Permalink
Browse files

persist admin scope for CFAdmin utils

Change-Id: I805808cc89c224cea030e83b679bff05be823a4a
  • Loading branch information...
1 parent 57d3e42 commit 5998f9995aaeabd87b7465f81dbb8736203c507c Brad Midgley committed Jan 3, 2013
Showing with 10 additions and 1 deletion.
  1. +10 −1 lib/cloud_controller.rb
View
@@ -43,18 +43,27 @@ def initialize(config)
token_information = token_coder.decode(auth_token)
logger.info("Token received from the UAA #{token_information.inspect}")
uaa_id = token_information['user_id'] if token_information
+ scopes = token_information['scope'] if token_information
user = Models::User.find(:guid => uaa_id) if uaa_id
+ is_admin = scopes && scopes.include?('cloud_controller.admin')
# Bootstraping mechanism..
#
# TODO: replace this with an exteranl bootstraping mechanism.
# I'm not wild about having *any* auto-admin generation code
# in the cc.
- if (user.nil? && Models::User.count == 0 &&
+ if user.nil?
+ if is_admin ||
+ (Models::User.count == 0 &&
@config[:bootstrap_admin_email] && token_information['email'] &&
@config[:bootstrap_admin_email] == token_information['email'])
user = Models::User.create(:guid => uaa_id,
:admin => true, :active => true)
+ end
+ elsif scopes
+ # token scope is authoritative
+ user.admin = is_admin
+ user.save
end
VCAP::CloudController::SecurityContext.set(user, token_information)

0 comments on commit 5998f99

Please sign in to comment.