summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Keiser <jkeiser@opscode.com>2014-07-24 19:01:41 -0600
committerJohn Keiser <jkeiser@opscode.com>2014-08-22 09:20:48 -0700
commit8261c7a6d1ef05da00e3adbde5171dda8d1d0590 (patch)
tree2684c2a0f17f63e6cba1ecc0f95858b92f7f99f9
parent317d7231983fea9a6f4e59a1451e80e58e0d781a (diff)
downloadchef-zero-8261c7a6d1ef05da00e3adbde5171dda8d1d0590.tar.gz
Fix data acl defaults (was not taking container into account)
Diffstat
-rw-r--r--lib/chef_zero/data_store/default_facade.rb3
-rw-r--r--lib/chef_zero/endpoints/acl_base.rb4
2 files changed, 5 insertions, 2 deletions
diff --git a/lib/chef_zero/data_store/default_facade.rb b/lib/chef_zero/data_store/default_facade.rb
index 9912f16..7c8406a 100644
--- a/lib/chef_zero/data_store/default_facade.rb
+++ b/lib/chef_zero/data_store/default_facade.rb
@@ -192,7 +192,6 @@ module ChefZero
end
def list(path)
- puts "Defaults #{@defaults['metadata']}" if path[0] == 'metadata'
default_results = default(path)
default_results = default_results.keys if default_results
begin
@@ -229,6 +228,8 @@ module ChefZero
return !!value
end
+ # Used by owners_of to find all owners of a thing by looking up
+ # the trail of directories
def self.list_metadata(data, path, metadata_type, *options)
begin
result = data.list([ 'metadata', metadata_type, path.join('/') ])
diff --git a/lib/chef_zero/endpoints/acl_base.rb b/lib/chef_zero/endpoints/acl_base.rb
index 352cd8d..4253353 100644
--- a/lib/chef_zero/endpoints/acl_base.rb
+++ b/lib/chef_zero/endpoints/acl_base.rb
@@ -32,7 +32,9 @@ module ChefZero
%w(create read update delete grant).each do |perm|
acls[perm] ||= {}
acls[perm]['actors'] ||= []
+ # The owners of the org and of the server (the superusers) have rights too
acls[perm]['actors'] = owners | acls[perm]['actors']
+ # Clients have access to themselves
if path.size == 4 && path[0] == 'organizations' && path[2] == 'clients'
acls[perm]['actors'] |= [ path[3] ]
end
@@ -42,7 +44,7 @@ module ChefZero
def get_container_acls(request, path)
if path[0] == 'organizations'
- if %w(clients containers cookbooks environments groups nodes roles sandboxes).include?(path[2])
+ if %w(clients containers cookbooks data environments groups nodes roles sandboxes).include?(path[2])
if path[2..3] != ['containers', 'containers']
return get_acls(request, path[0..1] + [ 'containers', path[2] ])
end
View Lorry Controller Status