diff --git a/app/controllers/v3/deployments_controller.rb b/app/controllers/v3/deployments_controller.rb index ed36b63dc0d..485976257cc 100644 --- a/app/controllers/v3/deployments_controller.rb +++ b/app/controllers/v3/deployments_controller.rb @@ -58,8 +58,8 @@ def create def update deployment = DeploymentModel.find(guid: hashed_params[:guid]) resource_not_found!(:deployment) unless deployment && - permission_queryer.untrusted_can_read_from_space?(deployment.app.space.guid, deployment.app.space.organization.guid) - unauthorized! unless permission_queryer.untrusted_can_write_to_space?(deployment.app.space.guid) + permission_queryer.can_read_from_space?(deployment.app.space.guid, deployment.app.space.organization.guid) + unauthorized! unless permission_queryer.can_write_to_space?(deployment.app.space.guid) message = VCAP::CloudController::DeploymentUpdateMessage.new(hashed_params[:body]) unprocessable!(message.errors.full_messages) unless message.valid? diff --git a/spec/request/deployments_spec.rb b/spec/request/deployments_spec.rb index 52bf70f676a..2ce69ea2297 100644 --- a/spec/request/deployments_spec.rb +++ b/spec/request/deployments_spec.rb @@ -816,8 +816,13 @@ }, }.to_json end - let(:expected_response) { - { + + it 'updates the deployment with metadata' do + patch "/v3/deployments/#{deployment.guid}", update_request, user_header + expect(last_response.status).to eq(200) + + parsed_response = MultiJson.load(last_response.body) + expect(parsed_response).to be_a_response_like({ 'guid' => deployment.guid, 'status' => { 'value' => VCAP::CloudController::DeploymentModel::ACTIVE_STATUS_VALUE, @@ -860,29 +865,7 @@ 'method' => 'POST' } } - } - } - - context 'as a SpaceDeveloper' do - it 'updates the deployment with metadata' do - patch "/v3/deployments/#{deployment.guid}", update_request, user_header - expect(last_response.status).to eq(200) - - parsed_response = MultiJson.load(last_response.body) - expect(parsed_response).to be_a_response_like(expected_response) - end - end - - context 'as a SpaceApplicationSupporter' do - let(:user) { make_application_supporter_for_space(space) } - - it 'updates the deployment with metadata' do - patch "/v3/deployments/#{deployment.guid}", update_request, user_header - expect(last_response.status).to eq(200) - - parsed_response = MultiJson.load(last_response.body) - expect(parsed_response).to be_a_response_like(expected_response) - end + }) end end