[ARVADOS] updated: d37d7308827b4cc64272b5cc71f2adc4faf895a3

git at public.curoverse.com git at public.curoverse.com
Mon Sep 21 14:56:48 EDT 2015 

Summary of changes:
 services/api/app/models/keep_service.rb     |  9 ++++++++
 services/api/test/unit/keep_service_test.rb | 32 ++++++++++++++++++++++++++---
 2 files changed, 38 insertions(+), 3 deletions(-)

       via  d37d7308827b4cc64272b5cc71f2adc4faf895a3 (commit)
      from  d1327f9456b561c059c18c76f63391728ce1780d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit d37d7308827b4cc64272b5cc71f2adc4faf895a3
Author: Brett Smith <brett at curoverse.com>
Date:   Mon Sep 21 14:56:43 2015 -0400

    API server limits KeepService changes to admins.
    
    Taking the same security policy that applies to disks and applying
    them to services as well.  No issue #.

diff --git a/services/api/app/models/keep_service.rb b/services/api/app/models/keep_service.rb
index 6854ed2..5805529 100644
--- a/services/api/app/models/keep_service.rb
+++ b/services/api/app/models/keep_service.rb
@@ -13,4 +13,13 @@ class KeepService < ArvadosModel
   api_accessible :superuser, :extend => :user do |t|
   end
 
+  protected
+
+  def permission_to_create
+    current_user.andand.is_admin
+  end
+
+  def permission_to_update
+    current_user.andand.is_admin
+  end
 end
diff --git a/services/api/test/unit/keep_service_test.rb b/services/api/test/unit/keep_service_test.rb
index 72c4f8e..8ca8c52 100644
--- a/services/api/test/unit/keep_service_test.rb
+++ b/services/api/test/unit/keep_service_test.rb
@@ -1,7 +1,33 @@
 require 'test_helper'
 
 class KeepServiceTest < ActiveSupport::TestCase
-  # test "the truth" do
-  #   assert true
-  # end
+  test "non-admins cannot create services" do
+    set_user_from_auth :active
+    ks = KeepService.new
+    assert_not_allowed do
+      ks.save
+    end
+  end
+
+  test "non-admins cannot update services" do
+    set_user_from_auth :active
+    ks = keep_services(:proxy)
+    ks.service_port = 64434
+    assert_not_allowed do
+      ks.save
+    end
+  end
+
+  test "admins can create services" do
+    set_user_from_auth :admin
+    ks = KeepService.new
+    assert(ks.save, "saving new service failed")
+  end
+
+  test "admins can update services" do
+    set_user_from_auth :admin
+    ks = keep_services(:proxy)
+    ks.service_port = 64434
+    assert(ks.save, "saving updated service failed")
+  end
 end

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list