Skip to content

Commit

Permalink
Modifying "admin" role to "owner"
Browse files Browse the repository at this point in the history 
Signed-off-by: Saman Alvi <salvi@pivotal.io>
  • Loading branch information
@pivotal-saman-alvi
Josh Winters authored and pivotal-saman-alvi committed Sep 20, 2018
1 parent bcade2a commit 1fc286e
Show file tree
Hide file tree
Showing 12 changed files with 160 additions and 160 deletions.
16 changes: 8 additions & 8 deletions atc/api/accessor/accessor.go
View file
Expand Up @@ -36,7 +36,7 @@ func (a *access) IsAuthorized(team string) bool {

if len(teamParts) == 1 {
teamName = teamParts[0]
roleName = "admin"
roleName = "owner"

} else if len(teamParts) > 1 {
teamName = teamParts[0]
Expand All @@ -52,12 +52,12 @@ func (a *access) IsAuthorized(team string) bool {

func (a *access) HasPermission(role string) bool {
switch requiredRoles[a.action] {
case "admin":
return role == "admin"
case "owner":
return role == "owner"
case "member":
return role == "admin" || role == "member"
return role == "owner" || role == "member"
case "viewer":
return role == "admin" || role == "member" || role == "viewer"
return role == "owner" || role == "member" || role == "viewer"
default:
return false
}
Expand Down Expand Up @@ -203,9 +203,9 @@ var requiredRoles = map[string]string{
atc.ListDestroyingVolumes: "viewer",
atc.ReportWorkerVolumes: "member",
atc.ListTeams: "viewer",
atc.SetTeam: "admin",
atc.RenameTeam: "admin",
atc.DestroyTeam: "admin",
atc.SetTeam: "owner",
atc.RenameTeam: "owner",
atc.DestroyTeam: "owner",
atc.ListTeamBuilds: "viewer",
atc.SendInputToBuildPlan: "member",
atc.ReadOutputFromBuildPlan: "member",
Expand Down
170 changes: 85 additions & 85 deletions atc/api/accessor/accessor_test.go
View file

Large diffs are not rendered by default.

22 changes: 11 additions & 11 deletions atc/api/teams_test.go
View file
Expand Up @@ -68,29 +68,29 @@ var _ = Describe("Teams API", func() {
fakeTeamOne.IDReturns(5)
fakeTeamOne.NameReturns(teamNames[0])
fakeTeamOne.AuthReturns(atc.TeamAuth{
"admin": atc.TeamRole{
"owner": atc.TeamRole{
"groups": []string{}, "users": []string{"local:username"},
},
})

fakeTeamTwo.IDReturns(9)
fakeTeamTwo.NameReturns(teamNames[1])
fakeTeamTwo.AuthReturns(atc.TeamAuth{
"admin": atc.TeamRole{
"owner": atc.TeamRole{
"groups": []string{}, "users": []string{"local:username"},
},
})

fakeTeamThree.IDReturns(22)
fakeTeamThree.NameReturns(teamNames[2])
fakeTeamThree.AuthReturns(atc.TeamAuth{
"admin": atc.TeamRole{
"owner": atc.TeamRole{
"groups": []string{}, "users": []string{"local:username"},
},
})
})

Context("when the requester is an admin user", func() {
Context("when the requester is an admin", func() {
BeforeEach(func() {
fakeaccess.IsAdminReturns(true)

Expand All @@ -106,23 +106,23 @@ var _ = Describe("Teams API", func() {
{
"id": 5,
"name": "avengers",
"auth": { "admin":{"users":["local:username"],"groups":[]}}
"auth": { "owner":{"users":["local:username"],"groups":[]}}
},
{
"id": 9,
"name": "aliens",
"auth": { "admin":{"users":["local:username"],"groups":[]}}
"auth": { "owner":{"users":["local:username"],"groups":[]}}
},
{
"id": 22,
"name": "predators",
"auth": { "admin":{"users":["local:username"],"groups":[]}}
"auth": { "owner":{"users":["local:username"],"groups":[]}}
}
]`))
})
})

Context("when the requester is NOT an admin user", func() {
Context("when the requester is NOT an admin", func() {
BeforeEach(func() {
fakeaccess.IsAdminReturns(false)

