func (s *S) TestRemovePermissionsFromRole(c *check.C) { r, err := permission.NewRole("test", "team", "") c.Assert(err, check.IsNil) defer permission.DestroyRole(r.Name) err = r.AddPermissions("app.update") c.Assert(err, check.IsNil) rec := httptest.NewRecorder() req, err := http.NewRequest("DELETE", "/roles/test/permissions/app.update", nil) c.Assert(err, check.IsNil) token := userWithPermission(c, permission.Permission{ Scheme: permission.PermRoleUpdate, Context: permission.Context(permission.CtxGlobal, ""), }) req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Authorization", "bearer "+token.GetValue()) server := RunServer(true) server.ServeHTTP(rec, req) c.Assert(rec.Code, check.Equals, http.StatusOK) r, err = permission.FindRole("test") c.Assert(err, check.IsNil) c.Assert(r.SchemeNames, check.DeepEquals, []string{}) c.Assert(eventtest.EventDesc{ Target: event.Target{Type: event.TargetTypeRole, Value: "test"}, Owner: token.GetUserName(), Kind: "role.update.permission.remove", StartCustomData: []map[string]interface{}{ {"name": ":name", "value": "test"}, {"name": ":permission", "value": "app.update"}, }, }, eventtest.HasEvent) }
func (s *S) TestRemovePermissionsFromRoleSyncGitRepository(c *check.C) { r, err := permission.NewRole("test", "team") c.Assert(err, check.IsNil) defer permission.DestroyRole(r.Name) err = r.AddPermissions("app.deploy") c.Assert(err, check.IsNil) user := &auth.User{Email: "*****@*****.**", Password: "******"} _, err = nativeScheme.Create(user) c.Assert(err, check.IsNil) err = user.AddRole("test", s.team.Name) c.Assert(err, check.IsNil) a := app.App{Name: "myapp", TeamOwner: s.team.Name} err = app.CreateApp(&a, s.user) err = repository.Manager().GrantAccess(a.Name, user.Email) c.Assert(err, check.IsNil) rec := httptest.NewRecorder() req, err := http.NewRequest("DELETE", "/roles/test/permissions/app.deploy", nil) c.Assert(err, check.IsNil) token := userWithPermission(c, permission.Permission{ Scheme: permission.PermRoleUpdate, Context: permission.Context(permission.CtxGlobal, ""), }) req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Authorization", "bearer "+token.GetValue()) server := RunServer(true) server.ServeHTTP(rec, req) c.Assert(rec.Code, check.Equals, http.StatusOK) r, err = permission.FindRole("test") c.Assert(err, check.IsNil) c.Assert(r.SchemeNames, check.DeepEquals, []string{}) users, err := repositorytest.Granted(a.Name) c.Assert(err, check.IsNil) c.Assert(users, check.DeepEquals, []string{s.user.Email}) }
// title: remove role // path: /roles/{name} // method: DELETE // responses: // 200: Role removed // 401: Unauthorized // 404: Role not found func removeRole(w http.ResponseWriter, r *http.Request, t auth.Token) (err error) { r.ParseForm() if !permission.Check(t, permission.PermRoleDelete) { return permission.ErrUnauthorized } roleName := r.URL.Query().Get(":name") evt, err := event.New(&event.Opts{ Target: event.Target{Type: event.TargetTypeRole, Value: roleName}, Kind: permission.PermRoleDelete, Owner: t, CustomData: event.FormToCustomData(r.Form), Allowed: event.Allowed(permission.PermRoleReadEvents), }) if err != nil { return err } defer func() { evt.Done(err) }() err = auth.RemoveRoleFromAllUsers(roleName) if err != nil { return err } err = permission.DestroyRole(roleName) if err == permission.ErrRoleNotFound { return &errors.HTTP{Code: http.StatusNotFound, Message: err.Error()} } return err }
func removeRole(w http.ResponseWriter, r *http.Request, t auth.Token) error { defer r.Body.Close() b, err := ioutil.ReadAll(r.Body) if err != nil { return err } var params map[string]string err = json.Unmarshal(b, ¶ms) return permission.DestroyRole(params["name"]) }
func (s *S) TestAddPermissionsToARole(c *check.C) { r, err := permission.NewRole("test", "team") c.Assert(err, check.IsNil) defer permission.DestroyRole(r.Name) rec := httptest.NewRecorder() url := fmt.Sprintf("/role/%s/permissions?:name=%s", r.Name, r.Name) b := bytes.NewBufferString(`{"permissions": ["app.update"]}`) req, err := http.NewRequest("POST", url, b) c.Assert(err, check.IsNil) err = addPermissions(rec, req, nil) c.Assert(err, check.IsNil) }
func removeRole(w http.ResponseWriter, r *http.Request, t auth.Token) error { if !permission.Check(t, permission.PermRoleDelete) { return permission.ErrUnauthorized } err := permission.DestroyRole(r.URL.Query().Get(":name")) if err == permission.ErrRoleNotFound { return &errors.HTTP{Code: http.StatusNotFound, Message: err.Error()} } if err == nil { w.WriteHeader(http.StatusOK) } return err }
func removeRole(w http.ResponseWriter, r *http.Request, t auth.Token) error { if !permission.Check(t, permission.PermRoleDelete) { return permission.ErrUnauthorized } roleName := r.URL.Query().Get(":name") err := auth.RemoveRoleFromAllUsers(roleName) if err != nil { return err } err = permission.DestroyRole(roleName) if err == permission.ErrRoleNotFound { return &errors.HTTP{Code: http.StatusNotFound, Message: err.Error()} } return err }
func (s *S) TestAddRoleNameAlreadyExists(c *check.C) { _, err := permission.NewRole("ble", "global", "desc") c.Assert(err, check.IsNil) defer permission.DestroyRole("ble") b := bytes.NewBufferString("name=ble&context=global") req, err := http.NewRequest("POST", "/roles", b) c.Assert(err, check.IsNil) token := userWithPermission(c, permission.Permission{ Scheme: permission.PermRoleCreate, Context: permission.Context(permission.CtxGlobal, ""), }) req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Authorization", "bearer "+token.GetValue()) recorder := httptest.NewRecorder() server := RunServer(true) server.ServeHTTP(recorder, req) c.Assert(err, check.IsNil) c.Assert(recorder.Code, check.Equals, http.StatusConflict) c.Assert(recorder.Body.String(), check.Equals, permission.ErrRoleAlreadyExists.Error()+"\n") }
func (s *S) TestRemovePermissionsFromRole(c *check.C) { r, err := permission.NewRole("test", "team") c.Assert(err, check.IsNil) defer permission.DestroyRole(r.Name) err = r.AddPermissions("app.update") c.Assert(err, check.IsNil) rec := httptest.NewRecorder() req, err := http.NewRequest("DELETE", "/roles/test/permissions/app.update", nil) c.Assert(err, check.IsNil) token := userWithPermission(c, permission.Permission{ Scheme: permission.PermRoleUpdate, Context: permission.Context(permission.CtxGlobal, ""), }) req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Authorization", "bearer "+token.GetValue()) server := RunServer(true) server.ServeHTTP(rec, req) c.Assert(rec.Code, check.Equals, http.StatusOK) r, err = permission.FindRole("test") c.Assert(err, check.IsNil) c.Assert(r.SchemeNames, check.DeepEquals, []string{}) }