Look up user associated with staging_task (if provided)

This will allow staging plugins to execute services related operations on behalf of the user whose app is being staged. Test plan: - New unit tests pass Change-Id: Ifffe7b97047f540b63c1774e6a605b5e80e76855
cloudfoundry-attic · Nov 7, 2011 · d8d7fb0 · d8d7fb0
1 parent a9334ff
commit d8d7fb0
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 1 deletion.
diff --git a/cloud_controller/app/controllers/services_controller.rb b/cloud_controller/app/controllers/services_controller.rb
@@ -8,7 +8,7 @@ class ServicesController < ApplicationController
 
   before_filter :validate_content_type
   before_filter :require_service_auth_token, :only => [:create, :delete, :update_handle, :list_handles, :list_brokered_services]
-  before_filter :require_user, :only => [:provision, :bind, :bind_external, :unbind, :unprovision]
+  before_filter :require_user_or_staging_task_id, :only => [:provision, :bind, :bind_external, :unbind, :unprovision]
 
   rescue_from(JsonMessage::Error) {|e| render :status => 400, :json =>  {:errors => e.to_s}}
   rescue_from(ActiveRecord::RecordInvalid) {|e| render :status => 400, :json =>  {:errors => e.to_s}}
@@ -246,6 +246,14 @@ def unbind
 
   protected
 
+  def require_user_or_staging_task_id
+    unless user
+      staging_task  = StagingTask.find_task(params[:staging_task_id])
+      @current_user = staging_task.user if staging_task
+    end
+    raise CloudError.new(CloudError::FORBIDDEN) unless user
+  end
+
   def require_service_auth_token
     hdr = VCAP::Services::Api::GATEWAY_TOKEN_HEADER.upcase.gsub(/-/, '_')
     @service_auth_token = request.headers[hdr]

diff --git a/cloud_controller/spec/controllers/services_controller_spec.rb b/cloud_controller/spec/controllers/services_controller_spec.rb
@@ -392,6 +392,30 @@ def unbind_instance(service_id, handle_id, binding_options)
       request.env['HTTP_AUTHORIZATION'] = UserToken.create('foo@bar.com').encode
     end
 
+    describe '#require_user_or_staging_task_id' do
+      it 'should raise an instance of CloudError if no user or staging task id is supplied' do
+        @controller.stubs(:user).returns(nil)
+        @controller.stubs(:params).returns({})
+        begin
+          exception_thrown = false
+          @controller.send(:require_user_or_staging_task_id)
+        rescue CloudError => ce
+          exception_thrown = true
+          ce.status.should == CloudError::HTTP_FORBIDDEN
+        end
+        exception_thrown.should be_true
+      end
+
+      it 'should set the user for the request to the user associated with the supplied staging task' do
+        @controller.stubs(:params).returns({:staging_task_id => 1})
+        mock_task = mock()
+        mock_task.expects(:user).returns(@user)
+        StagingTask.expects(:find_task).with(1).returns(mock_task)
+        @controller.send(:require_user_or_staging_task_id)
+        @controller.send(:user).should == @user
+      end
+    end
+
     describe '#provision' do
 
       it 'should return not authorized for unknown users' do