func getServiceOrError(name string, u *auth.User) (service.Service, error) { s := service.Service{Name: name} err := s.Get() if err != nil { return s, &errors.Http{Code: http.StatusNotFound, Message: "Service not found"} } if !auth.CheckUserAccess(s.OwnerTeams, u) { msg := "This user does not have access to this service" return s, &errors.Http{Code: http.StatusForbidden, Message: msg} } return s, err }
func (s *S) TestRevokeAccessFromTeamRemovesTeamFromService(c *C) { t := &auth.Team{Name: "alle-da"} se := service.Service{Name: "my_service", Teams: []string{s.team.Name, t.Name}} err := se.Create() c.Assert(err, IsNil) defer db.Session.Services().Remove(bson.M{"_id": se.Name}) url := fmt.Sprintf("/services/%s/%s?:service=%s&:team=%s", se.Name, s.team.Name, se.Name, s.team.Name) request, err := http.NewRequest("DELETE", url, nil) c.Assert(err, IsNil) recorder := httptest.NewRecorder() err = RevokeAccessFromTeamHandler(recorder, request, s.user) c.Assert(err, IsNil) err = se.Get() c.Assert(err, IsNil) c.Assert(*s.team, Not(HasAccessTo), se) }
func (s *S) TestGrantAccessToTeam(c *C) { t := &auth.Team{Name: "blaaaa"} db.Session.Teams().Insert(t) defer db.Session.Teams().Remove(bson.M{"name": t.Name}) se := service.Service{Name: "my_service", Teams: []string{s.team.Name}} err := se.Create() c.Assert(err, IsNil) defer db.Session.Services().Remove(bson.M{"_id": se.Name}) url := fmt.Sprintf("/services/%s/%s?:service=%s&:team=%s", se.Name, t.Name, se.Name, t.Name) request, err := http.NewRequest("PUT", url, nil) c.Assert(err, IsNil) recorder := httptest.NewRecorder() err = GrantAccessToTeamHandler(recorder, request, s.user) c.Assert(err, IsNil) err = se.Get() c.Assert(err, IsNil) c.Assert(*s.team, HasAccessTo, se) }