return to put anonymous access to erasures documents

2020-08-06 15:55:14 +02:00 · 2020-08-06 15:55:14 +02:00 · d973b479cf
parent 27ab4cf2ef
commit d973b479cf
2 changed files with 16 additions and 10 deletions
--- a/ereuse_devicehub/resources/documents/documents.py
+++ b/ereuse_devicehub/resources/documents/documents.py
@ -20,6 +20,7 @@ from ereuse_devicehub.resources.device import models as devs
 from ereuse_devicehub.resources.device.views import DeviceView
 from ereuse_devicehub.resources.documents.device_row import DeviceRow

+from flask import g, request

 class Format(enum.Enum):
    HTML = 'HTML'
@ -153,7 +154,7 @@ class DocumentDef(Resource):
    __type__ = 'Document'
    SCHEMA = None
    VIEW = None  # We do not want to create default / documents endpoint
-
+    AUTH = False
    def __init__(self, app,
                 import_name=__name__,
                 static_folder='static',
@ -171,16 +172,21 @@ class DocumentDef(Resource):

        view = DocumentView.as_view('main', definition=self, auth=app.auth)

-        view = app.auth.requires_auth(view)
+        # TODO @cayop This two lines never pass
+        if self.AUTH:
+            view = app.auth.requires_auth(view)
+
        self.add_url_rule('/erasures/', defaults=d, view_func=view, methods=get)
        self.add_url_rule('/erasures/<{}:{}>'.format(self.ID_CONVERTER.value, self.ID_NAME),
                          view_func=view, methods=get)
+
        devices_view = DevicesDocumentView.as_view('devicesDocumentView',
                                                   definition=self,
                                                   auth=app.auth)
+
        devices_view = app.auth.requires_auth(devices_view)
-
-        stock_view = StockDocumentView.as_view('stockDocumentView', definition=self)
-
        self.add_url_rule('/devices/', defaults=d, view_func=devices_view, methods=get)
+
+        stock_view = StockDocumentView.as_view('stockDocumentView', definition=self, auth=app.auth)
+        stock_view = app.auth.requires_auth(stock_view)
        self.add_url_rule('/stock/', defaults=d, view_func=stock_view, methods=get)
--- a/tests/test_documents.py
+++ b/tests/test_documents.py
@ -13,7 +13,7 @@ from tests.conftest import file


@pytest.mark.mvp
-def test_erasure_certificate_public_one(user: UserClient):
+def test_erasure_certificate_public_one(user: UserClient, client: Client):
    """Public user can get certificate from one device as HTML or PDF."""
    s = file('erase-sectors.snapshot')
    snapshot, _ = user.post(s, res=Snapshot)
@ -25,7 +25,7 @@ def test_erasure_certificate_public_one(user: UserClient):
    assert '<html' in doc
    assert '2018' in doc

-    doc, response = user.get(res=documents.DocumentDef.t,
+    doc, response = client.get(res=documents.DocumentDef.t,
                               item='erasures/{}'.format(snapshot['device']['id']),
                               query=[('format', 'PDF')],
                               accept='application/pdf')
@ -33,7 +33,7 @@ def test_erasure_certificate_public_one(user: UserClient):

    erasure = next(e for e in snapshot['actions'] if e['type'] == 'EraseSectors')

-    doc, response = user.get(res=documents.DocumentDef.t,
+    doc, response = client.get(res=documents.DocumentDef.t,
                               item='erasures/{}'.format(erasure['id']),
                               accept=ANY)
    assert 'html' in response.content_type
@ -68,8 +68,8 @@ def test_erasure_certificate_private_query(user: UserClient):


@pytest.mark.mvp
-def test_erasure_certificate_wrong_id(user: UserClient):
-    user.get(res=documents.DocumentDef.t, item='erasures/this-is-not-an-id',
+def test_erasure_certificate_wrong_id(client: Client):
+    client.get(res=documents.DocumentDef.t, item='erasures/this-is-not-an-id',
               status=teal.marshmallow.ValidationError)