All data under /public is always readable

2012-09-25 17:34:40 +02:00 · 2012-09-25 17:34:40 +02:00 · 9e81c4828d
commit 9e81c4828d
parent af28ec44c8
2 changed files with 14 additions and 1 deletions
--- a/lib/remote_storage/riak.rb
+++ b/lib/remote_storage/riak.rb
@ -14,7 +14,7 @@ module RemoteStorage

    def authorize_request(user, category, token)
      request_method = env["REQUEST_METHOD"]
-      return true if category == "public" && request_method == "GET"
+      return true if category.split("/").first == "public" && request_method == "GET"

      authorizations = client.bucket("authorizations").get("#{user}:#{token}").data
      permission = category_permission(authorizations, category)
--- a/spec/permissions_spec.rb
+++ b/spec/permissions_spec.rb
@ -27,10 +27,16 @@ describe "Permissions" do
        object.content_type = "text/plain"
        object.data = "some text data"
        object.store
+
+        object = data_bucket.new("jimmy:public/documents:foo")
+        object.content_type = "text/plain"
+        object.data = "some text data"
+        object.store
      end

      after do
        data_bucket.delete("jimmy:public:foo")
+        data_bucket.delete("jimmy:public/documents:foo")
      end

      it "returns the value on all get requests" do
@ -41,6 +47,13 @@ describe "Permissions" do

        last_response.headers["Last-Modified"].wont_be_nil
      end
+
+      it "returns the value from a sub-directory" do
+        get "/jimmy/public/documents/foo"
+
+        last_response.status.must_equal 200
+        last_response.body.must_equal "some text data"
+      end
    end
  end