nota-ja/suspendeds-in-cc-of-cf.md

## suspendeds-in-cc-of-cf.md

      
    Raw
  

              suspendeds-in-cc-of-cf.md
            
          
    List of "suspdended"s used in Cloud Controller (for Documentation)

Based on the HEAD of the master at 2016/09/16.
Spec


spec/unit/access/app_access_spec.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/spec/unit/access/app_access_spec.rb#L69

 45    context 'space developer' do
...
 69        it_behaves_like :read_only_access


spec/unit/access/organization_access_spec.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/spec/unit/access/organization_access_spec.rb#L61

 43    context 'a manager for the organization' do
...
 61        it_behaves_like :read_only_access


spec/unit/access/private_domain_access_spec.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/spec/unit/access/private_domain_access_spec.rb#L30

 24    context 'organization manager' do
...
 30        it_behaves_like :read_only_access


spec/unit/access/route_access_spec.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/spec/unit/access/route_access_spec.rb#L53

 47    context 'organization manager' do
...
 53        it_behaves_like :read_only_access


spec/unit/access/service_binding_access_spec.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/spec/unit/access/service_binding_access_spec.rb#L116-L119

105    context 'space developer' do
...
116        it { is_expected.to allow_op_on_object :read, object }
117        it { is_expected.not_to allow_op_on_object :read_for_update, object }
118        it { is_expected.not_to allow_op_on_object :update, object }
119        it { is_expected.to allow_op_on_object :index, object.class }


spec/unit/access/service_instance_access_spec.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/spec/unit/access/service_instance_access_spec.rb#L75-L77

 64    context 'space developer' do
...
 75        it_behaves_like :read_only_access do
 76          let(:object) { service_instance }
 77        end


spec/unit/access/service_key_access_spec.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/spec/unit/access/service_key_access_spec.rb#L86

 72    context 'space developer' do
...
 86        it_behaves_like :read_only_access


spec/unit/access/space_access_spec.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/spec/unit/access/space_access_spec.rb#L23

 17    context 'as an organization manager' do
...
 23        it_behaves_like :read_only_access


spec/unit/access/space_quota_definition_access_spec.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/spec/unit/access/space_quota_definition_access_spec.rb#L24

 17    context 'organization manager' do
...
 24        it_behaves_like :read_only_access


spec/unit/controllers/runtime/apps_controller_spec.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/spec/unit/controllers/runtime/apps_controller_spec.rb#L168-L169

   9      set_current_user(non_admin_user)
...
 168          post '/v2/apps', MultiJson.dump(initial_hash)
 169          expect(last_response.status).to eq(403)


spec/unit/lib/cloud_controller/membership_spec.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/spec/unit/lib/cloud_controller/membership_spec.rb#L312-L320

312          it 'returns false' do
313            result = membership.has_any_roles?([
314              Membership::ORG_MEMBER,
315              Membership::ORG_MANAGER,
316              Membership::ORG_AUDITOR,
317              Membership::ORG_BILLING_MANAGER],
318              nil, organization.guid)
319            expect(result).to be_falsey
320          end


REFERENCE: spec/support/shared_examples/access/access_levels.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/spec/support/shared_examples/access/access_levels.rb#L10-L18
10shared_examples :read_only_access do
11  it { is_expected.not_to allow_op_on_object :create, object }
12  it { is_expected.to allow_op_on_object :read, object }
13  it { is_expected.not_to allow_op_on_object :read_for_update, object }
14  # update only runs if read_for_update succeeds
15  it { is_expected.not_to allow_op_on_object :update, object }
16  it { is_expected.not_to allow_op_on_object :delete, object }
17  it { is_expected.to allow_op_on_object :index, object.class }
18end

Actual code

app/access/


app/access/app_access.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/app/access/app_access.rb#L3-L31

 3    def create?(app, params=nil)
 4      return true if admin_user?
 5      return false if app.in_suspended_org?
 6      app.space.has_developer?(context.user)
 7    end
 8
 9    def read_for_update?(app, params=nil)
10      return true if admin_user?
11      return false unless create?(app, params)
12      return true if params.nil?
13
14      if %w(instances memory disk_quota).any? { |k| params.key?(k) && params[k] != app.send(k.to_sym) }
15        FeatureFlag.raise_unless_enabled!(:app_scaling)
16      end
17
18      if !Config.config[:users_can_select_backend] && params.key?('diego') && params['diego'] != app.diego
19        raise CloudController::Errors::ApiError.new_from_details('BackendSelectionNotAuthorized')
20      end
21
22      true
23    end
24
25    def update?(app, params=nil)
26      create?(app, params)
27    end
28
29    def delete?(app)
30      create?(app)
31    end


app/access/private_domain_access.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/app/access/private_domain_access.rb#L3-L22

