Added a users#list method with tests to allow admins to get a list of all users on the system and their apps. Added some code to application controller to log system exceptions that occur in cloud_controller. Added tests for users#delete to ensure appropriate access controls are in place.

Change-Id: I4c1ae68c7588efa1d1f9e44874e4c46a4e54974f
2011-05-22 02:33:00 -04:00 · 2011-05-22 02:33:00 -04:00 · d6f38036d0
--- a/cloud_controller/app/controllers/application_controller.rb
+++ b/cloud_controller/app/controllers/application_controller.rb
@ -134,6 +134,12 @@ class ApplicationController < ActionController::Base
  end

  def handle_general_exception(e)
+    begin
+      logger.error "Exception Caught (#{e.class.name}): #{e.to_s}"
+      logger.error "  #{e.backtrace.join("\n  ")}"
+    rescue
+      # Do nothing
+    end
    render_cloud_error CloudError.new(CloudError::SYSTEM_ERROR)
  end

--- a/cloud_controller/app/controllers/users_controller.rb
+++ b/cloud_controller/app/controllers/users_controller.rb
@ -2,7 +2,7 @@ class UsersController < ApplicationController
  before_filter :enforce_registration_policy, :only => :create
  before_filter :grab_event_user
  before_filter :require_user, :except => :create
-  before_filter :require_admin, :only => :delete
+  before_filter :require_admin, :only => [:delete, :list]

  def create
    user = ::User.new :email => body_params[:email]
@ -48,9 +48,22 @@ class UsersController < ApplicationController
    render :json => { :email => user.email }
  end

+  def list
+    user_list = User.includes(:apps_owned).all.map do |target_user|
+      user_hash = {:email => target_user.email, :admin => target_user.admin?}
+
+      # In the future, more application data could be included here. Keeping it to a minimum for performance
+      # in large scale environments. All keys used here should match corresponding keys in App#to_json
+      user_hash[:apps] = target_user.apps_owned.map {|app| {:name => app.name, :state => app.state}}
+      user_hash
+    end
+
+    render :json => user_list
+  end
+
  protected
  def grab_event_user
-    @event_args = [ params['email'] || body_params[:email] ]
+    @event_args = [ params['email'] || (body_params.nil? ? '' : body_params[:email]) ]
  end

  def enforce_registration_policy
--- a/cloud_controller/config/routes.rb
+++ b/cloud_controller/config/routes.rb
@ -4,6 +4,7 @@
 CloudController::Application.routes.draw do
  get    'info'                      => 'default#info',         :as => :cloud_info
  get    'info/services'             => 'default#service_info', :as => :cloud_service_info
+  get    'users'                     => 'users#list',           :as => :list_users
  post   'users'                     => 'users#create',         :as => :create_user
  get    'users/*email'              => 'users#info',           :as => :user_info
  delete 'users/*email'              => 'users#delete',         :as => :delete_user
--- a/cloud_controller/spec/controllers/users_controller_spec.rb
+++ b/cloud_controller/spec/controllers/users_controller_spec.rb
@ -0,0 +1,50 @@
+require 'spec_helper'
+
+describe UsersController do
+  before :each do
+    build_admin_and_user
+    @user_headers = headers_for(@user.email, nil)
+    @admin_headers = headers_for(@admin.email, nil)
+    request.env["HTTP_AUTHORIZATION"] = ""
+  end
+
+  describe "#list" do
+    it 'should return 200 as an admin' do
+      @admin.admin?.should be_true
+      @admin_headers.each {|key, value| request.env[key] = value}
+      get :list
+      response.status.should == 200
+    end
+
+    it 'should return 403 as a user' do
+      @user_headers.each {|key, value| request.env[key] = value}
+      get :list
+      response.status.should == 403
+    end
+
+    it 'should return 403 without authentication' do
+      get :list
+      response.status.should == 403
+    end
+  end
+
+  describe "#delete" do
+    it 'should return 204 as an admin' do
+      @admin.admin?.should be_true
+      @admin_headers.each {|key, value| request.env[key] = value}
+      delete :delete, {:email => @user.email}
+      response.status.should == 204
+    end
+
+    it 'should return 403 as a user' do
+      @user_headers.each {|key, value| request.env[key] = value}
+      delete :delete, {:email => @user.email}
+      response.status.should == 403
+    end
+
+    it 'should return 403 without authentication' do
+      delete :delete, {:email => @user.email}
+      response.status.should == 403
+    end
+  end
+end