diff options
| author | Russ Allbery <rra@stanford.edu> | 2013-03-27 12:51:46 -0700 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2013-03-27 12:52:58 -0700 |
| commit | f6c63bdb2be5ccc0c6133bf87025d37805579005 (patch) | |
| tree | c027fed89455b36e386722a63cce9c77d90ebffa /perl/t/server.t | |
| parent | b273cc907951a8b7dfcd4095ab58b6ae74c7d87e (diff) | |
Allow owners of objects to destroy them by default
Owners of wallet objects are now allowed to destroy them. In previous
versions, a special destroy ACL had to be set and the owner ACL wasn't
used for destroy actions, but operational experience at Stanford has
shown that letting owners destroy their own objects is a better model.
Change-Id: I0e97d7a000e62cf5321add7b44140db6edc6769f
Reviewed-on: https://gerrit.stanford.edu/973
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Diffstat (limited to 'perl/t/server.t')
| -rwxr-xr-x | perl/t/server.t | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/perl/t/server.t b/perl/t/server.t index 8474989..4afda51 100755 --- a/perl/t/server.t +++ b/perl/t/server.t @@ -3,12 +3,12 @@ # Tests for the wallet server API. # # Written by Russ Allbery <rra@stanford.edu> -# Copyright 2007, 2008, 2010, 2011, 2012 +# Copyright 2007, 2008, 2010, 2011, 2012, 2013 # The Board of Trustees of the Leland Stanford Junior University # # See LICENSE for licensing terms. -use Test::More tests => 381; +use Test::More tests => 382; use POSIX qw(strftime); use Wallet::Admin; @@ -497,10 +497,6 @@ is ($server->create ('base', 'service/test'), undef, ' nor can we create objects'); is ($server->error, "$user1 not authorized to create base:service/test", ' with error'); -is ($server->destroy ('base', 'service/user1'), undef, - ' or destroy objects'); -is ($server->error, "$user1 not authorized to destroy base:service/user1", - ' with error'); is ($server->owner ('base', 'service/user1', 'user2'), undef, ' or set the owner'); is ($server->error, @@ -801,6 +797,12 @@ is ($server->store ('base', 'service/both', 'stuff'), undef, ' or store it'); is ($server->error, 'cannot find base:service/both', ' because it is gone'); +# Switch back to user1 and test destroy. +$server = eval { Wallet::Server->new ($user1, $host) }; +is ($@, '', 'Switching users works'); +is ($server->destroy ('base', 'service/user1'), 1, + 'Destroy of an object we own with no destroy ACLs works'); + # Test default ACLs on object creation. # # Create a default_acl sub that permits $user2 to create service/default with @@ -836,8 +838,10 @@ sub default_owner { } package main; -# We're still user2, so we should now be able to create service/default. Make -# sure we can and that the ACLs all look good. +# Switch back to user2, so we should now be able to create service/default. +# Make sure we can and that the ACLs all look good. +$server = eval { Wallet::Server->new ($user2, $host) }; +is ($@, '', 'Switching users works'); is ($server->create ('base', 'service/default'), undef, 'Creating an object with the default ACL fails'); is ($server->error, "$user2 not authorized to create base:service/default", |