diff options
author | John Keiser <jkeiser@opscode.com> | 2014-08-20 10:25:17 -0700 |
---|---|---|
committer | John Keiser <jkeiser@opscode.com> | 2014-08-22 09:20:49 -0700 |
commit | e7f99fb5214ab2b59fc5dc798e1036e12e26c88d (patch) | |
tree | f83eddda18330f47109830d7c82d2712001773fa | |
parent | b0556a304c8f33b73de33b471b0f41ad4bb0e3d3 (diff) | |
download | chef-zero-e7f99fb5214ab2b59fc5dc798e1036e12e26c88d.tar.gz |
Let non-validator clients own themselves
-rw-r--r-- | lib/chef_zero/chef_data/default_creator.rb | 26 |
1 files changed, 11 insertions, 15 deletions
diff --git a/lib/chef_zero/chef_data/default_creator.rb b/lib/chef_zero/chef_data/default_creator.rb index 78e902f..107ed68 100644 --- a/lib/chef_zero/chef_data/default_creator.rb +++ b/lib/chef_zero/chef_data/default_creator.rb @@ -343,23 +343,19 @@ module ChefZero path = AclPath.get_object_path(acl_path) if path - # Add the actual owner - if @creators[path] - owners += @creators[path] - end - - # The objects that were created with the org itself have the peculiar - # property of missing superusers from their acl. - # if !exists?(path) - owners += superusers - # end - - # Clients need to be in their own acl list, except the validator created with the org - # (which we test for with exists?, which only looks at the defaults) - if path.size == 4 && path[0] == 'organizations' && path[2] == 'clients' && !exists?(path) - owners |= [ path[3] ] + # Non-validator clients own themselves, instead of the creator owning them. + if path.size == 4 && path[0] == 'organizations' && path[2] == 'clients' + client = JSON.parse(data.get(path), :create_additions => false) + if client['validator'] + owners |= @creators[path] if @creators[path] + else + owners |= [ path[3] ] + end + else + owners |= @creators[path] if @creators[path] end + owners += superusers end owners.uniq |