All data under /public is always readable

lib/remote_storage/riak.rb

@@ -14,7 +14,7 @@ module RemoteStorage
 
     def authorize_request(user, category, token)
       request_method = env["REQUEST_METHOD"]
-      return true if category == "public" && request_method == "GET"
+      return true if category.split("/").first == "public" && request_method == "GET"
 
       authorizations = client.bucket("authorizations").get("#{user}:#{token}").data
       permission = category_permission(authorizations, category)

spec/permissions_spec.rb

@@ -27,10 +27,16 @@ describe "Permissions" do
         object.content_type = "text/plain"
         object.data = "some text data"
         object.store
+
+        object = data_bucket.new("jimmy:public/documents:foo")
+        object.content_type = "text/plain"
+        object.data = "some text data"
+        object.store
       end
 
       after do
         data_bucket.delete("jimmy:public:foo")
+        data_bucket.delete("jimmy:public/documents:foo")
       end
 
       it "returns the value on all get requests" do
@@ -41,6 +47,13 @@ describe "Permissions" do
 
         last_response.headers["Last-Modified"].wont_be_nil
       end
+
+      it "returns the value from a sub-directory" do
+        get "/jimmy/public/documents/foo"
+
+        last_response.status.must_equal 200
+        last_response.body.must_equal "some text data"
+      end
     end
   end