func (s *S) TestRemovePermissionsFromRole(c *check.C) {
r, err := permission.NewRole("test", "team", "")
c.Assert(err, check.IsNil)
defer permission.DestroyRole(r.Name)
err = r.AddPermissions("app.update")
c.Assert(err, check.IsNil)
rec := httptest.NewRecorder()
req, err := http.NewRequest("DELETE", "/roles/test/permissions/app.update", nil)
c.Assert(err, check.IsNil)
token := userWithPermission(c, permission.Permission{
Scheme: permission.PermRoleUpdate,
Context: permission.Context(permission.CtxGlobal, ""),
})
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Authorization", "bearer "+token.GetValue())
server := RunServer(true)
server.ServeHTTP(rec, req)
c.Assert(rec.Code, check.Equals, http.StatusOK)
r, err = permission.FindRole("test")
c.Assert(err, check.IsNil)
c.Assert(r.SchemeNames, check.DeepEquals, []string{})
c.Assert(eventtest.EventDesc{
Target: event.Target{Type: event.TargetTypeRole, Value: "test"},
Owner: token.GetUserName(),
Kind: "role.update.permission.remove",
StartCustomData: []map[string]interface{}{
{"name": ":name", "value": "test"},
{"name": ":permission", "value": "app.update"},
},
}, eventtest.HasEvent)
}
func (s *S) TestRemovePermissionsFromRoleSyncGitRepository(c *check.C) {
r, err := permission.NewRole("test", "team")
c.Assert(err, check.IsNil)
defer permission.DestroyRole(r.Name)
err = r.AddPermissions("app.deploy")
c.Assert(err, check.IsNil)
user := &auth.User{Email: "*****@*****.**", Password: "******"}
_, err = nativeScheme.Create(user)
c.Assert(err, check.IsNil)
err = user.AddRole("test", s.team.Name)
c.Assert(err, check.IsNil)
a := app.App{Name: "myapp", TeamOwner: s.team.Name}
err = app.CreateApp(&a, s.user)
err = repository.Manager().GrantAccess(a.Name, user.Email)
c.Assert(err, check.IsNil)
rec := httptest.NewRecorder()
req, err := http.NewRequest("DELETE", "/roles/test/permissions/app.deploy", nil)
c.Assert(err, check.IsNil)
token := userWithPermission(c, permission.Permission{
Scheme: permission.PermRoleUpdate,
Context: permission.Context(permission.CtxGlobal, ""),
})
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Authorization", "bearer "+token.GetValue())
server := RunServer(true)
server.ServeHTTP(rec, req)
c.Assert(rec.Code, check.Equals, http.StatusOK)
r, err = permission.FindRole("test")
c.Assert(err, check.IsNil)
c.Assert(r.SchemeNames, check.DeepEquals, []string{})
users, err := repositorytest.Granted(a.Name)
c.Assert(err, check.IsNil)
c.Assert(users, check.DeepEquals, []string{s.user.Email})
}
// title: remove role
// path: /roles/{name}
// method: DELETE
// responses:
// 200: Role removed
// 401: Unauthorized
// 404: Role not found
func removeRole(w http.ResponseWriter, r *http.Request, t auth.Token) (err error) {
r.ParseForm()
if !permission.Check(t, permission.PermRoleDelete) {
return permission.ErrUnauthorized
}
roleName := r.URL.Query().Get(":name")
evt, err := event.New(&event.Opts{
Target: event.Target{Type: event.TargetTypeRole, Value: roleName},
Kind: permission.PermRoleDelete,
Owner: t,
CustomData: event.FormToCustomData(r.Form),
Allowed: event.Allowed(permission.PermRoleReadEvents),
})
if err != nil {
return err
}
defer func() { evt.Done(err) }()
err = auth.RemoveRoleFromAllUsers(roleName)
if err != nil {
return err
}
err = permission.DestroyRole(roleName)
if err == permission.ErrRoleNotFound {
