Commit 6b75d4bf authored by Sofia Papagiannaki's avatar Sofia Papagiannaki
Browse files

Change pithos api public object handling

Expose public URL information only to the object owners.
parent d836b60d
......@@ -565,14 +565,33 @@ class ContainerGet(BaseTestCase):
self.assertEqual(objs, ['folder', 'folder/object'])
def test_list_public(self):
token = OTHER_ACCOUNTS.keys()[0]
account = OTHER_ACCOUNTS[token]
cl = Pithos_Client(get_url(), token, account)
self.client.publish_object(self.container[0], self.obj[0]['name'])
objs = self.client.list_objects(self.container[0], public=True)
self.assertEqual(objs, [self.obj[0]['name']])
self.assert_raises_fault(
403, cl.list_objects, self.container[0], public=True,
account=get_user()
)
self.client.share_object(
self.container[0], self.obj[1]['name'], [account]
)
objs = cl.list_objects(
self.container[0], public=True, account=get_user()
)
self.assertTrue(self.obj[0]['name'] not in objs)
# create child object
self.upload_random_data(self.container[0], strnextling(self.obj[0]['name']))
objs = self.client.list_objects(self.container[0], public=True)
self.assertEqual(objs, [self.obj[0]['name']])
objs = cl.list_objects(
self.container[0], public=True, account=get_user()
)
self.assertTrue(self.obj[0]['name'] not in objs)
# test inheritance
self.client.create_folder(self.container[1], 'folder')
......@@ -580,18 +599,35 @@ class ContainerGet(BaseTestCase):
self.upload_random_data(self.container[1], 'folder/object')
objs = self.client.list_objects(self.container[1], public=True)
self.assertEqual(objs, ['folder'])
self.assert_raises_fault(
403, cl.list_objects, self.container[1], public=True,
account=get_user()
)
def test_list_shared_public(self):
token = OTHER_ACCOUNTS.keys()[0]
account = OTHER_ACCOUNTS[token]
cl = Pithos_Client(get_url(), token, account)
self.client.share_object(self.container[0], self.obj[0]['name'], ('*',))
self.client.publish_object(self.container[0], self.obj[1]['name'])
objs = self.client.list_objects(self.container[0], shared=True, public=True)
self.assertEqual(objs, [self.obj[0]['name'], self.obj[1]['name']])
objs = cl.list_objects(
self.container[0], shared=True, public=True, account=get_user()
)
self.assertEqual(objs, [self.obj[0]['name']])
# create child object
self.upload_random_data(self.container[0], strnextling(self.obj[0]['name']))
self.upload_random_data(self.container[0], strnextling(self.obj[1]['name']))
objs = self.client.list_objects(self.container[0], shared=True, public=True)
self.assertEqual(objs, [self.obj[0]['name'], self.obj[1]['name']])
objs = cl.list_objects(
self.container[0], shared=True, public=True, account=get_user()
)
self.assertEqual(objs, [self.obj[0]['name']])
# test inheritance
self.client.create_folder(self.container[1], 'folder1')
......@@ -602,6 +638,10 @@ class ContainerGet(BaseTestCase):
o = self.upload_random_data(self.container[1], 'folder2/object')
objs = self.client.list_objects(self.container[1], shared=True, public=True)
self.assertEqual(objs, ['folder1', 'folder1/object', 'folder2'])
objs = cl.list_objects(
self.container[1], shared=True, public=True, account=get_user()
)
self.assertEqual(objs, ['folder1', 'folder1/object'])
def test_list_objects(self):
objects = self.client.list_objects(self.container[0])
......@@ -2357,6 +2397,14 @@ class TestPublish(BaseTestCase):
data = resp.read(length)
self.assertEqual(o_data, data)
token = OTHER_ACCOUNTS.keys()[0]
account = OTHER_ACCOUNTS[token]
cl = Pithos_Client(get_url(), token, account)
self.client.share_object('c', 'o', (account,))
meta = cl.retrieve_object_metadata('c', 'o', account=get_user())
self.assertTrue('x-object-public' not in meta)
class TestPolicies(BaseTestCase):
def test_none_versioning(self):
self.client.create_container('c', policies={'versioning':'none'})
......
