Merge pull request #2121 from nwt/delete-action

Change DELETE action from "*" to "delete"
This commit is contained in:
Derek McGowan 2017-01-09 12:34:23 -08:00 committed by GitHub
commit 2bc4a9459c
3 changed files with 25 additions and 6 deletions

View file

@ -454,6 +454,27 @@ func TestAccessController(t *testing.T) {
if userInfo.Name != "foo" {
t.Fatalf("expected user name %q, got %q", "foo", userInfo.Name)
}
// 5. Supply a token with full admin rights, which is represented as "*".
token, err = makeTestToken(
issuer, service,
[]*ResourceActions{{
Type: testAccess.Type,
Name: testAccess.Name,
Actions: []string{"*"},
}},
rootKeys[0], 1, time.Now(), time.Now().Add(5*time.Minute),
)
if err != nil {
t.Fatal(err)
}
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.compactRaw()))
_, err = accessController.Authorized(ctx, testAccess)
if err != nil {
t.Fatalf("accessController returned unexpected error: %s", err)
}
}
// This tests that newAccessController can handle PEM blocks in the certificate

View file

@ -901,12 +901,10 @@ func appendAccessRecords(records []auth.Access, method string, repo string) []au
Action: "push",
})
case "DELETE":
// DELETE access requires full admin rights, which is represented
// as "*". This may not be ideal.
records = append(records,
auth.Access{
Resource: resource,
Action: "*",
Action: "delete",
})
}
return records

View file

@ -229,9 +229,9 @@ func TestAppendAccessRecords(t *testing.T) {
Resource: expectedResource,
Action: "push",
}
expectedAllRecord := auth.Access{
expectedDeleteRecord := auth.Access{
Resource: expectedResource,
Action: "*",
Action: "delete",
}
records := []auth.Access{}
@ -271,7 +271,7 @@ func TestAppendAccessRecords(t *testing.T) {
records = []auth.Access{}
result = appendAccessRecords(records, "DELETE", repo)
expectedResult = []auth.Access{expectedAllRecord}
expectedResult = []auth.Access{expectedDeleteRecord}
if ok := reflect.DeepEqual(result, expectedResult); !ok {
t.Fatalf("Actual access record differs from expected")
}