From 9e81c4828da0c85f9562bf5d8b6442e82ee37079 Mon Sep 17 00:00:00 2001
From: Garret Alfert <alfert@wevelop.de>
Date: Tue, 25 Sep 2012 17:34:40 +0200
Subject: [PATCH] All data under /public is always readable

---
 lib/remote_storage/riak.rb |  2 +-
 spec/permissions_spec.rb   | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/remote_storage/riak.rb b/lib/remote_storage/riak.rb
index f3222b1..5925fd7 100644
--- a/lib/remote_storage/riak.rb
+++ b/lib/remote_storage/riak.rb
@@ -14,7 +14,7 @@ module RemoteStorage
 
     def authorize_request(user, category, token)
       request_method = env["REQUEST_METHOD"]
-      return true if category == "public" && request_method == "GET"
+      return true if category.split("/").first == "public" && request_method == "GET"
 
       authorizations = client.bucket("authorizations").get("#{user}:#{token}").data
       permission = category_permission(authorizations, category)
diff --git a/spec/permissions_spec.rb b/spec/permissions_spec.rb
index a8d370e..3a93860 100644
--- a/spec/permissions_spec.rb
+++ b/spec/permissions_spec.rb
@@ -27,10 +27,16 @@ describe "Permissions" do
         object.content_type = "text/plain"
         object.data = "some text data"
         object.store
+
+        object = data_bucket.new("jimmy:public/documents:foo")
+        object.content_type = "text/plain"
+        object.data = "some text data"
+        object.store
       end
 
       after do
         data_bucket.delete("jimmy:public:foo")
+        data_bucket.delete("jimmy:public/documents:foo")
       end
 
       it "returns the value on all get requests" do
@@ -41,6 +47,13 @@ describe "Permissions" do
 
         last_response.headers["Last-Modified"].wont_be_nil
       end
+
+      it "returns the value from a sub-directory" do
+        get "/jimmy/public/documents/foo"
+
+        last_response.status.must_equal 200
+        last_response.body.must_equal "some text data"
+      end
     end
   end