Example #1
0
func (s *S) TestAppInfoNotMember(c *C) {
	alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"}
	alice.Create()
	t := account.Team{Name: "example"}
	t.Create(alice)
	app.Create(alice, t)

	defer func() {
		ap, _ := s.store.FindAppByClientId(app.ClientId)
		s.store.DeleteApp(ap)
		s.store.DeleteTeamByAlias(t.Alias)
		alice.Delete()
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusForbidden,
		Method:         "GET",
		Path:           fmt.Sprintf("/api/apps/%s", app.ClientId),
		Headers:        http.Header{"Authorization": {s.authHeader}},
	})

	c.Assert(code, Equals, http.StatusForbidden)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"error":"access_denied","error_description":"You do not belong to this team!"}`)
}
Example #2
0
func (s *S) TestUpdateServiceNotMember(c *C) {
	alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"}
	alice.Create()
	t := account.Team{Name: "example"}
	t.Create(alice)
	service.Create(alice, t)
	defer func() {
		serv, _ := s.store.FindServiceBySubdomain(service.Subdomain)
		s.store.DeleteService(serv)
		s.store.DeleteTeamByAlias(t.Alias)
		alice.Delete()
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusOK,
		Method:         "PUT",
		Path:           fmt.Sprintf("/api/services/%s", service.Subdomain),
		Body:           `{}`,
		Headers:        http.Header{"Authorization": {s.authHeader}},
	})

	c.Assert(code, Equals, http.StatusForbidden)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"error":"access_denied","error_description":"You do not belong to this team!"}`)
}
Example #3
0
func (s *S) TestRemoveUserWithoutSignIn(c *C) {
	team := account.Team{Name: "Backstage Team", Alias: "backstage"}
	team.Create(user)
	defer func() {
		s.store.DeleteTeamByAlias(team.Alias)
	}()

	testWithoutSignIn(requests.Args{
		AcceptableCode: http.StatusUnauthorized,
		Method:         "DELETE",
		Path:           fmt.Sprintf("/api/teams/%s/users", team.Alias),
		Body:           `{"users": ["*****@*****.**"]}`},
		c)
}
Example #4
0
func (api *Api) teamCreate(rw http.ResponseWriter, r *http.Request, user *account.User) {
	team := account.Team{}
	if err := json.NewDecoder(r.Body).Decode(&team); err != nil {
		handleError(rw, errors.ErrBadRequest)
		return
	}

	if err := team.Create(*user); err != nil {
		handleError(rw, err)
		return
	}

	Created(rw, team)
}
Example #5
0
func (s *S) TestDeleteTeam(c *C) {
	team := account.Team{Name: "Backstage Team", Alias: "backstage"}
	team.Create(user)

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusOK,
		Method:         "DELETE",
		Path:           fmt.Sprintf("/api/teams/%s", team.Alias),
		Headers:        http.Header{"Authorization": {s.authHeader}},
	})

	c.Assert(code, Equals, http.StatusOK)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, fmt.Sprintf(`{"name":"%s","alias":"%s","users":["%s"],"owner":"%s"}`, team.Name, team.Alias, user.Email, user.Email))
}
Example #6
0
func (s *S) TestCreateTeamWhenAlreadyExists(c *C) {
	team := account.Team{Name: "Backstage Team", Alias: "backstage"}
	team.Create(user)

	defer func() {
		s.store.DeleteTeamByAlias(team.Alias)
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusBadRequest,
		Method:         "POST",
		Path:           "/api/teams",
		Body:           fmt.Sprintf(`{"name": "Backstage Team", "alias": "%s"}`, team.Alias),
		Headers:        http.Header{"Authorization": {s.authHeader}},
	})

	c.Assert(code, Equals, http.StatusBadRequest)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"error":"bad_request","error_description":"Someone already has that team alias. Could you try another?"}`)

}
Example #7
0
func (s *S) TestTeamInfoWithoutPermission(c *C) {
	alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"}
	alice.Create()
	defer alice.Delete()

	team := account.Team{Name: "Backstage Team", Alias: "backstage"}
	team.Create(alice)
	defer func() {
		s.store.DeleteTeamByAlias(team.Alias)
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusForbidden,
		Method:         "GET",
		Path:           fmt.Sprintf("/api/teams/%s", team.Alias),
		Headers:        http.Header{"Authorization": {s.authHeader}},
	})

	c.Assert(code, Equals, http.StatusForbidden)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"error":"access_denied","error_description":"You do not belong to this team!"}`)
}
Example #8
0
func (s *S) TestRemoveUser(c *C) {
	alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"}
	alice.Create()
	defer alice.Delete()

	team := account.Team{Name: "Backstage Team", Alias: "backstage", Users: []string{alice.Email}}
	team.Create(user)
	defer func() {
		s.store.DeleteTeamByAlias(team.Alias)
	}()

	headers, code, body, _ := httpClient.MakeRequest(requests.Args{
		AcceptableCode: http.StatusOK,
		Method:         "DELETE",
		Path:           fmt.Sprintf("/api/teams/%s/users", team.Alias),
		Headers:        http.Header{"Authorization": {s.authHeader}},
		Body:           fmt.Sprintf(`{"users": ["%s"]}`, alice.Email),
	})

	c.Assert(code, Equals, http.StatusOK)
	c.Assert(headers.Get("Content-Type"), Equals, "application/json")
	c.Assert(string(body), Equals, `{"name":"Backstage Team","alias":"backstage","users":["*****@*****.**"],"owner":"*****@*****.**"}`)
}