'test_value1', 'testKey2': 'test_value2', + 'posts:view:featured': 'regular', }, } with fake_datetime('2016-01-01 13:00'): - assert api.info_api.get_info(context_factory()) == { + assert api.info_api.get_info(context_factory(user=auth_user)) == { 'postCount': 2, 'diskUsage': 3, 'featuredPost': None, @@ -45,7 +50,7 @@ def test_info_api( } directory.join('test2.txt').write('abc') with fake_datetime('2016-01-03 12:59'): - assert api.info_api.get_info(context_factory()) == { + assert api.info_api.get_info(context_factory(user=auth_user)) == { 'postCount': 2, 'diskUsage': 3, # still 3 - it's cached 'featuredPost': None, @@ -55,7 +60,7 @@ def test_info_api( 'config': expected_config_key, } with fake_datetime('2016-01-03 13:01'): - assert api.info_api.get_info(context_factory()) == { + assert api.info_api.get_info(context_factory(user=auth_user)) == { 'postCount': 2, 'diskUsage': 6, # cache expired 'featuredPost': None, @@ -64,3 +69,10 @@ def test_info_api( 'serverTime': datetime(2016, 1, 3, 13, 1), 'config': expected_config_key, } + with fake_datetime('2016-01-03 13:01'): + assert api.info_api.get_info(context_factory(user=anon_user)) == { + 'postCount': 2, + 'diskUsage': 6, # cache expired + 'serverTime': datetime(2016, 1, 3, 13, 1), + 'config': expected_config_key, + } diff --git a/server/szurubooru/tests/api/test_post_featuring.py b/server/szurubooru/tests/api/test_post_featuring.py index 88e4e001..6e9e7569 100644 --- a/server/szurubooru/tests/api/test_post_featuring.py +++ b/server/szurubooru/tests/api/test_post_featuring.py @@ -10,6 +10,7 @@ def inject_config(config_injector): 'privileges': { 'posts:feature': model.User.RANK_REGULAR, 'posts:view': model.User.RANK_REGULAR, + 'posts:view:featured': model.User.RANK_REGULAR, }, }) @@ -92,15 +93,14 @@ def test_trying_to_feature_non_existing(user_factory, context_factory): user=user_factory(rank=model.User.RANK_REGULAR))) +def test_trying_to_retrieve_without_privileges( + user_factory, context_factory): + with pytest.raises(errors.AuthError): + api.post_api.get_featured_post( + context_factory(user=user_factory(rank=model.User.RANK_ANONYMOUS))) + + def test_trying_to_feature_without_privileges(user_factory, context_factory): with pytest.raises(errors.AuthError): api.post_api.set_featured_post( - context_factory( - params={'id': 1}, - user=user_factory(rank=model.User.RANK_ANONYMOUS))) - - -def test_getting_featured_post_without_privileges_to_view( - user_factory, context_factory): - api.post_api.get_featured_post( - context_factory(user=user_factory(rank=model.User.RANK_ANONYMOUS))) + context_factory(user=user_factory(rank=model.User.RANK_ANONYMOUS)))