......@@ -27,6 +27,8 @@ Document Revisions
========================= ================================
Revision Description
========================= ================================
0.13 (Mar 27, 2013) Restrict public object listing only to the owner.
Do not propagate public URL information in shared objects.
0.13 (Jan 21, 2013) Proxy identity management services
\ UUID to displayname translation
0.9 (Feb 17, 2012) Change permissions model.
......@@ -367,7 +369,7 @@ limit The amount of results requested (default is 10000)
marker Return containers with name lexicographically after marker
format Optional extended reply type (can be ``json`` or ``xml``)
shared Show only shared containers (no value parameter)
public Show only public containers (no value parameter)
public Show only public containers (no value parameter / avalaible only for owner requests)
until Optional timestamp
====================== =========================
......@@ -542,8 +544,8 @@ delimiter Return objects up to the delimiter (discussion follows)
path Assume ``prefix=path`` and ``delimiter=/``
format Optional extended reply type (can be ``json`` or ``xml``)
meta Return objects that satisfy the key queries in the specified comma separated list (use ``<key>``, ``!<key>`` for existence queries, ``<key><op><value>`` for value queries, where ``<op>`` can be one of ``=``, ``!=``, ``<=``, ``>=``, ``<``, ``>``)
shared Show only shared objects (no value parameter)
public Show only public containers (no value parameter)
shared Show only objects (no value parameter)
public Show only public objects (no value parameter / avalaible only for owner reqeusts)
until Optional timestamp
====================== ===================================
......@@ -1136,6 +1138,8 @@ Read and write control in Pithos is managed by setting appropriate permissions w
A user may ``GET`` another account or container. The result will include a limited reply, containing only the allowed containers or objects respectively. A top-level request with an authentication token, will return a list of allowed accounts, so the user can easily find out which other users share objects. The ``X-Object-Allowed-To`` header lists the actions allowed on an object, if it does not belong to the requesting user.
Shared objects that are also public do not expose the ``X-Object-Public`` meta information.
Objects that are marked as public, via the ``X-Object-Public`` meta, are also available at the corresponding URI returned for ``HEAD`` or ``GET``. Requests for public objects do not need to include an ``X-Auth-Token``. Pithos will ignore request parameters and only include the following headers in the reply (all ``X-Object-*`` meta is hidden):
========================== ===============================
......
......@@ -375,7 +375,7 @@ def container_list(request, v_account):
if 'shared' in request.GET:
shared = True
public = False
if 'public' in request.GET:
if request.user_uniq == v_account and 'public' in request.GET:
public = True
try:
......@@ -647,7 +647,7 @@ def object_list(request, v_account, v_container):
if 'shared' in request.GET:
shared = True
public = False
if 'public' in request.GET:
if request.user_uniq == v_account and 'public' in request.GET:
public = True
if request.serialization == 'text':
......@@ -730,7 +730,7 @@ def object_list(request, v_account, v_container):
update_sharing_meta(request, permissions, v_account,
v_container, meta['name'], meta)
public = object_public.get(meta['name'], None)
if public:
if public and request.user_uniq == v_account:
update_public_meta(public, meta)
object_meta.append(printable_header_dict(meta))
......@@ -776,7 +776,8 @@ def object_meta(request, v_account, v_container, v_object):
update_manifest_meta(request, v_account, meta)
update_sharing_meta(
request, permissions, v_account, v_container, v_object, meta)
update_public_meta(public, meta)
if request.user_uniq == v_account:
update_public_meta(public, meta)
# Evaluate conditions.
validate_modification_preconditions(request, meta)
......@@ -851,7 +852,8 @@ def object_read(request, v_account, v_container, v_object):
update_manifest_meta(request, v_account, meta)
update_sharing_meta(
request, permissions, v_account, v_container, v_object, meta)
update_public_meta(public, meta)
if request.user_uniq == v_account:
update_public_meta(public, meta)
# Evaluate conditions.
validate_modification_preconditions(request, meta)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment