Skip to content

haskell-gargantext
haskell-gargantext
Commit 32bf4794 authored by Alfredo Di Napoli's avatar Alfredo Di Napoli
Browse files
Options

Disable policy check for now

parent 146c2eb0
Hide whitespace changes
Inline Side-by-side
Showing with 8 additions and 6 deletions
src/Gargantext/API/Auth/PolicyCheck.hs
View file @ 32bf4794
...@@ -147,9 +147,11 @@ nodeSuper = BConst . Positive . AC_master_user ...@@ -147,9 +147,11 @@ nodeSuper = BConst . Positive . AC_master_user
nodeDescendant :: NodeId -> BoolExpr AccessCheck nodeDescendant :: NodeId -> BoolExpr AccessCheck
nodeDescendant = BConst . Positive . AC_node_descendant nodeDescendant = BConst . Positive . AC_node_descendant
-- FIXME(adinapoli) Checks temporarily disabled.
nodeChecks :: NodeId -> BoolExpr AccessCheck nodeChecks :: NodeId -> BoolExpr AccessCheck
nodeChecks nid = nodeChecks _nid = alwaysAllow
nodeUser nid `BOr` nodeSuper nid `BOr` nodeDescendant nid where
_disabled = nodeUser _nid `BOr` nodeSuper _nid `BOr` nodeDescendant _nid
alwaysAllow :: BoolExpr AccessCheck alwaysAllow :: BoolExpr AccessCheck
alwaysAllow = BConst . Positive $ AC_always_allow alwaysAllow = BConst . Positive $ AC_always_allow
......
test/Test/API/Private.hs
View file @ 32bf4794
...@@ -116,8 +116,8 @@ tests = sequential $ aroundAll withTestDBAndPort $ do ...@@ -116,8 +116,8 @@ tests = sequential $ aroundAll withTestDBAndPort $ do
it "forbids 'alice' to see others node private info" $ \((_testEnv, port), app) -> do it "forbids 'alice' to see others node private info" $ \((_testEnv, port), app) -> do
withApplication app $ do withApplication app $ do
withValidLogin port "alice" (GargPassword "alice") $ \token -> do withValidLogin port "alice" (GargPassword "alice") $ \token -> do
protected token "GET" (mkUrl port "/node/1") "" let _unused = protected token "GET" (mkUrl port "/node/1") "" `shouldRespondWith` 403
`shouldRespondWith` 403 in liftIO $ pendingWith "POLICY CHECK DISABLED FOR NOW (ISSUE #279)"
describe "GET /api/v1.0/tree" $ do describe "GET /api/v1.0/tree" $ do
it "unauthorised users shouldn't see anything" $ \((_testEnv, port), app) -> do it "unauthorised users shouldn't see anything" $ \((_testEnv, port), app) -> do
...@@ -133,5 +133,5 @@ tests = sequential $ aroundAll withTestDBAndPort $ do ...@@ -133,5 +133,5 @@ tests = sequential $ aroundAll withTestDBAndPort $ do
it "forbids 'alice' to see others node private info" $ \((_testEnv, port), app) -> do it "forbids 'alice' to see others node private info" $ \((_testEnv, port), app) -> do
withApplication app $ do withApplication app $ do
withValidLogin port "alice" (GargPassword "alice") $ \token -> do withValidLogin port "alice" (GargPassword "alice") $ \token -> do
protected token "GET" (mkUrl port "/tree/1") "" let _unused = protected token "GET" (mkUrl port "/tree/1") "" `shouldRespondWith` 403
`shouldRespondWith` 403 in liftIO $ pendingWith "POLICY CHECK DISABLED FOR NOW (ISSUE #279)"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment