Merge pull request #2121 from nwt/delete-action

Change DELETE action from "*" to "delete"
This commit is contained in:
Derek McGowan 2017-01-09 12:34:23 -08:00 committed by GitHub
commit 2bc4a9459c
3 changed files with 25 additions and 6 deletions

View file

@ -454,6 +454,27 @@ func TestAccessController(t *testing.T) {
if userInfo.Name != "foo" { if userInfo.Name != "foo" {
t.Fatalf("expected user name %q, got %q", "foo", userInfo.Name) t.Fatalf("expected user name %q, got %q", "foo", userInfo.Name)
} }
// 5. Supply a token with full admin rights, which is represented as "*".
token, err = makeTestToken(
issuer, service,
[]*ResourceActions{{
Type: testAccess.Type,
Name: testAccess.Name,
Actions: []string{"*"},
}},
rootKeys[0], 1, time.Now(), time.Now().Add(5*time.Minute),
)
if err != nil {
t.Fatal(err)
}
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.compactRaw()))
_, err = accessController.Authorized(ctx, testAccess)
if err != nil {
t.Fatalf("accessController returned unexpected error: %s", err)
}
} }
// This tests that newAccessController can handle PEM blocks in the certificate // This tests that newAccessController can handle PEM blocks in the certificate

View file

@ -901,12 +901,10 @@ func appendAccessRecords(records []auth.Access, method string, repo string) []au
Action: "push", Action: "push",
}) })
case "DELETE": case "DELETE":
// DELETE access requires full admin rights, which is represented
// as "*". This may not be ideal.
records = append(records, records = append(records,
auth.Access{ auth.Access{
Resource: resource, Resource: resource,
Action: "*", Action: "delete",
}) })
} }
return records return records

View file

@ -229,9 +229,9 @@ func TestAppendAccessRecords(t *testing.T) {
Resource: expectedResource, Resource: expectedResource,
Action: "push", Action: "push",
} }
expectedAllRecord := auth.Access{ expectedDeleteRecord := auth.Access{
Resource: expectedResource, Resource: expectedResource,
Action: "*", Action: "delete",
} }
records := []auth.Access{} records := []auth.Access{}
@ -271,7 +271,7 @@ func TestAppendAccessRecords(t *testing.T) {
records = []auth.Access{} records = []auth.Access{}
result = appendAccessRecords(records, "DELETE", repo) result = appendAccessRecords(records, "DELETE", repo)
expectedResult = []auth.Access{expectedAllRecord} expectedResult = []auth.Access{expectedDeleteRecord}
if ok := reflect.DeepEqual(result, expectedResult); !ok { if ok := reflect.DeepEqual(result, expectedResult); !ok {
t.Fatalf("Actual access record differs from expected") t.Fatalf("Actual access record differs from expected")
} }