Esempio n. 1
0
func (*authSuite) TestCombineCapabilities(c *gc.C) {
	h := testHandler{}
	s := newTestServers(h, ACLMap{
		"path-/bob": {
			"GET": {"bob"},
		},
		"path-/alice": {
			"GET": {"alice"},
		},
	})
	defer s.Close()
	bobCap := getCapability(c, s.idmSrv.Client("bob"), "GET", s.svc.URL+"/bob")
	aliceCap := getCapability(c, s.idmSrv.Client("alice"), "GET", s.svc.URL+"/alice")

	// We should be able to combine both capabilities into a single one.
	bothCap := getCapability(c, httpbakery.NewClient(), "GET", s.svc.URL+"/bob?e=/alice", bobCap, aliceCap)

	c.Logf("bothCap id %q", bothCap[0].Id())

	// We should be able to use the new capability to act as both endpoints at once.
	resp := doWithCapabilities(c, http.DefaultClient, "GET", s.svc.URL+"/bob?e=/alice", bothCap)
	h.assertSuccess(c, resp, "GET", "/bob")

	// We should also be able to use it to act on one of the entities only.
	resp = doWithCapabilities(c, http.DefaultClient, "GET", s.svc.URL+"/alice", bothCap)
	h.assertSuccess(c, resp, "GET", "/alice")
}
Esempio n. 2
0
func main() {
	content := NewContent()
	authorizer := bakery.ACLAuthorizer{
		AllowPublic: true,
		GetACL: func(_ context.Context, op bakery.Op) ([]string, error) {
			return content.GetACL(op.Entity, op.Action), nil
		},
	}
	identity, err := idmclient.New(idmclient.NewParams{
		BaseURL: "https://api.jujucharms.com/identity",
		Client:  httpbakery.NewClient(),
	})
	if err != nil {
		log.Fatal(err)
	}
	handler := NewContentHandler(content)
	err = http.ListenAndServe(":61234", authHandler(handler, authorizer, idmclientShim{identity}))
	log.Fatal(err)
}