Ensuring that authority owners can access certificates issued by that… (#526)

* Ensuring that authority owners can access certificates issued by that authority
This commit is contained in:
kevgliss 2016-11-25 20:35:07 -08:00 committed by GitHub
parent 8e5323e2d7
commit 250558baf3
2 changed files with 11 additions and 0 deletions

View File

@ -132,12 +132,18 @@ def update(cert_id, owner, description, notify, destinations, notifications, rep
def create_certificate_roles(**kwargs): def create_certificate_roles(**kwargs):
# create an role for the owner and assign it # create an role for the owner and assign it
owner_role = role_service.get_by_name(kwargs['owner']) owner_role = role_service.get_by_name(kwargs['owner'])
if not owner_role: if not owner_role:
owner_role = role_service.create( owner_role = role_service.create(
kwargs['owner'], kwargs['owner'],
description="Auto generated role based on owner: {0}".format(kwargs['owner']) description="Auto generated role based on owner: {0}".format(kwargs['owner'])
) )
# ensure that the authority's owner is also associated with the certificate
if kwargs.get('authority'):
authority_owner_role = role_service.get_by_name(kwargs['authority'].owner)
return [owner_role, authority_owner_role]
return [owner_role] return [owner_role]

View File

@ -459,6 +459,11 @@ def test_certificate_put(client, token, status):
assert client.put(api.url_for(Certificates, certificate_id=1), data={}, headers=token).status_code == status assert client.put(api.url_for(Certificates, certificate_id=1), data={}, headers=token).status_code == status
def test_certificate_put_with_data(client, certificate, issuer_plugin):
resp = client.put(api.url_for(Certificates, certificate_id=certificate.id), data=json.dumps({'owner': 'bob@example.com', 'description': 'test', 'notify': True}), headers=VALID_ADMIN_HEADER_TOKEN)
assert resp.status_code == 200
@pytest.mark.parametrize("token,status", [ @pytest.mark.parametrize("token,status", [
(VALID_USER_HEADER_TOKEN, 405), (VALID_USER_HEADER_TOKEN, 405),
(VALID_ADMIN_HEADER_TOKEN, 405), (VALID_ADMIN_HEADER_TOKEN, 405),