From dda106b8e5b36ce875c0a43c99ed48aab1f73645 Mon Sep 17 00:00:00 2001
From: Stefan Pratter <stefan@20c.com>
Date: Thu, 17 Jan 2019 21:11:20 +0000
Subject: [PATCH] set anonymous user context for whois output

---
 .../management/commands/pdb_whois.py          |  4 +-
 tests/test_whois.py                           | 46 +++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 tests/test_whois.py

diff --git a/peeringdb_server/management/commands/pdb_whois.py b/peeringdb_server/management/commands/pdb_whois.py
index d4207cc4..d2011367 100644
--- a/peeringdb_server/management/commands/pdb_whois.py
+++ b/peeringdb_server/management/commands/pdb_whois.py
@@ -4,6 +4,8 @@ import logging
 
 from ._db_command import CommandError, DBCommand
 
+from django.contrib.auth.models import AnonymousUser
+
 from peeringdb.whois import WhoisFormat
 from peeringdb_server import models
 from peeringdb_server import serializers
@@ -58,6 +60,6 @@ class Command(DBCommand):
             log.error("Unknown ref tag: %s" % ref_tag)
             raise ValueError(msg)
 
-        data = Serializer(obj).data
+        data = Serializer(obj, context={"user":AnonymousUser()}).data
         fmt = WhoisFormat()
         fmt. print(obj._handleref.tag, data)
diff --git a/tests/test_whois.py b/tests/test_whois.py
new file mode 100644
index 00000000..803fe66b
--- /dev/null
+++ b/tests/test_whois.py
@@ -0,0 +1,46 @@
+from peeringdb_server.models import REFTAG_MAP
+from django.core.management import call_command
+from util import ClientCase
+
+import StringIO
+import sys
+
+
+class TestWhois(ClientCase):
+    @classmethod
+    def setUpTestData(cls):
+        super(TestWhois, cls).setUpTestData()
+        cls.org = REFTAG_MAP["org"].objects.create(name="Test org",
+                                                   status="ok")
+        cls.net = REFTAG_MAP["net"].objects.create(
+            name="Test net", status="ok", asn=63311, org=cls.org)
+        cls.pocs = []
+        for visibility in ["Private", "Users", "Public"]:
+            cls.pocs.append(REFTAG_MAP["poc"].objects.create(
+                network=cls.net, status="ok", role="Abuse",
+                name="POC-{}".format(visibility),
+                email="{}@localhost".format(visibility), visible=visibility))
+
+    def test_whois_perms(self):
+        """
+        test that anonymous user permissions are applied
+        to whois output - any pocs other than public ones should
+        be excluded
+        """
+
+        # whois does not go to the command's stdout so we need to
+        # capture the output through sys.stdout
+        out = StringIO.StringIO()
+        oldout = sys.stdout
+        sys.stdout = out
+
+        call_command("pdb_whois", "as63311")
+
+        # restore sys.stdout
+        sys.stdout = oldout
+
+        out = out.getvalue()
+
+        assert out.find("POC-Private") == -1
+        assert out.find("POC-Users") == -1
+        assert out.find("POC-Public") > -1