Expand All @@ -141,12 +141,12 @@ var _ = Describe("Teams API", func() {
{
"id": 5,
"name": "avengers",
"auth": { "admin":{"users":["local:username"],"groups":[]}}
"auth": { "owner":{"users":["local:username"],"groups":[]}}
},
{
"id": 22,
"name": "predators",
"auth": { "admin":{"users":["local:username"],"groups":[]}}
"auth": { "owner":{"users":["local:username"],"groups":[]}}
}
]`))
})
Expand Down Expand Up @@ -195,7 +195,7 @@ var _ = Describe("Teams API", func() {
BeforeEach(func() {
atcTeam = atc.Team{
Auth: atc.TeamAuth{
"admin": atc.TeamRole{
"owner": atc.TeamRole{
"users": []string{"local:username"},
},
},
Expand Down
6 changes: 3 additions & 3 deletions atc/db/migration/add_team_role_test.go
View file
Expand Up @@ -16,14 +16,14 @@ var _ = Describe("Add team roles", func() {
)

Context("Up", func() {
It("successfully adds the default 'admin' role to existing team auth", func() {
It("successfully adds the default 'owner' role to existing team auth", func() {

db = postgresRunner.OpenDBAtVersion(preMigrationVersion)
SetupTeam(db, "main", `{"users": ["local:user1"], "groups": [] }`)
db.Close()

db = postgresRunner.OpenDBAtVersion(postMigrationVersion)
ExpectTeamWithUsersAndGroupsForRole(db, "main", "admin", []string{"local:user1"}, []string{})
ExpectTeamWithUsersAndGroupsForRole(db, "main", "owner", []string{"local:user1"}, []string{})
db.Close()

})
Expand All @@ -33,7 +33,7 @@ var _ = Describe("Add team roles", func() {
It("successfully removes roles from team auth", func() {

db = postgresRunner.OpenDBAtVersion(postMigrationVersion)
SetupTeam(db, "main", `{ "admin": {"users": ["local:user1"], "groups": [] }}`)
SetupTeam(db, "main", `{ "owner": {"users": ["local:user1"], "groups": [] }}`)
db.Close()

db = postgresRunner.OpenDBAtVersion(preMigrationVersion)
Expand Down
2 changes: 1 addition & 1 deletion atc/db/migration/migrations/1537196857_add_team_roles.down.sql
View file
@@ -1,3 +1,3 @@
BEGIN;
UPDATE teams SET auth = auth::json->'admin';
UPDATE teams SET auth = auth::json->'owner';
COMMIT;
2 changes: 1 addition & 1 deletion atc/db/migration/migrations/1537196857_add_team_roles.up.sql
View file
@@ -1,3 +1,3 @@
BEGIN;
UPDATE teams SET auth=json_build_object('admin', auth::json);
UPDATE teams SET auth=json_build_object('owner', auth::json);
COMMIT;
2 changes: 1 addition & 1 deletion atc/db/team_factory_test.go
View file
Expand Up @@ -16,7 +16,7 @@ var _ = Describe("Team Factory", func() {
atcTeam = atc.Team{
Name: "some-team",
Auth: atc.TeamAuth{
"admin": {"users": []string{"local:username"}},
"owner": {"users": []string{"local:username"}},
},
}
})
Expand Down
4 changes: 2 additions & 2 deletions atc/db/team_test.go
View file
Expand Up @@ -726,7 +726,7 @@ var _ = Describe("Team", func() {

BeforeEach(func() {
authProvider = atc.TeamAuth{
"admin": {"users": []string{"local:username"}},
"owner": {"users": []string{"local:username"}},
}
})

Expand All @@ -746,7 +746,7 @@ var _ = Describe("Team", func() {
Expect(err).ToNot(HaveOccurred())

Expect(team.Auth()["viewer"]).To(Equal(viewer))
Expect(team.Auth()["admin"]).To(Equal(authProvider["admin"]))
Expect(team.Auth()["owner"]).To(Equal(authProvider["owner"]))
})

It("resets legacy_auth to NULL", func() {
Expand Down
20 changes: 10 additions & 10 deletions fly/integration/set_team_test.go
View file
Expand Up @@ -86,7 +86,7 @@ var _ = Describe("Fly CLI", func() {
cmdParams = []string{"--allow-all-users"}
confirmHandlers()
})
It("displays the default admin role", func() {
It("displays the default owner role", func() {

stdin, err := flyCmd.StdinPipe()
Expect(err).NotTo(HaveOccurred())
Expand All @@ -95,7 +95,7 @@ var _ = Describe("Fly CLI", func() {
Expect(err).ToNot(HaveOccurred())