return &errors.HTTP{Code: http.StatusNotFound, Message: err.Error()}
}
return err
}
func removeRole(w http.ResponseWriter, r *http.Request, t auth.Token) error {
defer r.Body.Close()
b, err := ioutil.ReadAll(r.Body)
if err != nil {
return err
}
var params map[string]string
err = json.Unmarshal(b, ¶ms)
return permission.DestroyRole(params["name"])
}
func (s *S) TestAddPermissionsToARole(c *check.C) {
r, err := permission.NewRole("test", "team")
c.Assert(err, check.IsNil)
defer permission.DestroyRole(r.Name)
rec := httptest.NewRecorder()
url := fmt.Sprintf("/role/%s/permissions?:name=%s", r.Name, r.Name)
b := bytes.NewBufferString(`{"permissions": ["app.update"]}`)
req, err := http.NewRequest("POST", url, b)
c.Assert(err, check.IsNil)
err = addPermissions(rec, req, nil)
c.Assert(err, check.IsNil)
}
func removeRole(w http.ResponseWriter, r *http.Request, t auth.Token) error {
if !permission.Check(t, permission.PermRoleDelete) {
return permission.ErrUnauthorized
}
err := permission.DestroyRole(r.URL.Query().Get(":name"))
if err == permission.ErrRoleNotFound {
return &errors.HTTP{Code: http.StatusNotFound, Message: err.Error()}
}
if err == nil {
w.WriteHeader(http.StatusOK)
}
return err
}
func removeRole(w http.ResponseWriter, r *http.Request, t auth.Token) error {
if !permission.Check(t, permission.PermRoleDelete) {
return permission.ErrUnauthorized
}
roleName := r.URL.Query().Get(":name")
err := auth.RemoveRoleFromAllUsers(roleName)
if err != nil {
return err
}
err = permission.DestroyRole(roleName)
if err == permission.ErrRoleNotFound {
return &errors.HTTP{Code: http.StatusNotFound, Message: err.Error()}
}
return err
}
func (s *S) TestAddRoleNameAlreadyExists(c *check.C) {
_, err := permission.NewRole("ble", "global", "desc")
c.Assert(err, check.IsNil)
defer permission.DestroyRole("ble")
b := bytes.NewBufferString("name=ble&context=global")
req, err := http.NewRequest("POST", "/roles", b)
c.Assert(err, check.IsNil)
token := userWithPermission(c, permission.Permission{
Scheme: permission.PermRoleCreate,
Context: permission.Context(permission.CtxGlobal, ""),
})
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Authorization", "bearer "+token.GetValue())
recorder := httptest.NewRecorder()
server := RunServer(true)
server.ServeHTTP(recorder, req)
c.Assert(err, check.IsNil)
c.Assert(recorder.Code, check.Equals, http.StatusConflict)
c.Assert(recorder.Body.String(), check.Equals, permission.ErrRoleAlreadyExists.Error()+"\n")
}
func (s *S) TestRemovePermissionsFromRole(c *check.C) {
r, err := permission.NewRole("test", "team")
c.Assert(err, check.IsNil)
defer permission.DestroyRole(r.Name)
err = r.AddPermissions("app.update")
c.Assert(err, check.IsNil)
rec := httptest.NewRecorder()
req, err := http.NewRequest("DELETE", "/roles/test/permissions/app.update", nil)
c.Assert(err, check.IsNil)
token := userWithPermission(c, permission.Permission{
Scheme: permission.PermRoleUpdate,
Context: permission.Context(permission.CtxGlobal, ""),
})
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Authorization", "bearer "+token.GetValue())
server := RunServer(true)
server.ServeHTTP(rec, req)
c.Assert(rec.Code, check.Equals, http.StatusOK)
r, err = permission.FindRole("test")
c.Assert(err, check.IsNil)
c.Assert(r.SchemeNames, check.DeepEquals, []string{})
}
