Disable Community Results page and restrict access to results

to logged in users

JIRA: DOVETAIL-736

This patch disables the Community Results page. Furthermore,
allows only logged in users to fetch results from the rest api.
Finally, fixes a minor bug on the javascript side, where the name
of the logged in user is stored.

Change-Id: Iedf1f170746501455662dc7e1d01ae0508f79488
Signed-off-by: Stamatis Katsaounis <mokats@intracom-telecom.com>

diff --git a/3rd_party/static/testapi-ui/app.js b/3rd_party/static/testapi-ui/app.js
index 02cd768..edf7663 100644 (file)
--- a/3rd_party/static/testapi-ui/app.js
+++ b/3rd_party/static/testapi-ui/app.js
@@ -55,11 +55,11 @@
                 templateUrl: 'testapi-ui/components/guidelines/guidelines.html',
                 controller: 'GuidelinesController as ctrl'
             }).
-            state('communityResults', {
-                url: '/community_results',
-                templateUrl: 'testapi-ui/components/results/results.html',
-                controller: 'ResultsController as ctrl'
-            }).
+            // state('communityResults', {
+            //     url: '/community_results',
+            //     templateUrl: 'testapi-ui/components/results/results.html',
+            //     controller: 'ResultsController as ctrl'
+            // }).
             state('userResults', {
                 url: '/user_results',
                 templateUrl: 'testapi-ui/components/results/results.html',
@@ -78,7 +78,7 @@
             }).
             state('authPortal', {
                 url: '/auth_portal',
-                templateUrl: 'testapi-ui/components/auth/authPortal.html' 
+                templateUrl: 'testapi-ui/components/auth/authPortal.html'
             }).
             state('authFailure', {
                 url: '/auth_failure',
@@ -173,7 +173,7 @@
         $rootScope.auth.doSignIn = doSignIn;
         $rootScope.auth.doSignOut = doSignOut;
         $rootScope.auth.doSignCheck = doSignCheck;
-        
+
 
         var sign_in_url = testapiApiUrl + '/auth/signin';
         var sign_out_url = testapiApiUrl + '/auth/signout';

diff --git a/3rd_party/static/testapi-ui/components/results/resultsController.js b/3rd_party/static/testapi-ui/components/results/resultsController.js
index aa593dc..03c367c 100644 (file)
--- a/3rd_party/static/testapi-ui/components/results/resultsController.js
+++ b/3rd_party/static/testapi-ui/components/results/resultsController.js
@@ -111,7 +111,7 @@
         // need auth to browse
         ctrl.isUserResults = $state.current.name === 'userResults';
 
-        ctrl.currentUser = $scope.auth.name;
+        ctrl.currentUser = $scope.auth.currentUser ? $scope.auth.currentUser.openid : null;
         console.log($scope.auth);
 
         // Should only be on user-results-page if authenticated.

diff --git a/opnfv_testapi/resources/test_handlers.py b/opnfv_testapi/resources/test_handlers.py
index 0cc60d5..5ecb176 100644 (file)
--- a/opnfv_testapi/resources/test_handlers.py
+++ b/opnfv_testapi/resources/test_handlers.py
@@ -74,6 +74,10 @@ class TestsCLHandler(GenericTestHandler):
             'per_page': CONF.api_results_per_page
         }
 
+        curr_user = self.get_secure_cookie(auth_const.OPENID)
+        if curr_user is None:
+            raises.Unauthorized(message.no_auth())
+
         query = yield self.set_query()
         yield self._list(query=query, **limitations)
         logging.debug('list end')