From 3bf5b241054b733f5066000607b0e597cd82a55c Mon Sep 17 00:00:00 2001 From: Will Gant Date: Tue, 8 Jun 2021 16:31:02 +0200 Subject: [PATCH] Allow space application supporter to get and list deployments Co-authored-by: Philipp Thun --- app/controllers/v3/deployments_controller.rb | 4 +- .../resources/deployments/_get.md.erb | 3 +- .../resources/deployments/_list.md.erb | 3 +- spec/request/deployments_spec.rb | 42 +++++++++++++------ spec/support/model_creation.rb | 6 +++ 5 files changed, 41 insertions(+), 17 deletions(-) diff --git a/app/controllers/v3/deployments_controller.rb b/app/controllers/v3/deployments_controller.rb index 484e333d52d..1945d99ae9b 100644 --- a/app/controllers/v3/deployments_controller.rb +++ b/app/controllers/v3/deployments_controller.rb @@ -15,7 +15,7 @@ def index dataset = if permission_queryer.can_read_globally? DeploymentListFetcher.fetch_all(message) else - DeploymentListFetcher.fetch_for_spaces(message, space_guids: permission_queryer.readable_space_guids) + DeploymentListFetcher.fetch_for_spaces(message, space_guids: permission_queryer.readable_application_supporter_space_guids) end render status: :ok, json: Presenters::V3::PaginatedListPresenter.new( @@ -73,7 +73,7 @@ def show deployment = DeploymentModel.find(guid: hashed_params[:guid]) resource_not_found!(:deployment) unless deployment && - permission_queryer.can_read_from_space?(deployment.app.space.guid, deployment.app.space.organization.guid) + permission_queryer.untrusted_can_read_from_space?(deployment.app.space.guid, deployment.app.space.organization.guid) render status: :ok, json: Presenters::V3::DeploymentPresenter.new(deployment) end diff --git a/docs/v3/source/includes/resources/deployments/_get.md.erb b/docs/v3/source/includes/resources/deployments/_get.md.erb index 3f87573e848..9b48a056067 100644 --- a/docs/v3/source/includes/resources/deployments/_get.md.erb +++ b/docs/v3/source/includes/resources/deployments/_get.md.erb @@ -25,7 +25,7 @@ Content-Type: application/json `GET /v3/deployments/:guid` #### Permitted roles - | + Roles | Notes --- | --- Admin | Admin Read-Only | @@ -34,3 +34,4 @@ Org Manager | Space Auditor | Space Developer | Space Manager | +Space Application Supporter | Experimental | \ No newline at end of file diff --git a/docs/v3/source/includes/resources/deployments/_list.md.erb b/docs/v3/source/includes/resources/deployments/_list.md.erb index 153d163e969..6d14e6beadd 100644 --- a/docs/v3/source/includes/resources/deployments/_list.md.erb +++ b/docs/v3/source/includes/resources/deployments/_list.md.erb @@ -42,7 +42,7 @@ Name | Type | Description **updated_ats** (*experimental*)| _[timestamp](#timestamps)_ | Timestamp to filter by. When filtering on equality, several comma-delimited timestamps may be passed. Also supports filtering with [relational operators](#relational-operators-experimental) #### Permitted roles - | + Roles | Notes --- | --- Admin | Admin Read-Only | @@ -52,3 +52,4 @@ Org Manager | Space Auditor | Space Developer | Space Manager | +Space Application Supporter | Experimental | \ No newline at end of file diff --git a/spec/request/deployments_spec.rb b/spec/request/deployments_spec.rb index 6622e86e65a..38a609df09b 100644 --- a/spec/request/deployments_spec.rb +++ b/spec/request/deployments_spec.rb @@ -854,19 +854,15 @@ describe 'GET /v3/deployments/:guid' do let(:old_droplet) { VCAP::CloudController::DropletModel.make } - - it 'should get and display the deployment' do - deployment = VCAP::CloudController::DeploymentModelTestFactory.make( + let(:deployment) { + VCAP::CloudController::DeploymentModelTestFactory.make( app: app_model, droplet: droplet, previous_droplet: old_droplet ) - - get "/v3/deployments/#{deployment.guid}", nil, user_header - expect(last_response.status).to eq(200) - - parsed_response = MultiJson.load(last_response.body) - expect(parsed_response).to be_a_response_like({ + } + let(:expected_response) { + { 'guid' => deployment.guid, 'status' => { 'value' => VCAP::CloudController::DeploymentModel::ACTIVE_STATUS_VALUE, @@ -909,7 +905,27 @@ 'method' => 'POST' } } - }) + } + } + + it 'should get and display the deployment' do + get "/v3/deployments/#{deployment.guid}", nil, user_header + expect(last_response.status).to eq(200) + + parsed_response = MultiJson.load(last_response.body) + expect(parsed_response).to be_a_response_like(expected_response) + end + + context 'as a SpaceApplicationSupporter' do + let(:user) { make_application_supporter_for_space(space) } + + it 'should get and display the deployment' do + get "/v3/deployments/#{deployment.guid}", nil, user_header + expect(last_response.status).to eq(200) + + parsed_response = MultiJson.load(last_response.body) + expect(parsed_response).to be_a_response_like(expected_response) + end end end @@ -1097,7 +1113,7 @@ def json_for_deployment(deployment, app_model, droplet, status_value, status_rea h.freeze end - it_behaves_like 'permissions for list endpoint', ALL_PERMISSIONS + it_behaves_like 'permissions for list endpoint', ALL_PERMISSIONS + ['space_application_supporter'] context 'pagination' do let(:pagination_hsh) do @@ -1146,7 +1162,7 @@ def json_for_deployment(deployment, app_model, droplet, status_value, status_rea h.freeze end - it_behaves_like 'permissions for list endpoint', ALL_PERMISSIONS + it_behaves_like 'permissions for list endpoint', ALL_PERMISSIONS + ['space_application_supporter'] context 'pagination' do let(:pagination_hsh) do @@ -1188,7 +1204,7 @@ def json_for_deployment(deployment, app_model, droplet, status_value, status_rea h.freeze end - it_behaves_like 'permissions for list endpoint', ALL_PERMISSIONS + it_behaves_like 'permissions for list endpoint', ALL_PERMISSIONS + ['space_application_supporter'] context 'pagination' do let(:pagination_hsh) do diff --git a/spec/support/model_creation.rb b/spec/support/model_creation.rb index b0d23b5ed58..b20be9c88de 100644 --- a/spec/support/model_creation.rb +++ b/spec/support/model_creation.rb @@ -26,6 +26,12 @@ def make_developer_for_space(space) user end + def make_application_supporter_for_space(space) + user = make_user_for_org space.organization + space.add_application_supporter user + user + end + def make_auditor_for_space(space) user = make_user_for_org(space.organization) space.add_auditor(user)