Eventually(sess.Out).Should(gbytes.Say("Team Name: venture"))
Eventually(sess.Out).Should(gbytes.Say("Role: admin"))
Eventually(sess.Out).Should(gbytes.Say("Role: owner"))
Eventually(sess.Out).Should(gbytes.Say("Users:"))
Eventually(sess.Out).Should(gbytes.Say("- none"))
Eventually(sess.Out).Should(gbytes.Say("Groups:"))
Expand Down Expand Up @@ -123,7 +123,7 @@ var _ = Describe("Fly CLI", func() {
Expect(err).ToNot(HaveOccurred())

Eventually(sess.Out).Should(gbytes.Say("Team Name: venture"))
Eventually(sess.Out).Should(gbytes.Say("Role: admin"))
Eventually(sess.Out).Should(gbytes.Say("Role: owner"))
Eventually(sess.Out).Should(gbytes.Say("Users:"))
Eventually(sess.Out).Should(gbytes.Say("- none"))
Eventually(sess.Out).Should(gbytes.Say("Groups:"))
Expand Down Expand Up @@ -152,7 +152,7 @@ var _ = Describe("Fly CLI", func() {
Expect(err).ToNot(HaveOccurred())

Eventually(sess.Out).Should(gbytes.Say("Team Name: venture"))
Eventually(sess.Out).Should(gbytes.Say("Role: admin"))
Eventually(sess.Out).Should(gbytes.Say("Role: owner"))
Eventually(sess.Out).Should(gbytes.Say("Users:"))
Eventually(sess.Out).Should(gbytes.Say("- local:brock-samson"))
Eventually(sess.Out).Should(gbytes.Say("Groups:"))
Expand All @@ -178,7 +178,7 @@ var _ = Describe("Fly CLI", func() {
Expect(err).ToNot(HaveOccurred())

Eventually(sess.Out).Should(gbytes.Say("Team Name: venture"))
Eventually(sess.Out).Should(gbytes.Say("Role: admin"))
Eventually(sess.Out).Should(gbytes.Say("Role: owner"))
Eventually(sess.Out).Should(gbytes.Say("Users:"))
Eventually(sess.Out).Should(gbytes.Say("- local:brock-samson"))
Eventually(sess.Out).Should(gbytes.Say("Groups:"))
Expand All @@ -198,7 +198,7 @@ var _ = Describe("Fly CLI", func() {
Expect(err).ToNot(HaveOccurred())

Eventually(sess.Out).Should(gbytes.Say("Team Name: venture"))
Eventually(sess.Out).Should(gbytes.Say("Role: admin"))
Eventually(sess.Out).Should(gbytes.Say("Role: owner"))
Eventually(sess.Out).Should(gbytes.Say("Users:"))
Eventually(sess.Out).Should(gbytes.Say("- github:samsonite"))
Eventually(sess.Out).Should(gbytes.Say("Groups:"))
Expand All @@ -219,7 +219,7 @@ var _ = Describe("Fly CLI", func() {
Expect(err).ToNot(HaveOccurred())

Eventually(sess.Out).Should(gbytes.Say("Team Name: venture"))
Eventually(sess.Out).Should(gbytes.Say("Role: admin"))
Eventually(sess.Out).Should(gbytes.Say("Role: owner"))
Eventually(sess.Out).Should(gbytes.Say("Users:"))
Eventually(sess.Out).Should(gbytes.Say("- cf:my-username"))
Eventually(sess.Out).Should(gbytes.Say("Groups:"))
Expand All @@ -241,7 +241,7 @@ var _ = Describe("Fly CLI", func() {
Expect(err).ToNot(HaveOccurred())

Eventually(sess.Out).Should(gbytes.Say("Team Name: venture"))
Eventually(sess.Out).Should(gbytes.Say("Role: admin"))
Eventually(sess.Out).Should(gbytes.Say("Role: owner"))
Eventually(sess.Out).Should(gbytes.Say("Users:"))
Eventually(sess.Out).Should(gbytes.Say("- ldap:my-username"))
Eventually(sess.Out).Should(gbytes.Say("Groups:"))
Expand All @@ -263,7 +263,7 @@ var _ = Describe("Fly CLI", func() {
Expect(err).ToNot(HaveOccurred())

