Allow unsharing from a space without org visibilty#1024
Conversation
|
Hey ablease! Thanks for submitting this pull request! I'm here to inform the recipients of the pull request that you and the commit authors have already signed the CLA. |
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/153410785 The labels on this github issue will be updated when the story is started. |
|
|
||
| private | ||
|
|
||
| class ServiceInstanceSharedToEagerLoader |
There was a problem hiding this comment.
This class will not be private unless you do
private_constant :ServiceInstanceSharedToEagerLoaderThere was a problem hiding this comment.
Thanks, we've made this change.
There was a problem hiding this comment.
Changes for this included in #1033 and can be viewed here: cloudfoundry-incubator@ff8276e#diff-9b86a08059c9bdc2b6875a70abf9ee29R366
| def create_paginated_collection_renderer(service_instance) | ||
| VCAP::CloudController::RestController::PaginatedCollectionRenderer.new( | ||
| VCAP::CloudController::RestController::SecureEagerLoader.new, | ||
| ServiceInstanceSharedToEagerLoader.new, |
There was a problem hiding this comment.
This feels like a pretty fundamental change to service instances controller. Subverting the framework and how it expects to load associations could lead to confusing behavior later. I'm surprised this didn't break any existing tests.
Is there another way we could configure the framework to eager load organizations in addition to it's usual machinations?
There was a problem hiding this comment.
The create_paginated_collection_renderer method, the ServiceInstanceSharedToEagerLoader and the ServiceInstanceSharedToSerializer are only used by the '/v2/service_instances/:guid/shared_to' endpoint. These are used to support paginated rendering using the custom ServiceInstanceSharedToPresenter presenter. We could not use the existing serialiser class as SharedTo does not have an associated model object. The eager loader is overridden in order to load the organisation model that is required by the presenter to display the org name.
These changes are confined to the shared_to endpoint, so it hasn't changed behaviour elsewhere in the controller.
* cloudfoundry#1006 * cloudfoundry#1007 * cloudfoundry#1024 Signed-off-by: Sam Gunaratne <sgunaratne@pivotal.io>
* cloudfoundry#1006 * cloudfoundry#1007 * cloudfoundry#1024 Signed-off-by: Denise Yu <dyu@pivotal.io>
[#152922808] Signed-off-by: Jen Spinney <jennifer.spinney@suse.com>
[#152922808] Signed-off-by: Sam Gunaratne <sgunaratne@pivotal.io>
[#152922808] Signed-off-by: Denise Yu <dyu@pivotal.io>
[#152922808] Signed-off-by: Denise Yu <dyu@pivotal.io>
* Add additional tests for user provided services and service instance sharing Signed-off-by: Sam Gunaratne <sgunaratne@pivotal.io>
422 Unprocessable is a more appropriate error message as the syntax of the request is correct, however the semantics of the request are wrong. [#153176525] Signed-off-by: Jen Spinney <jennifer.spinney@suse.com>
* This allows developers who does not have cross space access to discover the space_guid when using service instance sharing. [#153244755] Signed-off-by: Sam Gunaratne <sgunaratne@pivotal.io>
* This could introduce a name clash in spaces receiving a shared instance [#152109574]
[#153244755] Signed-off-by: Alex Blease <ablease@pivotal.io>
* cloudfoundry#1006 * cloudfoundry#1007 * cloudfoundry#1024 Signed-off-by: Denise Yu <dyu@pivotal.io>
b92253d to
e98c34c
Compare
|
|
||
| describe 'permissions' do | ||
| let(:user) { User.make } | ||
| let(:other_org) { Organization.make } |
There was a problem hiding this comment.
Per the conversation that led to PR #1023, please prefer target_org over other_org; same for space.
There was a problem hiding this comment.
Thanks @elenasharma, it will be easier for us to fix this with a new commit on top rather than rebase everything, would that be OK?
| it "has a #{expected_status} http status code" do | ||
| get "/v2/service_instances/#{instance.guid}/shared_to" | ||
| expect(last_response.status).to eq(expected_status), "Expected #{expected_status}, got: #{last_response.status}, role: #{role}" | ||
| expect(last_response.status).to eq(expected_status), "Expected #{expected_status}, got: #{last_response.status}, role: #{role}, response: #{last_response.body}" |
There was a problem hiding this comment.
Is the last_response.body part intentional? We often use this during development for extra information, but typically don't commit uses of it.
There was a problem hiding this comment.
This was probably unintentional! We will remove it.
| end | ||
| end | ||
|
|
||
| context 'when the user is a member of the org/space where the service instance was shared to' do |
There was a problem hiding this comment.
We'd expect to see a test case for the encountered bug, e.g. given two developers: a developer in space-1 and space-2 and a developer in space-1:
- the first developer shares service instance
SIintospace-2 - the second developer can unshare
SIout ofspace-2
There was a problem hiding this comment.
@elenasharma we're not clear what you mean here. This endpoint is not for unsharing, it's for a developer in a service instance's source space to view the space GUIDs where the service instance has been shared to. Developers in recipient spaces shouldn't have access to this, because then they'd learn about all the other places that the service instance has been shared to, and this is a workflow we don't want to currently permit.
We do test the workflow where a source-space-only developer unshares a service instance in the v3/controllers unit test for unsharing: https://github.com/cloudfoundry/cloud_controller_ng/blob/master/spec/unit/controllers/v3/service_instances_controller_spec.rb#L480-L505
If we've misunderstood what you meant, please let us know!
As an app dev (sharer), I can unshare a service instance from a space where I do not have access.
#153244755
NOTE: This PR builds on top of #1023, which should be merged first. The actual changes on top of #1023 can be viewed in this diff.
This PR address a bug that was discovered after this PR was made to the CLI. When attempting to unshare a service instance from a space where the current user did not have access to that space, the unshare failed.
I have reviewed the contributing guide
I have viewed, signed, and submitted the Contributor License Agreement
I have made this pull request to the
masterbranchI have run all the unit tests using
bundle exec rakeI have run CF Acceptance Tests
Thanks,
Sapi team (alex, @deniseyu, @jenspinney)