projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e54bdba)
api: Support scope searching in API token index.
authorBrett Smith <brett@curoverse.com>
Wed, 23 Apr 2014 20:15:37 +0000 (16:15 -0400)
committerBrett Smith <brett@curoverse.com>
Mon, 28 Apr 2014 18:01:58 +0000 (14:01 -0400)
services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb patch | blob | history
services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb patch | blob | history

diff --git a/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb b/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb
index 8fd915ddfbf48d8b3a336d47e58257147f3c6899..ff322a7fb8981741a37f64c23c3f22ec8a12056a 100644 (file)
--- a/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb
+++ b/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb
@@ -45,6 +45,11 @@ class Arvados::V1::ApiClientAuthorizationsController < ApplicationController
       includes(:user, :api_client).
       where('user_id=? and (? or api_token=?)', current_user.id, !@where['uuid'], @where['uuid']).
       order('created_at desc')
+    unless @where['scopes'].nil?
+      @objects = @objects.select { |auth|
+        (auth.scopes & @where['scopes']) == (auth.scopes | @where['scopes'])
+      }
+    end
   end
 
   def find_object_by_uuid
diff --git a/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb b/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb
index cbb009617b752b7970b0a3fb3820f502728e37f6..0072792563fa20fdae7a4957a8c6fae8aa9948e6 100644 (file)
--- a/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb
@@ -1,7 +1,6 @@
 require 'test_helper'
 
 class Arvados::V1::ApiClientAuthorizationsControllerTest < ActionController::TestCase
-
   test "should get index" do
     authorize_with :active_trustedclient
     get :index
@@ -38,4 +37,22 @@ class Arvados::V1::ApiClientAuthorizationsControllerTest < ActionController::Tes
     assert_response 403
   end
 
+  test "admin search filters where scopes exactly match" do
+    def check_tokens_by_scopes(scopes, *expected_tokens)
+      expected_tokens.map! { |name| api_client_authorizations(name).api_token }
+      get :index, where: {scopes: scopes}
+      assert_response :success
+      got_tokens = JSON.parse(@response.body)['items']
+        .map { |auth| auth['api_token'] }
+      assert_equal(expected_tokens.sort, got_tokens.sort,
+                   "wrong results for scopes = #{scopes}")
+    end
+    authorize_with :admin_trustedclient
+    check_tokens_by_scopes([], :admin_noscope)
+    authorize_with :active_trustedclient
+    check_tokens_by_scopes(["GET /arvados/v1/users"], :active_userlist)
+    check_tokens_by_scopes(["POST /arvados/v1/api_client_authorizations",
+                            "GET /arvados/v1/api_client_authorizations"],
+                           :active_apitokens)
+  end
 end