func (*authSuite) TestCombineCapabilities(c *gc.C) {
h := testHandler{}
s := newTestServers(h, ACLMap{
"path-/bob": {
"GET": {"bob"},
},
"path-/alice": {
"GET": {"alice"},
},
})
defer s.Close()
bobCap := getCapability(c, s.idmSrv.Client("bob"), "GET", s.svc.URL+"/bob")
aliceCap := getCapability(c, s.idmSrv.Client("alice"), "GET", s.svc.URL+"/alice")
// We should be able to combine both capabilities into a single one.
bothCap := getCapability(c, httpbakery.NewClient(), "GET", s.svc.URL+"/bob?e=/alice", bobCap, aliceCap)
c.Logf("bothCap id %q", bothCap[0].Id())
// We should be able to use the new capability to act as both endpoints at once.
resp := doWithCapabilities(c, http.DefaultClient, "GET", s.svc.URL+"/bob?e=/alice", bothCap)
h.assertSuccess(c, resp, "GET", "/bob")
// We should also be able to use it to act on one of the entities only.
resp = doWithCapabilities(c, http.DefaultClient, "GET", s.svc.URL+"/alice", bothCap)
h.assertSuccess(c, resp, "GET", "/alice")
}
func main() {
content := NewContent()
authorizer := bakery.ACLAuthorizer{
AllowPublic: true,
GetACL: func(_ context.Context, op bakery.Op) ([]string, error) {
return content.GetACL(op.Entity, op.Action), nil
},
}
identity, err := idmclient.New(idmclient.NewParams{
BaseURL: "https://api.jujucharms.com/identity",
Client: httpbakery.NewClient(),
})
if err != nil {
log.Fatal(err)
}
handler := NewContentHandler(content)
err = http.ListenAndServe(":61234", authHandler(handler, authorizer, idmclientShim{identity}))
log.Fatal(err)
}