Merge pull request #416 from peeringdb/whois_permissions_fix

set anonymous user context for whois output
2024-05-11 05:55:09 +00:00 · 2019-01-29 01:28:16 -06:00
parent e743cceb1a dda106b8e5
commit 6a671f6b37
2 changed files with 49 additions and 1 deletions
--- a/peeringdb_server/management/commands/pdb_whois.py
+++ b/peeringdb_server/management/commands/pdb_whois.py
@@ -4,6 +4,8 @@ import logging

 from ._db_command import CommandError, DBCommand

+from django.contrib.auth.models import AnonymousUser
+
 from peeringdb.whois import WhoisFormat
 from peeringdb_server import models
 from peeringdb_server import serializers
@@ -58,6 +60,6 @@ class Command(DBCommand):
            log.error("Unknown ref tag: %s" % ref_tag)
            raise ValueError(msg)

-        data = Serializer(obj).data
+        data = Serializer(obj, context={"user":AnonymousUser()}).data
        fmt = WhoisFormat()
        fmt. print(obj._handleref.tag, data)
--- a/tests/test_whois.py
+++ b/tests/test_whois.py
@@ -0,0 +1,46 @@
+from peeringdb_server.models import REFTAG_MAP
+from django.core.management import call_command
+from util import ClientCase
+
+import StringIO
+import sys
+
+
+class TestWhois(ClientCase):
+    @classmethod
+    def setUpTestData(cls):
+        super(TestWhois, cls).setUpTestData()
+        cls.org = REFTAG_MAP["org"].objects.create(name="Test org",
+                                                   status="ok")
+        cls.net = REFTAG_MAP["net"].objects.create(
+            name="Test net", status="ok", asn=63311, org=cls.org)
+        cls.pocs = []
+        for visibility in ["Private", "Users", "Public"]:
+            cls.pocs.append(REFTAG_MAP["poc"].objects.create(
+                network=cls.net, status="ok", role="Abuse",
+                name="POC-{}".format(visibility),
+                email="{}@localhost".format(visibility), visible=visibility))
+
+    def test_whois_perms(self):
+        """
+        test that anonymous user permissions are applied
+        to whois output - any pocs other than public ones should
+        be excluded
+        """
+
+        # whois does not go to the command's stdout so we need to
+        # capture the output through sys.stdout
+        out = StringIO.StringIO()
+        oldout = sys.stdout
+        sys.stdout = out
+
+        call_command("pdb_whois", "as63311")
+
+        # restore sys.stdout
+        sys.stdout = oldout
+
+        out = out.getvalue()
+
+        assert out.find("POC-Private") == -1
+        assert out.find("POC-Users") == -1
+        assert out.find("POC-Public") > -1