Revert "Allow SpaceApplicationSupporter to update deployments"

This reverts commit a50aef2. See pull request #2323 for discussion on the decision not to grant the space application supporter access to PATCH endpoints that only allow users to update metadata/labels: #2323 (comment)
cloudfoundry · Jun 14, 2021 · a92c2a4 · a92c2a4
1 parent 978e404
commit a92c2a4
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 27 deletions.
diff --git a/app/controllers/v3/deployments_controller.rb b/app/controllers/v3/deployments_controller.rb
@@ -58,8 +58,8 @@ def create
   def update
     deployment = DeploymentModel.find(guid: hashed_params[:guid])
     resource_not_found!(:deployment) unless deployment &&
-      permission_queryer.untrusted_can_read_from_space?(deployment.app.space.guid, deployment.app.space.organization.guid)
-    unauthorized! unless permission_queryer.untrusted_can_write_to_space?(deployment.app.space.guid)
+      permission_queryer.can_read_from_space?(deployment.app.space.guid, deployment.app.space.organization.guid)
+    unauthorized! unless permission_queryer.can_write_to_space?(deployment.app.space.guid)
 
     message = VCAP::CloudController::DeploymentUpdateMessage.new(hashed_params[:body])
     unprocessable!(message.errors.full_messages) unless message.valid?

diff --git a/spec/request/deployments_spec.rb b/spec/request/deployments_spec.rb
@@ -816,8 +816,13 @@
         },
       }.to_json
     end
-    let(:expected_response) {
-      {
+
+    it 'updates the deployment with metadata' do
+      patch "/v3/deployments/#{deployment.guid}", update_request, user_header
+      expect(last_response.status).to eq(200)
+
+      parsed_response = MultiJson.load(last_response.body)
+      expect(parsed_response).to be_a_response_like({
         'guid' => deployment.guid,
         'status' => {
           'value' => VCAP::CloudController::DeploymentModel::ACTIVE_STATUS_VALUE,
@@ -860,29 +865,7 @@
             'method' => 'POST'
           }
         }
-      }
-    }
-
-    context 'as a SpaceDeveloper' do
-      it 'updates the deployment with metadata' do
-        patch "/v3/deployments/#{deployment.guid}", update_request, user_header
-        expect(last_response.status).to eq(200)
-
-        parsed_response = MultiJson.load(last_response.body)
-        expect(parsed_response).to be_a_response_like(expected_response)
-      end
-    end
-
-    context 'as a SpaceApplicationSupporter' do
-      let(:user) { make_application_supporter_for_space(space) }
-
-      it 'updates the deployment with metadata' do
-        patch "/v3/deployments/#{deployment.guid}", update_request, user_header
-        expect(last_response.status).to eq(200)
-
-        parsed_response = MultiJson.load(last_response.body)
-        expect(parsed_response).to be_a_response_like(expected_response)
-      end
+      })
     end
   end