Fix user filtering for directory listings

2012-10-20 11:32:34 +02:00
parent 39039148df
commit 2882bca483
3 changed files with 57 additions and 7 deletions
--- a/spec/directories_spec.rb
+++ b/spec/directories_spec.rb
@@ -37,12 +37,14 @@ describe "Directories" do
    it "has a Last-Modifier header set" do
      get "/jimmy/tasks/"

+      last_response.status.must_equal 200
      last_response.headers["Last-Modified"].wont_be_nil
    end

    it "has CORS headers set" do
      get "/jimmy/tasks/"

+      last_response.status.must_equal 200
      last_response.headers["Access-Control-Allow-Origin"].must_equal "*"
      last_response.headers["Access-Control-Allow-Methods"].must_equal "GET, PUT, DELETE"
      last_response.headers["Access-Control-Allow-Headers"].must_equal "Authorization, Content-Type, Origin"
@@ -66,6 +68,30 @@ describe "Directories" do
        content["home/"].to_s.length.must_be :>=, 10
      end

+      context "for a different user" do
+        before do
+          auth = auth_bucket.new("alice:321")
+          auth.data = [":r", "documents:r", "tasks:rw"]
+          auth.store
+
+          header "Authorization", "Bearer 321"
+
+          put "/alice/tasks/homework", "write an essay"
+        end
+
+        it "does not list the directories of jimmy" do
+          get "/alice/tasks/"
+
+          last_response.status.must_equal 200
+
+          content = JSON.parse(last_response.body)
+          content.wont_include "/"
+          content.wont_include "tasks/"
+          content.wont_include "home/"
+          content.must_include "homework"
+        end
+      end
+
      context "sub-directories without objects" do
        it "lists the direct sub-directories" do
          put "/jimmy/tasks/private/projects/world-domination/start", "write a manifesto"
@@ -240,7 +266,6 @@ describe "Directories" do
  describe "DELETE file" do
    context "last file in directory" do
      before do
-        directory_bucket.delete("jimmy:tasks")
        put "/jimmy/tasks/home/trash", "take out the trash"
      end

--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -16,6 +16,7 @@ riak_config = YAML.load(config)[ENV['RACK_ENV']]['riak'].symbolize_keys
 set :riak_config, riak_config

 ::Riak.disable_list_keys_warnings = true
+::Riak.url_decoding = true

 def app
  LiquorCabinet