func (s *InstanceSuite) TestCreateServiceInstanceRestrictedService(c *check.C) {
var requests int32
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusNoContent)
atomic.AddInt32(&requests, 1)
}))
defer ts.Close()
err := auth.CreateTeam("painkiller", s.user)
c.Assert(err, check.IsNil)
defer s.conn.Teams().RemoveId("painkiller")
srv := Service{
Name: "mongodb",
Endpoint: map[string]string{"production": ts.URL},
IsRestricted: true,
Teams: []string{"painkiller"},
}
err = s.conn.Services().Insert(&srv)
c.Assert(err, check.IsNil)
defer s.conn.Services().RemoveId(srv.Name)
instance := &ServiceInstance{Name: "instance"}
err = CreateServiceInstance(*instance, &srv, s.user)
c.Assert(err, check.IsNil)
defer s.conn.ServiceInstances().Remove(bson.M{"name": "instance"})
instance, err = GetServiceInstance("instance", s.user)
c.Assert(err, check.IsNil)
c.Assert(instance.Teams, check.DeepEquals, []string{"painkiller"})
}
func createTeam(w http.ResponseWriter, r *http.Request, t auth.Token) error {
var params map[string]string
err := json.NewDecoder(r.Body).Decode(¶ms)
if err != nil {
return &errors.HTTP{Code: http.StatusBadRequest, Message: err.Error()}
}
allowed := permission.Check(t, permission.PermTeamCreate)
if !allowed {
return permission.ErrUnauthorized
}
name := params["name"]
u, err := t.User()
if err != nil {
return err
}
rec.Log(u.Email, "create-team", name)
err = auth.CreateTeam(name, u)
switch err {
case auth.ErrInvalidTeamName:
return &errors.HTTP{Code: http.StatusBadRequest, Message: err.Error()}
case auth.ErrTeamAlreadyExists:
return &errors.HTTP{Code: http.StatusConflict, Message: err.Error()}
}
return nil
}
func createTeam(w http.ResponseWriter, r *http.Request, t auth.Token) error {
allowed := permission.Check(t, permission.PermTeamCreate)
if !allowed {
return permission.ErrUnauthorized
}
name := r.FormValue("name")
u, err := t.User()
if err != nil {
return err
}
rec.Log(u.Email, "create-team", name)
err = auth.CreateTeam(name, u)
switch err {
case auth.ErrInvalidTeamName:
return &errors.HTTP{Code: http.StatusBadRequest, Message: err.Error()}
case auth.ErrTeamAlreadyExists:
return &errors.HTTP{Code: http.StatusConflict, Message: err.Error()}
}
if err == nil {
w.WriteHeader(http.StatusCreated)
}
return err
}
// title: team create
// path: /teams
// method: POST
// consume: application/x-www-form-urlencoded
// responses:
// 201: Team created
// 400: Invalid data
// 401: Unauthorized
// 409: Team already exists
func createTeam(w http.ResponseWriter, r *http.Request, t auth.Token) (err error) {
allowed := permission.Check(t, permission.PermTeamCreate)
if !allowed {
return permission.ErrUnauthorized
}
name := r.FormValue("name")
if name == "" {
return &errors.HTTP{Code: http.StatusBadRequest, Message: auth.ErrInvalidTeamName.Error()}
}
evt, err := event.New(&event.Opts{
Target: teamTarget(name),
Kind: permission.PermTeamCreate,
Owner: t,
CustomData: event.FormToCustomData(r.Form),
Allowed: event.Allowed(permission.PermTeamReadEvents, permission.Context(permission.CtxTeam, name)),
})
if err != nil {
return err
}
defer func() { evt.Done(err) }()
u, err := t.User()
if err != nil {
return err
}
err = auth.CreateTeam(name, u)
switch err {
case auth.ErrInvalidTeamName:
return &errors.HTTP{Code: http.StatusBadRequest, Message: err.Error()}
case auth.ErrTeamAlreadyExists:
return &errors.HTTP{Code: http.StatusConflict, Message: err.Error()}
}
if err == nil {
w.WriteHeader(http.StatusCreated)
}
return err
}
