func getServiceByOwner(name string, u *auth.User) (service.Service, error) {
s := service.Service{Name: name}
err := s.Get()
if err != nil {
return s, &errors.HTTP{Code: http.StatusNotFound, Message: "Service not found"}
}
if !auth.CheckUserAccess(s.OwnerTeams, u) {
msg := "This user does not have access to this service"
return s, &errors.HTTP{Code: http.StatusForbidden, Message: msg}
}
return s, err
}
func (s *ProvisionSuite) TestRevokeServiceAccessFromTeamRemovesTeamFromService(c *gocheck.C) {
t := &auth.Team{Name: "alle-da"}
se := service.Service{Name: "my_service", Teams: []string{s.team.Name, t.Name}}
err := se.Create()
c.Assert(err, gocheck.IsNil)
defer s.conn.Services().Remove(bson.M{"_id": se.Name})
url := fmt.Sprintf("/services/%s/%s?:service=%s&:team=%s", se.Name, s.team.Name, se.Name, s.team.Name)
request, err := http.NewRequest("DELETE", url, nil)
c.Assert(err, gocheck.IsNil)
recorder := httptest.NewRecorder()
err = RevokeServiceAccessFromTeamHandler(recorder, request, s.token)
c.Assert(err, gocheck.IsNil)
err = se.Get()
c.Assert(err, gocheck.IsNil)
c.Assert(*s.team, gocheck.Not(HasAccessTo), se)
}
func (s *ProvisionSuite) TestGrantServiceAccessToTeam(c *gocheck.C) {
t := &auth.Team{Name: "blaaaa"}
s.conn.Teams().Insert(t)
defer s.conn.Teams().Remove(bson.M{"name": t.Name})
se := service.Service{Name: "my_service", Teams: []string{s.team.Name}}
err := se.Create()
c.Assert(err, gocheck.IsNil)
defer s.conn.Services().Remove(bson.M{"_id": se.Name})
url := fmt.Sprintf("/services/%s/%s?:service=%s&:team=%s", se.Name, t.Name, se.Name, t.Name)
request, err := http.NewRequest("PUT", url, nil)
c.Assert(err, gocheck.IsNil)
recorder := httptest.NewRecorder()
err = GrantServiceAccessToTeamHandler(recorder, request, s.token)
c.Assert(err, gocheck.IsNil)
err = se.Get()
c.Assert(err, gocheck.IsNil)
c.Assert(*s.team, HasAccessTo, se)
}
func (s *ProvisionSuite) TestRevokeServiceAccessFromTeamRemovesTeamFromService(c *gocheck.C) {
t := &auth.Team{Name: "alle-da"}
se := service.Service{Name: "my_service", Teams: []string{s.team.Name, t.Name}}
err := se.Create()
c.Assert(err, gocheck.IsNil)
defer s.conn.Services().Remove(bson.M{"_id": se.Name})
url := fmt.Sprintf("/services/%s/%s?:service=%s&:team=%s", se.Name, s.team.Name, se.Name, s.team.Name)
request, err := http.NewRequest("DELETE", url, nil)
c.Assert(err, gocheck.IsNil)
recorder := httptest.NewRecorder()
err = revokeServiceAccess(recorder, request, s.token)
c.Assert(err, gocheck.IsNil)
err = se.Get()
c.Assert(err, gocheck.IsNil)
c.Assert(*s.team, gocheck.Not(HasAccessTo), se)
action := testing.Action{
Action: "revoke-service-access",
User: s.user.Email,
Extra: []interface{}{"service=" + se.Name, "team=" + s.team.Name},
}
c.Assert(action, testing.IsRecorded)
}
func (s *ProvisionSuite) TestGrantServiceAccessToTeam(c *gocheck.C) {
t := &auth.Team{Name: "blaaaa"}
s.conn.Teams().Insert(t)
defer s.conn.Teams().Remove(bson.M{"name": t.Name})
se := service.Service{Name: "my_service", Teams: []string{s.team.Name}}
err := se.Create()
c.Assert(err, gocheck.IsNil)
defer s.conn.Services().Remove(bson.M{"_id": se.Name})
url := fmt.Sprintf("/services/%s/%s?:service=%s&:team=%s", se.Name, t.Name, se.Name, t.Name)
request, err := http.NewRequest("PUT", url, nil)
c.Assert(err, gocheck.IsNil)
recorder := httptest.NewRecorder()
err = grantServiceAccess(recorder, request, s.token)
c.Assert(err, gocheck.IsNil)
err = se.Get()
c.Assert(err, gocheck.IsNil)
c.Assert(*s.team, HasAccessTo, se)
action := testing.Action{
Action: "grant-service-access",
User: s.user.Email,
Extra: []interface{}{"service=" + se.Name, "team=" + t.Name},
}
c.Assert(action, testing.IsRecorded)
}