Permalink
Browse files

Look up user associated with staging_task (if provided)

This will allow staging plugins to execute services related operations
on behalf of the user whose app is being staged.

Test plan:
- New unit tests pass

Change-Id: Ifffe7b97047f540b63c1774e6a605b5e80e76855
  • Loading branch information...
1 parent a9334ff commit d8d7fb0fb0c41045073e61c6aaa3753d832f9113 mpage committed Oct 19, 2011
@@ -8,7 +8,7 @@ class ServicesController < ApplicationController
before_filter :validate_content_type
before_filter :require_service_auth_token, :only => [:create, :delete, :update_handle, :list_handles, :list_brokered_services]
- before_filter :require_user, :only => [:provision, :bind, :bind_external, :unbind, :unprovision]
+ before_filter :require_user_or_staging_task_id, :only => [:provision, :bind, :bind_external, :unbind, :unprovision]
rescue_from(JsonMessage::Error) {|e| render :status => 400, :json => {:errors => e.to_s}}
rescue_from(ActiveRecord::RecordInvalid) {|e| render :status => 400, :json => {:errors => e.to_s}}
@@ -246,6 +246,14 @@ def unbind
protected
+ def require_user_or_staging_task_id
+ unless user
+ staging_task = StagingTask.find_task(params[:staging_task_id])
+ @current_user = staging_task.user if staging_task
+ end
+ raise CloudError.new(CloudError::FORBIDDEN) unless user
+ end
+
def require_service_auth_token
hdr = VCAP::Services::Api::GATEWAY_TOKEN_HEADER.upcase.gsub(/-/, '_')
@service_auth_token = request.headers[hdr]
@@ -392,6 +392,30 @@ def unbind_instance(service_id, handle_id, binding_options)
request.env['HTTP_AUTHORIZATION'] = UserToken.create('foo@bar.com').encode
end
+ describe '#require_user_or_staging_task_id' do
+ it 'should raise an instance of CloudError if no user or staging task id is supplied' do
+ @controller.stubs(:user).returns(nil)
+ @controller.stubs(:params).returns({})
+ begin
+ exception_thrown = false
+ @controller.send(:require_user_or_staging_task_id)
+ rescue CloudError => ce
+ exception_thrown = true
+ ce.status.should == CloudError::HTTP_FORBIDDEN
+ end
+ exception_thrown.should be_true
+ end
+
+ it 'should set the user for the request to the user associated with the supplied staging task' do
+ @controller.stubs(:params).returns({:staging_task_id => 1})
+ mock_task = mock()
+ mock_task.expects(:user).returns(@user)
+ StagingTask.expects(:find_task).with(1).returns(mock_task)
+ @controller.send(:require_user_or_staging_task_id)
+ @controller.send(:user).should == @user
+ end
+ end
+
describe '#provision' do
it 'should return not authorized for unknown users' do

0 comments on commit d8d7fb0

Please sign in to comment.