Ensuring that authority owners can access certificates issued by that… (#526)

* Ensuring that authority owners can access certificates issued by that authority
2016-11-25 20:35:07 -08:00 · 2016-11-25 20:35:07 -08:00 · 250558baf3
parent 8e5323e2d7
commit 250558baf3
2 changed files with 11 additions and 0 deletions
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@ -132,12 +132,18 @@ def update(cert_id, owner, description, notify, destinations, notifications, rep
 def create_certificate_roles(**kwargs):
    # create an role for the owner and assign it
    owner_role = role_service.get_by_name(kwargs['owner'])
+
    if not owner_role:
        owner_role = role_service.create(
            kwargs['owner'],
            description="Auto generated role based on owner: {0}".format(kwargs['owner'])
        )

+    # ensure that the authority's owner is also associated with the certificate
+    if kwargs.get('authority'):
+        authority_owner_role = role_service.get_by_name(kwargs['authority'].owner)
+        return [owner_role, authority_owner_role]
+
    return [owner_role]


--- a/lemur/tests/test_certificates.py
+++ b/lemur/tests/test_certificates.py
@ -459,6 +459,11 @@ def test_certificate_put(client, token, status):
    assert client.put(api.url_for(Certificates, certificate_id=1), data={}, headers=token).status_code == status


+def test_certificate_put_with_data(client, certificate, issuer_plugin):
+    resp = client.put(api.url_for(Certificates, certificate_id=certificate.id), data=json.dumps({'owner': 'bob@example.com', 'description': 'test', 'notify': True}), headers=VALID_ADMIN_HEADER_TOKEN)
+    assert resp.status_code == 200
+
+
@pytest.mark.parametrize("token,status", [
    (VALID_USER_HEADER_TOKEN, 405),
    (VALID_ADMIN_HEADER_TOKEN, 405),