#8005 Subprojects not checked for 'deleted' flag

v1.4.0
closed
General
2016-03-28
2015-10-19
No

Subprojects don't get their 'deleted' flag checked, so they are still accessible to non-admins. We should fix this.

Also, if there is a deleted subproject and a regular tool of the same name, the regular tool should always take precedence.

Discussion

  • Pranav Sharma

    Pranav Sharma - 2015-11-17
    • status: open --> in-progress
     
  • Pranav Sharma

    Pranav Sharma - 2015-12-19

    How to reproduce this situation locally?

     
    • Dave Brondsema

      Dave Brondsema - 2015-12-22

      On a subproject, go to its Admin / Metadata page and then change its status to Deleted (by clicking on the icon next to "Project Status"). Make sure there is a regular tool (blog, wiki, etc) installed on the subproject. Then go to the subproject URL as a logged out user. You will still see the blog or wiki or whatever is in the tool, but you should not because only admins should have access to deleted projects/subprojects.

      Moreover, if you go to the parent project and install a regular tool with the same mount point as the subproject, then going to that URL shows you the deleted subproject instead of the new tool.

       
  • Dave Brondsema

    Dave Brondsema - 2016-01-25
    • labels: --> sf-current, sf-1
     
    • Pranav Sharma

      Pranav Sharma - 2016-03-12

      @Dave

      I have resolved the first problem. But about the second, should we allow the user to use a deleted mount point or not?

       
  • Pranav Sharma

    Pranav Sharma - 2016-03-18

    @Dave, I have changed the code. The tests are passing, i.e, all the tests that aer failing, are failing on the master branch too, which doesn't seems to be a problem of this code. Please check the branch below

    https://forge-allura.apache.org/u/pranav/allura/ci/pr/8005/~/tree/

     

    Last edit: Pranav Sharma 2016-03-18
    • Pranav Sharma

      Pranav Sharma - 2016-03-19

      And a last thing I would like to ask you, where should I write tests related to this ticket? I'm thinking to add a test for 404 error if anon tries to acces deleted subproject/tool, and reassigning mount point to a tool, after the subproject.

      Also it's not too clear for me about the second part. How can I verify that it is the new tool which is accessed and not the subproject?

       
  • Dave Brondsema

    Dave Brondsema - 2016-03-28
    • status: in-progress --> closed
    • assigned_to: Pranav Sharma
     
  • Dave Brondsema

    Dave Brondsema - 2016-03-28

    Looks good, merged!

     
  • Dave Brondsema

    Dave Brondsema - 2016-04-11
    • Milestone: unreleased --> v1.4.0
     

Log in to post a comment.