diff options
-rw-r--r-- | server/src/leap/soledad/server/auth.py | 11 | ||||
-rw-r--r-- | testing/tests/server/test_server.py | 8 |
2 files changed, 6 insertions, 13 deletions
diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py index b0764569..f3d9c8a8 100644 --- a/server/src/leap/soledad/server/auth.py +++ b/server/src/leap/soledad/server/auth.py @@ -100,7 +100,7 @@ class URLToAuthorization(object): /shared-db/docs | - /shared-db/doc/{any_id} | GET, PUT, DELETE /shared-db/sync-from/{source} | - - /user-db | GET, PUT, DELETE + /user-db | - /user-db/docs | - /user-db/doc/{id} | - /user-db/sync-from/{source} | GET, PUT, POST @@ -108,19 +108,12 @@ class URLToAuthorization(object): # auth info for global resource self._register('/', [self.HTTP_METHOD_GET]) # auth info for shared-db database resource - self._register( - '/%s' % SHARED_DB_NAME, - [self.HTTP_METHOD_GET]) + self._register('/%s' % SHARED_DB_NAME, [self.HTTP_METHOD_GET]) # auth info for shared-db doc resource self._register( '/%s/doc/{id:.*}' % SHARED_DB_NAME, [self.HTTP_METHOD_GET, self.HTTP_METHOD_PUT, self.HTTP_METHOD_DELETE]) - # auth info for user-db database resource - self._register( - '/%s' % self._user_db_name, - [self.HTTP_METHOD_GET, self.HTTP_METHOD_PUT, - self.HTTP_METHOD_DELETE]) # auth info for user-db sync resource self._register( '/%s/sync-from/{source_replica_uid}' % self._user_db_name, diff --git a/testing/tests/server/test_server.py b/testing/tests/server/test_server.py index 6710caaf..cae2e75c 100644 --- a/testing/tests/server/test_server.py +++ b/testing/tests/server/test_server.py @@ -110,7 +110,7 @@ class ServerAuthorizationTestCase(BaseSoledadTest): /shared-db/docs | - /shared-db/doc/{id} | GET, PUT, DELETE /shared-db/sync-from/{source} | - - /user-db | GET, PUT, DELETE + /user-db | - /user-db/docs | - /user-db/doc/{id} | - /user-db/sync-from/{source} | GET, PUT, POST @@ -174,13 +174,13 @@ class ServerAuthorizationTestCase(BaseSoledadTest): authmap.is_authorized( self._make_environ('/shared/sync-from/x', 'POST'))) # test user-db database resource auth - self.assertTrue( + self.assertFalse( authmap.is_authorized( self._make_environ('/%s' % dbname, 'GET'))) - self.assertTrue( + self.assertFalse( authmap.is_authorized( self._make_environ('/%s' % dbname, 'PUT'))) - self.assertTrue( + self.assertFalse( authmap.is_authorized( self._make_environ('/%s' % dbname, 'DELETE'))) self.assertFalse( |