[ARVADOS] updated: 848940a94d956c26297164cd6c7a51785db82726

git at public.curoverse.com git at public.curoverse.com
Thu Feb 13 11:02:17 EST 2014 

Summary of changes:
 .../v1/api_client_authorizations_controller.rb     |    1 +
 .../api_client_authorizations_controller_test.rb   |   18 ++++++++++++++++++
 .../api_client_authorizations_api_test.rb          |   11 +++++++++++
 3 files changed, 30 insertions(+), 0 deletions(-)
 create mode 100644 services/api/test/integration/api_client_authorizations_api_test.rb

       via  848940a94d956c26297164cd6c7a51785db82726 (commit)
      from  430d4da65c609d1fde6e3cd428e7591b58cfd9e9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 848940a94d956c26297164cd6c7a51785db82726
Author: Tom Clegg <tom at curoverse.com>
Date:   Thu Feb 13 08:01:57 2014 -0800

    Fix 404 at api_client_authorizations.create_system_auth and add tests.

diff --git a/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb b/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb
index 65a3e00..10a0098 100644
--- a/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb
+++ b/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb
@@ -2,6 +2,7 @@ class Arvados::V1::ApiClientAuthorizationsController < ApplicationController
   accept_attribute_as_json :scopes, Array
   before_filter :current_api_client_is_trusted
   before_filter :admin_required, :only => :create_system_auth
+  skip_before_filter :render_404_if_no_object, :only => :create_system_auth
 
   def self._create_system_auth_requires_parameters
     {
diff --git a/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb b/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb
index c63f40f..cbb0096 100644
--- a/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb
@@ -20,4 +20,22 @@ class Arvados::V1::ApiClientAuthorizationsControllerTest < ActionController::Tes
     assert_response 403
   end
 
+  test "create system auth" do
+    authorize_with :admin_trustedclient
+    post :create_system_auth, scopes: '["test"]'
+    assert_response :success
+  end
+
+  test "prohibit create system auth with token from non-trusted client" do
+    authorize_with :admin
+    post :create_system_auth, scopes: '["test"]'
+    assert_response 403
+  end
+
+  test "prohibit create system auth by non-admin" do
+    authorize_with :active
+    post :create_system_auth, scopes: '["test"]'
+    assert_response 403
+  end
+
 end
diff --git a/services/api/test/integration/api_client_authorizations_api_test.rb b/services/api/test/integration/api_client_authorizations_api_test.rb
new file mode 100644
index 0000000..5c3c0dd
--- /dev/null
+++ b/services/api/test/integration/api_client_authorizations_api_test.rb
@@ -0,0 +1,11 @@
+require 'test_helper'
+
+class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest
+  fixtures :all
+
+  test "create system auth" do
+    post "/arvados/v1/api_client_authorizations/create_system_auth", {:format => :json, :scopes => ['test'].to_json}, {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin_trustedclient).api_token}"}
+    assert_response :success
+  end
+
+end

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list