Fix cookbook ACLs (set can create directories)

author: John Keiser <jkeiser@opscode.com> 2014-08-21 15:40:30 -0700
committer: John Keiser <jkeiser@opscode.com> 2014-08-22 09:20:50 -0700
commit: c5db8bb9383b6e5b94776043985714fc35196c1e (patch)
tree: f936d7a377287c02ae809444c1f30a9cec67e204 /lib/chef_zero
parent: c02c90532ddb6e7faa21b0642a200de2ec0f08d9 (diff)
download: chef-zero-c5db8bb9383b6e5b94776043985714fc35196c1e.tar.gz
4 files changed, 25 insertions, 15 deletions
diff --git a/lib/chef_zero/chef_data/default_creator.rb b/lib/chef_zero/chef_data/default_creator.rb
index b649cf1..a5fa3d6 100644
--- a/lib/chef_zero/chef_data/default_creator.rb
+++ b/lib/chef_zero/chef_data/default_creator.rb
@@ -50,9 +50,15 @@ module ChefZero
         false
       end
 
-      def created(path, creator)
-        @creators[path] = [ creator ]
-        @deleted.delete(path) if @deleted[path]
+      def created(path, creator, create_parents)
+        while !@creators[path]
+          @creators[path] = [ creator ]
+          @deleted.delete(path) if @deleted[path]
+          # Only do this once if create_parents is false
+          break if !create_parents || path.size == 0
+
+          path = path[0..-2]
+        end
       end
 
       def superusers
@@ -365,7 +371,12 @@ module ChefZero
             owners |= @creators[path] if @creators[path]
           end
 
-          owners |= superusers
+          #ANGRY
+          # Non-default containers do not get superusers added to them,
+          # because reasons.
+          unless path.size == 4 && path[0] == 'organizations' && path[2] == 'containers' && !exists?(path)
+            owners |= superusers
+          end
         end
 
         owners.uniq
@@ -378,19 +389,13 @@ module ChefZero
           acl[perm] ||= {}
           acl[perm]['actors'] ||= begin
             owners ||= get_owners(acl_path)
-            container_acl ||= get_container_acl(acl_path) || {}
-            if container_acl[perm] && container_acl[perm]['actors']
-              owners | container_acl[perm]['actors']
-            else
-              owners
-            end
           end
           acl[perm]['groups'] ||= begin
             # When we create containers, we don't merge groups (not sure why).
             if acl_path[0] == 'organizations' && acl_path[3] == 'containers'
               []
             else
-              container_acl ||= get_container_acl(request, acl_path) || {}
+              container_acl ||= get_container_acl(acl_path) || {}
               (container_acl[perm] ? container_acl[perm]['groups'] : []) || []
             end
           end
diff --git a/lib/chef_zero/data_store/default_facade.rb b/lib/chef_zero/data_store/default_facade.rb
index 2beb8c5..c274102 100644
--- a/lib/chef_zero/data_store/default_facade.rb
+++ b/lib/chef_zero/data_store/default_facade.rb
@@ -43,7 +43,7 @@ module ChefZero
         end
 
         options_hash = options.last.is_a?(Hash) ? options.last : {}
-        default_creator.created(path + [ name ], options_hash[:requestor])
+        default_creator.created(path + [ name ], options_hash[:requestor], options.include?(:recursive))
       end
 
       def create(path, name, data, *options)
@@ -62,7 +62,7 @@ module ChefZero
         end
 
         options_hash = options.last || {}
-        default_creator.created(path + [ name ], options_hash[:requestor])
+        default_creator.created(path + [ name ], options_hash[:requestor], options.include?(:recursive))
       end
 
       def get(path, request=nil)
@@ -88,6 +88,11 @@ module ChefZero
             raise
           end
         end
+
+        if options.include?(:create)
+          options_hash = options.last || {}
+          default_creator.created(path, options_hash[:requestor], options.include?(:create_dir))
+        end
       end
 
       def delete(path, *options)
diff --git a/lib/chef_zero/endpoints/file_store_file_endpoint.rb b/lib/chef_zero/endpoints/file_store_file_endpoint.rb
index 0d2856a..4be1eb0 100644
--- a/lib/chef_zero/endpoints/file_store_file_endpoint.rb
+++ b/lib/chef_zero/endpoints/file_store_file_endpoint.rb
@@ -14,7 +14,7 @@ module ChefZero
       end
 
       def put(request)
-        data_store.set(request.rest_path, request.body, :create, :create_dir)
+        data_store.set(request.rest_path, request.body, :create, :create_dir, :requestor => request.requestor)
         json_response(200, {})
       end
     end
diff --git a/lib/chef_zero/rest_base.rb b/lib/chef_zero/rest_base.rb
index f64343b..d85f489 100644
--- a/lib/chef_zero/rest_base.rb
+++ b/lib/chef_zero/rest_base.rb
@@ -115,7 +115,7 @@ module ChefZero
     def set_data(request, rest_path, data, *options)
       rest_path ||= request.rest_path
       begin
-        data_store.set(rest_path, data, *options)
+        data_store.set(rest_path, data, *options, :requestor => request.requestor)
       rescue DataStore::DataNotFoundError
         if options.include?(:data_store_exceptions)
           raise
author	John Keiser <jkeiser@opscode.com>	2014-08-21 15:40:30 -0700
committer	John Keiser <jkeiser@opscode.com>	2014-08-22 09:20:50 -0700
commit	c5db8bb9383b6e5b94776043985714fc35196c1e (patch)
tree	f936d7a377287c02ae809444c1f30a9cec67e204 /lib/chef_zero
parent	c02c90532ddb6e7faa21b0642a200de2ec0f08d9 (diff)
download	chef-zero-c5db8bb9383b6e5b94776043985714fc35196c1e.tar.gz