From 6bd8af132f7a0e8a75cc67434d6480c0452b98ea Mon Sep 17 00:00:00 2001 From: Dyson Simmons Date: Wed, 31 Jan 2018 15:24:13 +0000 Subject: [PATCH 1/2] Allow upload user to delete any instance --- routes/instances.go | 2 +- routes/instances_test.go | 42 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/routes/instances.go b/routes/instances.go index 03e800e9..2ed1a34f 100644 --- a/routes/instances.go +++ b/routes/instances.go @@ -184,7 +184,7 @@ func (i Instances) Destroy(w http.ResponseWriter, r *http.Request) { return } - if email != instance.UserEmail { + if email != auth.UPLOAD_USER_EMAIL && email != instance.UserEmail { RenderError(w, http.StatusNotFound, notFoundError) return } diff --git a/routes/instances_test.go b/routes/instances_test.go index f225d2e3..d1bc1cb2 100644 --- a/routes/instances_test.go +++ b/routes/instances_test.go @@ -7,6 +7,7 @@ import ( "net/http/httptest" "testing" + "github.com/gocardless/draupnir/auth" "github.com/gocardless/draupnir/models" "github.com/google/jsonapi" "github.com/gorilla/mux" @@ -331,3 +332,44 @@ func TestInstanceDestroyFromWrongUser(t *testing.T) { assert.Equal(t, http.StatusNotFound, recorder.Code) assert.Equal(t, notFoundError, response) } + +func TestInstanceDestroyFromUploadUser(t *testing.T) { + recorder := httptest.NewRecorder() + req := httptest.NewRequest("DELETE", "/instances/1", nil) + + store := FakeInstanceStore{ + _Get: func(id int) (models.Instance, error) { + return models.Instance{ + ID: 1, + ImageID: 1, + Port: 5432, + CreatedAt: timestamp(), + UpdatedAt: timestamp(), + UserEmail: "test@draupnir", + }, nil + }, + _Destroy: func(instance models.Instance) error { + return nil + }, + } + + executor := FakeExecutor{ + _DestroyInstance: func(instanceID int) error { + return nil + }, + } + + authenticator := FakeAuthenticator{ + _AuthenticateRequest: func(r *http.Request) (string, error) { + return auth.UPLOAD_USER_EMAIL, nil + }, + } + + routeSet := Instances{InstanceStore: store, Executor: executor, Authenticator: authenticator, Logger: log.NewNopLogger()} + router := mux.NewRouter() + router.HandleFunc("/instances/{id}", routeSet.Destroy).Methods("DELETE") + router.ServeHTTP(recorder, req) + + assert.Equal(t, http.StatusNoContent, recorder.Code) + assert.Equal(t, 0, len(recorder.Body.Bytes())) +} From 685c63c4021804fc3495d7519a197fc92c219494 Mon Sep 17 00:00:00 2001 From: Dyson Simmons Date: Wed, 31 Jan 2018 16:04:28 +0000 Subject: [PATCH 2/2] v1.3.0 --- CHANGELOG.md | 4 ++++ DRAUPNIR_VERSION | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7d737dae..de240892 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ Unreleased No changes. +1.3.0 +----- +Allow the upload user to delete any instance via API + 1.2.0 ----- diff --git a/DRAUPNIR_VERSION b/DRAUPNIR_VERSION index 26aaba0e..f0bb29e7 100644 --- a/DRAUPNIR_VERSION +++ b/DRAUPNIR_VERSION @@ -1 +1 @@ -1.2.0 +1.3.0