 3    def create?(private_domain, params=nil)
 4      return true if admin_user?
 5      return false unless update?(private_domain, params)
 6      FeatureFlag.raise_unless_enabled!(:private_domain_creation)
 7      true
 8    end
 9
10    def read_for_update?(private_domain, params=nil)
11      update?(private_domain)
12    end
13
14    def update?(private_domain, params=nil)
15      return true if admin_user?
16      return false if private_domain.in_suspended_org?
17      private_domain.owning_organization.managers.include?(context.user)
18    end
19
20    def delete?(private_domain)
21      update?(private_domain)
22    end


app/access/route_access.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/app/access/route_access.rb#L3-L24

 3    def create?(route, params=nil)
 4      return true if admin_user?
 5      return false if route.in_suspended_org?
 6      return false if route.host == '*' && route.domain.shared?
 7      FeatureFlag.raise_unless_enabled!(:route_creation)
 8      route.space.has_developer?(context.user)
 9    end
10
11    def read_for_update?(route, params=nil)
12      update?(route, params)
13    end
14
15    def update?(route, params=nil)
16      return true if admin_user?
17      return false if route.in_suspended_org?
18      return false if route.host == '*' && route.domain.shared?
19      route.space.has_developer?(context.user)
20    end
21
22    def delete?(route)
23      update?(route)
24    end


app/access/route_binding_access.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/app/access/route_binding_access.rb#L3-L11

 3    def create?(service_binding, params=nil)
 4      return true if admin_user?
 5      return false if service_binding.in_suspended_org?
 6      service_binding.space.has_developer?(context.user)
 7    end
 8
 9    def delete?(service_binding)
10      create?(service_binding)
11    end


app/access/route_mapping_access.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/app/access/route_mapping_access.rb#L3-L19

 3    def create?(route_mapping, params=nil)
 4      return true if admin_user?
 5      return false if route_mapping.route.in_suspended_org?
 6      route_mapping.route.space.has_developer?(context.user)
 7    end
 8
 9    def read_for_update?(route_mapping, params=nil)
10      create?(route_mapping)
11    end
12
13    def update?(route_mapping, params=nil)
14      read_for_update?(route_mapping, params)
15    end
16
17    def delete?(route_mapping)
18      create?(route_mapping)
19    end


app/access/service_instance_access.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/app/access/service_instance_access.rb#L3-L24

 3    def create?(service_instance, params=nil)
 4      return true if admin_user?
 5      FeatureFlag.raise_unless_enabled!(:service_instance_creation)
 6      return false if service_instance.in_suspended_org?
 7      service_instance.space.has_developer?(context.user) && allowed?(service_instance)
 8    end
 9
10    def read_for_update?(service_instance, params=nil)
11      return true if admin_user?
12      return false if service_instance.in_suspended_org?
13      service_instance.space.has_developer?(context.user)
14    end
15
16    def update?(service_instance, params=nil)
17      read_for_update?(service_instance, params) && allowed?(service_instance)
18    end
19
20    def delete?(service_instance)
21      return true if admin_user?
22      return false if service_instance.in_suspended_org?
23      service_instance.space.has_developer?(context.user)
24    end


app/access/service_key_access.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/app/access/service_key_access.rb#L3-L16

 3    def create?(service_key, params=nil)
 4      return true if admin_user?
 5      return false if service_key.in_suspended_org?
 6      service_key.service_instance.space.has_developer?(context.user)
 7    end
 8
 9    def delete?(service_key)
10      create?(service_key)
11    end
12
13    def read?(service_key)
14      return true if admin_user? || admin_read_only_user?
15      service_key.service_instance.space.has_developer?(context.user)
16    end


app/access/space_access.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/app/access/space_access.rb#L3-L26

 3    def create?(space, params=nil)
 4      return true if admin_user?
 5      return false if space.in_suspended_org?
 6      space.organization.managers.include?(context.user)
 7    end
 8
 9    def can_remove_related_object?(space, params)
10      return true if admin_user?
11      user_acting_on_themselves?(params) || super
12    end
13
14    def read_for_update?(space, params=nil)
15      return true if admin_user?
16      return false if space.in_suspended_org?
17      space.organization.managers.include?(context.user) || space.managers.include?(context.user)
18    end
19
20    def update?(space, params=nil)
21      read_for_update?(space, params)
22    end
23
24    def delete?(space)
25      create?(space)
26    end


app/access/space_quota_definition_access.rb

https://github.com/cloudfoundry/cloud_controller_ng/blob/46323a013e29b8717ef17ce1a0245d29d14eb7c8/app/access/space_quota_definition_access.rb#L3-L19

 2  class SpaceQuotaDefinitionAccess < BaseAccess
 3    def create?(space_quota_definition, params=nil)
 4      return true if admin_user?
 5      return false if space_quota_definition.organization.suspended?
 6      space_quota_definition.organization.managers.include?(context.user)
 7    end
 8
 9    def read_for_update?(space_quota_definition, params=nil)
10      create?(space_quota_definition)
11    end
12
13    def update?(space_quota_definition, params=nil)
14      create?(space_quota_definition)
15    end
16
17    def delete?(space_quota_definition, params=nil)
18      create?(space_quota_definition)
19    end