func getServiceByOwner(name string, u *auth.User) (service.Service, error) {
	s := service.Service{Name: name}
	err := s.Get()
	if err != nil {
		return s, &errors.HTTP{Code: http.StatusNotFound, Message: "Service not found"}
	}
	if !auth.CheckUserAccess(s.OwnerTeams, u) {
		msg := "This user does not have access to this service"
		return s, &errors.HTTP{Code: http.StatusForbidden, Message: msg}
	}
	return s, err
}
func (s *ProvisionSuite) TestRevokeServiceAccessFromTeamRemovesTeamFromService(c *gocheck.C) {
	t := &auth.Team{Name: "alle-da"}
	se := service.Service{Name: "my_service", Teams: []string{s.team.Name, t.Name}}
	err := se.Create()
	c.Assert(err, gocheck.IsNil)
	defer s.conn.Services().Remove(bson.M{"_id": se.Name})
	url := fmt.Sprintf("/services/%s/%s?:service=%s&:team=%s", se.Name, s.team.Name, se.Name, s.team.Name)
	request, err := http.NewRequest("DELETE", url, nil)
	c.Assert(err, gocheck.IsNil)
	recorder := httptest.NewRecorder()
	err = RevokeServiceAccessFromTeamHandler(recorder, request, s.token)
	c.Assert(err, gocheck.IsNil)
	err = se.Get()
	c.Assert(err, gocheck.IsNil)
	c.Assert(*s.team, gocheck.Not(HasAccessTo), se)
}
func (s *ProvisionSuite) TestGrantServiceAccessToTeam(c *gocheck.C) {
	t := &auth.Team{Name: "blaaaa"}
	s.conn.Teams().Insert(t)
	defer s.conn.Teams().Remove(bson.M{"name": t.Name})
	se := service.Service{Name: "my_service", Teams: []string{s.team.Name}}
	err := se.Create()
	c.Assert(err, gocheck.IsNil)
	defer s.conn.Services().Remove(bson.M{"_id": se.Name})
	url := fmt.Sprintf("/services/%s/%s?:service=%s&:team=%s", se.Name, t.Name, se.Name, t.Name)
	request, err := http.NewRequest("PUT", url, nil)
	c.Assert(err, gocheck.IsNil)
	recorder := httptest.NewRecorder()
	err = GrantServiceAccessToTeamHandler(recorder, request, s.token)
	c.Assert(err, gocheck.IsNil)
	err = se.Get()
	c.Assert(err, gocheck.IsNil)
	c.Assert(*s.team, HasAccessTo, se)
}
Beispiel #4
0
func (s *ProvisionSuite) TestRevokeServiceAccessFromTeamRemovesTeamFromService(c *gocheck.C) {
	t := &auth.Team{Name: "alle-da"}
	se := service.Service{Name: "my_service", Teams: []string{s.team.Name, t.Name}}
	err := se.Create()
	c.Assert(err, gocheck.IsNil)
	defer s.conn.Services().Remove(bson.M{"_id": se.Name})
	url := fmt.Sprintf("/services/%s/%s?:service=%s&:team=%s", se.Name, s.team.Name, se.Name, s.team.Name)
	request, err := http.NewRequest("DELETE", url, nil)
	c.Assert(err, gocheck.IsNil)
	recorder := httptest.NewRecorder()
	err = revokeServiceAccess(recorder, request, s.token)
	c.Assert(err, gocheck.IsNil)
	err = se.Get()
	c.Assert(err, gocheck.IsNil)
	c.Assert(*s.team, gocheck.Not(HasAccessTo), se)
	action := testing.Action{
		Action: "revoke-service-access",
		User:   s.user.Email,
		Extra:  []interface{}{"service=" + se.Name, "team=" + s.team.Name},
	}
	c.Assert(action, testing.IsRecorded)
}
Beispiel #5
0
func (s *ProvisionSuite) TestGrantServiceAccessToTeam(c *gocheck.C) {
	t := &auth.Team{Name: "blaaaa"}
	s.conn.Teams().Insert(t)
	defer s.conn.Teams().Remove(bson.M{"name": t.Name})
	se := service.Service{Name: "my_service", Teams: []string{s.team.Name}}
	err := se.Create()
	c.Assert(err, gocheck.IsNil)
	defer s.conn.Services().Remove(bson.M{"_id": se.Name})
	url := fmt.Sprintf("/services/%s/%s?:service=%s&:team=%s", se.Name, t.Name, se.Name, t.Name)
	request, err := http.NewRequest("PUT", url, nil)
	c.Assert(err, gocheck.IsNil)
	recorder := httptest.NewRecorder()
	err = grantServiceAccess(recorder, request, s.token)
	c.Assert(err, gocheck.IsNil)
	err = se.Get()
	c.Assert(err, gocheck.IsNil)
	c.Assert(*s.team, HasAccessTo, se)
	action := testing.Action{
		Action: "grant-service-access",
		User:   s.user.Email,
		Extra:  []interface{}{"service=" + se.Name, "team=" + t.Name},
	}
	c.Assert(action, testing.IsRecorded)
}