From a92c2a4c6657eccb0cf8654d80afaada2aadf786 Mon Sep 17 00:00:00 2001
From: Will Gant <w_gant@protonmail.com>
Date: Mon, 14 Jun 2021 12:47:10 +0100
Subject: [PATCH] Revert "Allow SpaceApplicationSupporter to update
 deployments"

This reverts commit a50aef296fad0fdf91591f842a133f3f18472e37. See pull request #2323 for discussion on the decision not to grant the space application supporter access to PATCH endpoints that only allow users to update metadata/labels: https://github.com/cloudfoundry/cloud_controller_ng/pull/2323#issuecomment-859796434
---
 app/controllers/v3/deployments_controller.rb |  4 +--
 spec/request/deployments_spec.rb             | 33 +++++---------------
 2 files changed, 10 insertions(+), 27 deletions(-)

diff --git a/app/controllers/v3/deployments_controller.rb b/app/controllers/v3/deployments_controller.rb
index ed36b63dc0d..485976257cc 100644
--- a/app/controllers/v3/deployments_controller.rb
+++ b/app/controllers/v3/deployments_controller.rb
@@ -58,8 +58,8 @@ def create
   def update
     deployment = DeploymentModel.find(guid: hashed_params[:guid])
     resource_not_found!(:deployment) unless deployment &&
-      permission_queryer.untrusted_can_read_from_space?(deployment.app.space.guid, deployment.app.space.organization.guid)
-    unauthorized! unless permission_queryer.untrusted_can_write_to_space?(deployment.app.space.guid)
+      permission_queryer.can_read_from_space?(deployment.app.space.guid, deployment.app.space.organization.guid)
+    unauthorized! unless permission_queryer.can_write_to_space?(deployment.app.space.guid)
 
     message = VCAP::CloudController::DeploymentUpdateMessage.new(hashed_params[:body])
     unprocessable!(message.errors.full_messages) unless message.valid?
diff --git a/spec/request/deployments_spec.rb b/spec/request/deployments_spec.rb
index 52bf70f676a..2ce69ea2297 100644
--- a/spec/request/deployments_spec.rb
+++ b/spec/request/deployments_spec.rb
@@ -816,8 +816,13 @@
         },
       }.to_json
     end
-    let(:expected_response) {
-      {
+
+    it 'updates the deployment with metadata' do
+      patch "/v3/deployments/#{deployment.guid}", update_request, user_header
+      expect(last_response.status).to eq(200)
+
+      parsed_response = MultiJson.load(last_response.body)
+      expect(parsed_response).to be_a_response_like({
         'guid' => deployment.guid,
         'status' => {
           'value' => VCAP::CloudController::DeploymentModel::ACTIVE_STATUS_VALUE,
@@ -860,29 +865,7 @@
             'method' => 'POST'
           }
         }
-      }
-    }
-
-    context 'as a SpaceDeveloper' do
-      it 'updates the deployment with metadata' do
-        patch "/v3/deployments/#{deployment.guid}", update_request, user_header
-        expect(last_response.status).to eq(200)
-
-        parsed_response = MultiJson.load(last_response.body)
-        expect(parsed_response).to be_a_response_like(expected_response)
-      end
-    end
-
-    context 'as a SpaceApplicationSupporter' do
-      let(:user) { make_application_supporter_for_space(space) }
-
-      it 'updates the deployment with metadata' do
-        patch "/v3/deployments/#{deployment.guid}", update_request, user_header
-        expect(last_response.status).to eq(200)
-
-        parsed_response = MultiJson.load(last_response.body)
-        expect(parsed_response).to be_a_response_like(expected_response)
-      end
+      })
     end
   end