Merge pull request #50 from cschwede/master

Add request.environ[reseller_request] = True if request is coming from an user in .reseller_admin group
2013-04-05 07:54:52 -07:00 · 2013-04-05 07:54:52 -07:00 · ead78c7bfe
commit ead78c7bfe
parent 35fff4d4ef c1462121dd
2 changed files with 11 additions and 0 deletions
--- a/swauth/middleware.py
+++ b/swauth/middleware.py
@ -210,6 +210,8 @@ class Swauth(object):
                    '%s,%s' % (user, 's3' if s3 else token)
                env['swift.authorize'] = self.authorize
                env['swift.clean_acl'] = clean_acl
+                if '.reseller_admin' in groups:
+                    env['reseller_request'] = True
            else:
                # Unauthorized token
                if self.reseller_prefix and token and \
--- a/test_swauth/unit/test_middleware.py
+++ b/test_swauth/unit/test_middleware.py
@ -471,6 +471,15 @@ class TestAuth(unittest.TestCase):
        req.acl = '.r:.example.com,.rlistings'
        self.assertEquals(self.test_auth.authorize(req), None)

+    def test_detect_reseller_request(self):
+        req = self._make_request('/v1/AUTH_admin', 
+                                 headers={'X-Auth-Token': 'AUTH_t'})
+        cache_key = 'AUTH_/auth/AUTH_t'
+        cache_entry = (time()+3600, '.reseller_admin')
+        req.environ['swift.cache'].set(cache_key, cache_entry)
+        resp = req.get_response(self.test_auth)
+        self.assertTrue(req.environ.get('reseller_request'))
+
    def test_account_put_permissions(self):
        req = Request.blank('/v1/AUTH_new', environ={'REQUEST_METHOD': 'PUT'})
        req.remote_user = 'act:usr,act'