fix tests according to the new ACL policy

2026-05-15 14:16:08 -06:00 · 2017-06-15 23:30:19 +02:00 · 2017-06-15 23:30:19 +02:00 · 104f6c3988
commit 104f6c3988
parent 7e2819953a
2 changed files with 13 additions and 3 deletions
--- a/burpui/routes.py
+++ b/burpui/routes.py
@ -101,7 +101,7 @@ def calendar(server=None, client=None):
@login_required
 def settings(server=None, conf=None):
    # Only the admin can edit the configuration
-    if bui.acl and not bui.acl.is_admin(getattr(current_user, 'name', None)):
+    if hasattr(current_user, 'acl') and not current_user.acl.is_admin():
        abort(403)
    if not conf:
        try:
@ -124,7 +124,7 @@ def settings(server=None, conf=None):
@login_required
 def admin():
    # Only the admin can access this page
-    if bui.acl and not bui.acl.is_admin(getattr(current_user, 'name', None)):
+    if hasattr(current_user, 'acl') and not current_user.acl.is_admin():
        abort(403)
    return render_template('admin.html', admin=True, ng_controller='AdminCtrl')

@ -144,7 +144,7 @@ def me():
@login_required
 def cli_settings(server=None, client=None, conf=None):
    # Only the admin can edit the configuration
-    if bui.acl and not bui.acl.is_admin(getattr(current_user, 'name', None)):
+    if hasattr(current_user, 'acl') and not current_user.acl.is_admin():
        abort(403)
    if not conf:
        try:
--- a/tests/test_burpui.py
+++ b/tests/test_burpui.py
@ -110,16 +110,25 @@ class BurpuiAPITestCase(TestCase):
        bui.config['TESTING'] = True
        bui.config['LOGIN_DISABLED'] = True
        bui.config['CFG'] = conf
+        bui.config['SECRET_KEY'] = 'nyan'
        bui.login_manager.init_app(bui)
        self.bui = bui
        return bui

+    def login(self, username, password):
+        return self.client.post(url_for('view.login'), data=dict(
+            username=username,
+            password=password,
+            language='en'
+        ), follow_redirects=True)
+
    def test_no_clients(self):
        response = self.client.get(url_for('api.clients_stats'))
        self.assertEquals(json.loads(response.data.decode('utf-8'))['message'], u'Cannot contact burp server at 127.0.0.1:9999')
        self.assert500(response)

    def test_server_config_parsing(self):
+        rv = self.login('admin', 'admin')
        response = self.client.get(url_for('api.server_settings'))
        asse = dict((
                    (
@ -145,6 +154,7 @@ class BurpuiAPITestCase(TestCase):
        self.assertEquals(response.json, asse)

    def test_client_config_parsing(self):
+        rv = self.login('admin', 'admin')
        response = self.client.get(url_for('api.client_settings', client='toto'))
        asse = dict((
                    (