Eventually(sess.Out).Should(gbytes.Say("Team Name: venture"))
Eventually(sess.Out).Should(gbytes.Say("Role: admin"))
Eventually(sess.Out).Should(gbytes.Say("Role: owner"))
Eventually(sess.Out).Should(gbytes.Say("Users:"))
Eventually(sess.Out).Should(gbytes.Say("- none"))
Eventually(sess.Out).Should(gbytes.Say("Groups:"))
Expand Down Expand Up @@ -393,7 +393,7 @@ var _ = Describe("Fly CLI", func() {
ghttp.VerifyRequest("PUT", "/api/v1/teams/venture"),
ghttp.VerifyJSON(`{
"auth": {
"admin":{
"owner":{
"users": [
"local:brock-obama"
],
Expand Down
18 changes: 9 additions & 9 deletions fly/integration/teams_test.go
View file
Expand Up @@ -33,7 +33,7 @@ var _ = Describe("Fly CLI", func() {
ID: 1,
Name: "main",
Auth: atc.TeamAuth{
"admin": atc.TeamRole{
"owner": atc.TeamRole{
"groups": []string{},
"users": []string{},
},
Expand All @@ -43,7 +43,7 @@ var _ = Describe("Fly CLI", func() {
ID: 2,
Name: "a-team",
Auth: atc.TeamAuth{
"admin": atc.TeamRole{
"owner": atc.TeamRole{
"groups": []string{"github:github-org"},
"users": []string{},
},
Expand All @@ -63,7 +63,7 @@ var _ = Describe("Fly CLI", func() {
ID: 4,
Name: "c-team",
Auth: atc.TeamAuth{
"admin": atc.TeamRole{
"owner": atc.TeamRole{
"users": []string{"github:github-user"},
"groups": []string{"github:github-org"},
},
Expand Down Expand Up @@ -114,13 +114,13 @@ var _ = Describe("Fly CLI", func() {
{
"id": 1,
"name": "main",
"auth": { "admin":{"groups":[], "users":[]}}
"auth": { "owner":{"groups":[], "users":[]}}
},
{
"id": 2,
"name": "a-team",
"auth": {
"admin": {
"owner": {
"groups": ["github:github-org"],
"users": []
}
Expand All @@ -140,7 +140,7 @@ var _ = Describe("Fly CLI", func() {
"id": 4,
"name": "c-team",
"auth": {
"admin": {
"owner": {
"groups":["github:github-org"],
"users":["github:github-user"]
},
Expand Down Expand Up @@ -174,12 +174,12 @@ var _ = Describe("Fly CLI", func() {
{Contents: "auth", Color: color.New(color.Bold)},
},
Data: []ui.TableRow{
{{Contents: "a-team/admin"}, {Contents: "none"}, {Contents: "github:github-org"}},
{{Contents: "a-team/owner"}, {Contents: "none"}, {Contents: "github:github-org"}},
{{Contents: "b-team/member"}, {Contents: "github:github-user"}, {Contents: "none"}},
{{Contents: "c-team/admin"}, {Contents: "github:github-user"}, {Contents: "github:github-org"}},
{{Contents: "c-team/member"}, {Contents: "github:github-user"}, {Contents: "github:github-org"}},
{{Contents: "c-team/owner"}, {Contents: "github:github-user"}, {Contents: "github:github-org"}},
{{Contents: "c-team/viewer"}, {Contents: "github:github-user"}, {Contents: "github:github-org"}},
{{Contents: "main/admin"}, {Contents: "all"}, {Contents: "none"}},
{{Contents: "main/owner"}, {Contents: "all"}, {Contents: "none"}},
},
}))
})
Expand Down
2 changes: 1 addition & 1 deletion skymarshal/skycmd/flags.go
View file
Expand Up @@ -44,7 +44,7 @@ type AuthFlags struct {
}

type AuthTeamFlags struct {
TeamRole string `long:"role" description:"The role to assign to these users" choice:"admin" choice:"member" choice:"viewer" default:"admin"`
TeamRole string `long:"role" description:"The role to assign to these users" choice:"owner" choice:"member" choice:"viewer" default:"owner"`
LocalUsers []string `long:"local-user" description:"List of whitelisted local concourse users. These are the users you've added at atc startup with the --add-local-user flag." value-name:"USERNAME"`
AllowAllUsers bool `long:"allow-all-users" description:"Setting this flag will whitelist all logged in users in the system. ALL OF THEM. If, for example, you've configured GitHub, any user with a GitHub account will have access to your team."`
}
Expand Down

0 comments on commit 1fc286e

Please sign in to comment.