Commit 44024930 authored by Noah Kantrowitz's avatar Noah Kantrowitz
Browse files

Do not allow non-admins to upload or delete cookbooks.

Conflicts:

	chef-server-api/app/controllers/cookbooks.rb
	features/api/cookbooks/upload_cookbooks.feature
parent 0172a035
......@@ -28,7 +28,8 @@ class Cookbooks < Application
before :authenticate_every
before :params_helper
before :is_admin, :only => [ :update, :destroy ]
attr_accessor :cookbook_name, :cookbook_version
def params_helper
......
......@@ -52,3 +52,10 @@ Feature: CRUD cookbooks
When I 'DELETE' to the path '/cookbooks/testcookbook_nonexistent'
Then I should get a '404 "Not Found"' exception
@delete_cookbook_negative @cookbook_non_admin
Scenario: I should not be able to delete cookbook if I am not an admin
Given I am an administrator
When I fully upload a sandboxed cookbook named 'testcookbook_valid' versioned '0.1.0' with 'testcookbook_valid'
Given I am a non-admin
When I 'DELETE' to the path '/cookbooks/testcookbook_valid/0.1.0'
Then I should get a '403 "Forbidden"' exception
......@@ -140,3 +140,22 @@ Feature: CRUD cookbooks
Then I should not get an exception
When I create a cookbook named 'testcookbook_invalid_empty_except_metadata' with only the metadata file
Then I should get a '400 "Bad Request"' exception
@create_cookbook_negative @cookbook_non_admin
Scenario: Should not be able to create a cookbook if I am not an admin
Given I am an administrator
When I create a sandbox named 'sandbox1' for cookbook 'testcookbook_valid'
Then the inflated responses key 'uri' should match '^http://.+/sandboxes/[^\/]+$'
Then I upload a file named 'metadata.json' from cookbook 'testcookbook_valid' to the sandbox
Then the response code should be '200'
Then I upload a file named 'metadata.rb' from cookbook 'testcookbook_valid' to the sandbox
Then the response code should be '200'
Then I upload a file named 'attributes/attributes.rb' from cookbook 'testcookbook_valid' to the sandbox
Then the response code should be '200'
Then I upload a file named 'recipes/default.rb' from cookbook 'testcookbook_valid' to the sandbox
Then the response code should be '200'
When I commit the sandbox
Then I should not get an exception
Given I am a non-admin
When I create a versioned cookbook named 'testcookbook_valid' versioned '0.1.0' with 'testcookbook_valid'
Then I should get a '403 "Forbidden"' exception
......@@ -130,8 +130,11 @@ def create_databases
Chef::Certificate.gen_validation_key(Chef::Config[:web_ui_client_name], Chef::Config[:web_ui_key])
system("cp #{File.join(Dir.tmpdir, "chef_integration", "validation.pem")} #{Dir.tmpdir}")
system("cp #{File.join(Dir.tmpdir, "chef_integration", "webui.pem")} #{Dir.tmpdir}")
c = Chef::ApiClient.cdb_load(Chef::Config[:web_ui_client_name])
c.admin(true)
c.cdb_save
cmd = [KNIFE_CMD, "cookbook", "upload", "-a", "-o", INTEGRATION_COOKBOOKS, "-u", "validator", "-k", File.join(Dir.tmpdir, "validation.pem"), "-c", KNIFE_CONFIG]
cmd = [KNIFE_CMD, "cookbook", "upload", "-a", "-o", INTEGRATION_COOKBOOKS, "-u", Chef::Config[:web_ui_client_name], "-k", File.join(Dir.tmpdir, "webui.pem"), "-c", KNIFE_CONFIG]
Chef::Log.info("Uploading fixture cookbooks with #{cmd.join(' ')}")
cmd << {:timeout => 120}
shell_out!(*cmd)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment