#342 fixed not showing scripts in admin panel, if they are not allowed

Author: bugy

src/config/config_service.py

@@ -92,7 +92,11 @@ def _save_config(self, config, path):
         config_json = json.dumps(sorted_config, indent=2)
         file_utils.write_file(path, config_json)
 
-    def list_configs(self, user):
+    def list_configs(self, user, mode=None):
+        edit_mode = mode == 'edit'
+        if edit_mode:
+            self._check_admin_access(user)
+
         conf_service = self
 
         def load_script(path, content):
@@ -103,7 +107,7 @@ def load_script(path, content):
                 if short_config is None:
                     return None
 
-                if not conf_service._can_access_script(user, short_config):
+                if (not edit_mode) and (not conf_service._can_access_script(user, short_config)):
                     return None
 
                 return short_config
@@ -194,7 +198,7 @@ def _can_access_script(self, user, short_config):
 
     def _check_admin_access(self, user):
         if not self._authorizer.is_admin(user.user_id):
-            raise AdminAccessRequiredException('Access to script is prohibited for ' + str(user))
+            raise AdminAccessRequiredException('Admin access to scripts is prohibited for ' + str(user))
 
 
 class ConfigNotAllowedException(Exception):

src/tests/config_service_test.py

@@ -126,6 +126,27 @@ def test_list_configs_when_none_allowed(self):
 
         self.assert_list_config_names(self.user1, [])
 
+    def test_list_configs_when_edit_mode_and_admin(self):
+        _create_script_config_file('a1', allowed_users=['adm_user'])
+        _create_script_config_file('c2', allowed_users=['adm_user'])
+
+        self.assert_list_config_names(self.admin_user, ['a1', 'c2'], mode='edit')
+
+    def test_list_configs_when_edit_mode_and_admin_without_allowance(self):
+        _create_script_config_file('a1', allowed_users=['user1'])
+        _create_script_config_file('c2', allowed_users=['adm_user'])
+
+        self.assert_list_config_names(self.admin_user, ['a1', 'c2'], mode='edit')
+
+    def test_list_configs_when_edit_mode_and_non_admin(self):
+        _create_script_config_file('a1', allowed_users=['user1'])
+        _create_script_config_file('c2', allowed_users=['user1'])
+
+        self.assertRaises(AdminAccessRequiredException,
+                          self.config_service.list_configs,
+                          self.user1,
+                          'edit')
+
     def test_load_config_when_user_allowed(self):
         _create_script_config_file('my_script', allowed_users=['ABC', 'user1', 'qwerty'])
 
@@ -138,8 +159,8 @@ def test_load_config_when_user_not_allowed(self):
 
         self.assertRaises(ConfigNotAllowedException, self.config_service.load_config_model, 'my_script', self.user1)
 
-    def assert_list_config_names(self, user, expected_names):
-        configs = self.config_service.list_configs(user)
+    def assert_list_config_names(self, user, expected_names, mode=None):
+        configs = self.config_service.list_configs(user, mode)
         conf_names = [config.name for config in configs]
         self.assertCountEqual(expected_names, conf_names)
 
@@ -151,8 +172,9 @@ def setUp(self):
         super().setUp()
         test_utils.setup()
 
-        authorizer = Authorizer([], [], [], EmptyGroupProvider())
+        authorizer = Authorizer([], ['adm_user'], [], EmptyGroupProvider())
         self.user1 = User('user1', {})
+        self.admin_user = User('adm_user', {})
         self.config_service = ConfigService(authorizer, test_utils.temp_folder)
 
 

src/web/server.py

@@ -209,7 +209,9 @@ class GetScripts(BaseRequestHandler):
     @check_authorization
     @inject_user
     def get(self, user):
-        configs = self.application.config_service.list_configs(user)
+        mode = self.get_query_argument('mode', default=None)
+
+        configs = self.application.config_service.list_configs(user, mode)
 
         scripts = [{'name': conf.name, 'group': conf.group} for conf in configs]
 

web-src/src/admin/store/scripts-module.js

@@ -13,7 +13,7 @@ export default {
         init({commit}) {
             commit('SET_LOADING', true);
 
-            axiosInstance.get('scripts').then(({data}) => {
+            axiosInstance.get('scripts', {params: {mode: 'edit'}}).then(({data}) => {
                 const {scripts} = data;
                 let scriptNames = scripts.map(s => s.name);
                 scriptNames.sort(function (name1, name2) {