Allow space application supporter to get and list deployments

Co-authored-by: Philipp Thun <[email protected]>
cloudfoundry · Jun 10, 2021 · 3bf5b24 · 3bf5b24
1 parent 83913d2
commit 3bf5b24
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 17 deletions.
diff --git a/app/controllers/v3/deployments_controller.rb b/app/controllers/v3/deployments_controller.rb
@@ -15,7 +15,7 @@ def index
     dataset = if permission_queryer.can_read_globally?
                 DeploymentListFetcher.fetch_all(message)
               else
-                DeploymentListFetcher.fetch_for_spaces(message, space_guids: permission_queryer.readable_space_guids)
+                DeploymentListFetcher.fetch_for_spaces(message, space_guids: permission_queryer.readable_application_supporter_space_guids)
               end
 
     render status: :ok, json: Presenters::V3::PaginatedListPresenter.new(
@@ -73,7 +73,7 @@ def show
     deployment = DeploymentModel.find(guid: hashed_params[:guid])
 
     resource_not_found!(:deployment) unless deployment &&
-      permission_queryer.can_read_from_space?(deployment.app.space.guid, deployment.app.space.organization.guid)
+      permission_queryer.untrusted_can_read_from_space?(deployment.app.space.guid, deployment.app.space.organization.guid)
 
     render status: :ok, json: Presenters::V3::DeploymentPresenter.new(deployment)
   end

diff --git a/docs/v3/source/includes/resources/deployments/_get.md.erb b/docs/v3/source/includes/resources/deployments/_get.md.erb
@@ -25,7 +25,7 @@ Content-Type: application/json
 `GET /v3/deployments/:guid`
 
 #### Permitted roles
- |
+ Roles | Notes
 --- | ---
 Admin |
 Admin Read-Only |
@@ -34,3 +34,4 @@ Org Manager |
 Space Auditor |
 Space Developer |
 Space Manager |
+Space Application Supporter | Experimental |
diff --git a/docs/v3/source/includes/resources/deployments/_list.md.erb b/docs/v3/source/includes/resources/deployments/_list.md.erb
@@ -42,7 +42,7 @@ Name | Type | Description
 **updated_ats** (*experimental*)| _[timestamp](#timestamps)_ | Timestamp to filter by. When filtering on equality, several comma-delimited timestamps may be passed. Also supports filtering with [relational operators](#relational-operators-experimental)
 
 #### Permitted roles
- |
+ Roles | Notes
 --- | ---
 Admin |
 Admin Read-Only |
@@ -52,3 +52,4 @@ Org Manager |
 Space Auditor |
 Space Developer |
 Space Manager |
+Space Application Supporter | Experimental |
diff --git a/spec/request/deployments_spec.rb b/spec/request/deployments_spec.rb
@@ -854,19 +854,15 @@
 
   describe 'GET /v3/deployments/:guid' do
     let(:old_droplet) { VCAP::CloudController::DropletModel.make }
-
-    it 'should get and display the deployment' do
-      deployment = VCAP::CloudController::DeploymentModelTestFactory.make(
+    let(:deployment) {
+      VCAP::CloudController::DeploymentModelTestFactory.make(
         app: app_model,
         droplet: droplet,
         previous_droplet: old_droplet
       )
-
-      get "/v3/deployments/#{deployment.guid}", nil, user_header
-      expect(last_response.status).to eq(200)
-
-      parsed_response = MultiJson.load(last_response.body)
-      expect(parsed_response).to be_a_response_like({
+    }
+    let(:expected_response) {
+      {
         'guid' => deployment.guid,
         'status' => {
           'value' => VCAP::CloudController::DeploymentModel::ACTIVE_STATUS_VALUE,
@@ -909,7 +905,27 @@
             'method' => 'POST'
           }
         }
-      })
+      }
+    }
+
+    it 'should get and display the deployment' do
+      get "/v3/deployments/#{deployment.guid}", nil, user_header
+      expect(last_response.status).to eq(200)
+
+      parsed_response = MultiJson.load(last_response.body)
+      expect(parsed_response).to be_a_response_like(expected_response)
+    end
+
+    context 'as a SpaceApplicationSupporter' do
+      let(:user) { make_application_supporter_for_space(space) }
+
+      it 'should get and display the deployment' do
+        get "/v3/deployments/#{deployment.guid}", nil, user_header
+        expect(last_response.status).to eq(200)
+
+        parsed_response = MultiJson.load(last_response.body)
+        expect(parsed_response).to be_a_response_like(expected_response)
+      end
     end
   end
 
@@ -1097,7 +1113,7 @@ def json_for_deployment(deployment, app_model, droplet, status_value, status_rea
             h.freeze
           end
 
-          it_behaves_like 'permissions for list endpoint', ALL_PERMISSIONS
+          it_behaves_like 'permissions for list endpoint', ALL_PERMISSIONS + ['space_application_supporter']
 
           context 'pagination' do
             let(:pagination_hsh) do
@@ -1146,7 +1162,7 @@ def json_for_deployment(deployment, app_model, droplet, status_value, status_rea
             h.freeze
           end
 
-          it_behaves_like 'permissions for list endpoint', ALL_PERMISSIONS
+          it_behaves_like 'permissions for list endpoint', ALL_PERMISSIONS + ['space_application_supporter']
 
           context 'pagination' do
             let(:pagination_hsh) do
@@ -1188,7 +1204,7 @@ def json_for_deployment(deployment, app_model, droplet, status_value, status_rea
             h.freeze
           end
 
-          it_behaves_like 'permissions for list endpoint', ALL_PERMISSIONS
+          it_behaves_like 'permissions for list endpoint', ALL_PERMISSIONS + ['space_application_supporter']
 
           context 'pagination' do
             let(:pagination_hsh) do

diff --git a/spec/support/model_creation.rb b/spec/support/model_creation.rb
@@ -26,6 +26,12 @@ def make_developer_for_space(space)
     user
   end
 
+  def make_application_supporter_for_space(space)
+    user = make_user_for_org space.organization
+    space.add_application_supporter user
+    user
+  end
+
   def make_auditor_for_space(space)
     user = make_user_for_org(space.organization)
     space.add_auditor(user)