Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

persist admin scope for CFAdmin utils

Change-Id: I805808cc89c224cea030e83b679bff05be823a4a
  • Loading branch information...
commit 5998f9995aaeabd87b7465f81dbb8736203c507c 1 parent 57d3e42
@bmidgley bmidgley authored
Showing with 10 additions and 1 deletion.
  1. +10 −1 lib/cloud_controller.rb
View
11 lib/cloud_controller.rb
@@ -43,18 +43,27 @@ def initialize(config)
token_information = token_coder.decode(auth_token)
logger.info("Token received from the UAA #{token_information.inspect}")
uaa_id = token_information['user_id'] if token_information
+ scopes = token_information['scope'] if token_information
user = Models::User.find(:guid => uaa_id) if uaa_id
+ is_admin = scopes && scopes.include?('cloud_controller.admin')
# Bootstraping mechanism..
#
# TODO: replace this with an exteranl bootstraping mechanism.
# I'm not wild about having *any* auto-admin generation code
# in the cc.
- if (user.nil? && Models::User.count == 0 &&
+ if user.nil?
+ if is_admin ||
+ (Models::User.count == 0 &&
@config[:bootstrap_admin_email] && token_information['email'] &&
@config[:bootstrap_admin_email] == token_information['email'])
user = Models::User.create(:guid => uaa_id,
:admin => true, :active => true)
+ end
+ elsif scopes
+ # token scope is authoritative
+ user.admin = is_admin
+ user.save
end
VCAP::CloudController::SecurityContext.set(user, token_information)
Please sign in to comment.
Something went wrong with that request. Please try again.