From 7309eb4836c465feb5f0300d460fa6940769cfb8 Mon Sep 17 00:00:00 2001
From: Stephan Renatus <srenatus@chef.io>
Date: Tue, 14 Mar 2017 10:55:31 +0100
Subject: fix hardcoded default acls to match chef-server

Due to a bug in oc-chef-pedant[1], we'd never noticed that this doesn't
return what it should return to match chef-server.

[1]: https://github.com/chef/chef-server/pull/1145

Signed-off-by: Stephan Renatus <srenatus@chef.io>
---
 lib/chef_zero/chef_data/default_creator.rb | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/lib/chef_zero/chef_data/default_creator.rb b/lib/chef_zero/chef_data/default_creator.rb
index 51872d5..e70b2c2 100644
--- a/lib/chef_zero/chef_data/default_creator.rb
+++ b/lib/chef_zero/chef_data/default_creator.rb
@@ -270,7 +270,8 @@ module ChefZero
 
       def get_org_acl_default(path)
         object_path = AclPath.get_object_path(path)
-        # The actual things containers correspond to don't have to exist, as long as the container does
+        # The actual things containers correspond to don't have to exist, as
+        # long as the container does
         return nil if !data_exists?(object_path)
         basic_acl =
           case path[3..-1].join("/")
@@ -282,7 +283,10 @@ module ChefZero
               "delete" => { "groups" => %w{admins} },
               "grant"  => { "groups" => %w{admins} },
             }
-          when "containers/environments", "containers/roles", "containers/policy_groups", "containers/policies"
+          when "containers/environments", "containers/roles",
+            "containers/policy_groups", "containers/policies",
+            "containers/cookbooks", "containers/cookbook_artifacts",
+            "containers/data"
             {
               "create" => { "groups" => %w{admins users} },
               "read"   => { "groups" => %w{admins users clients} },
@@ -290,14 +294,6 @@ module ChefZero
               "delete" => { "groups" => %w{admins users} },
               "grant"  => { "groups" => %w{admins} },
             }
-          when "containers/cookbooks", "containers/cookbook_artifacts", "containers/data"
-            {
-              "create" => { "groups" => %w{admins users clients} },
-              "read"   => { "groups" => %w{admins users clients} },
-              "update" => { "groups" => %w{admins users clients} },
-              "delete" => { "groups" => %w{admins users clients} },
-              "grant"  => { "groups" => %w{admins} },
-            }
           when "containers/nodes"
             {
               "create" => { "groups" => %w{admins users clients} },
-- 
cgit v1.2.1