From e88aa0da5dad2c24984686bc4cef375f9884d3d7 Mon Sep 17 00:00:00 2001
From: Ina Panova <ipanova@redhat.com>
Date: Mon, 27 Apr 2015 11:24:27 +0200
Subject: [PATCH] Consumer/consumer_group content management should have
 'execute' permission and not 'create'

closes #825
Same for consumer.
---
 .../dev-guide/integration/rest-api/consumer/content.rst |  6 +++---
 .../integration/rest-api/consumer/group/content.rst     |  6 +++---
 server/pulp/server/webservices/views/consumer_groups.py |  2 +-
 server/pulp/server/webservices/views/consumers.py       |  2 +-
 .../server/webservices/views/test_consumer_groups.py    |  8 ++++----
 .../unit/server/webservices/views/test_consumers.py     | 17 +++++++++--------
 6 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/docs/dev-guide/integration/rest-api/consumer/content.rst b/docs/dev-guide/integration/rest-api/consumer/content.rst
index 1c97a53..45cd496 100644
--- a/docs/dev-guide/integration/rest-api/consumer/content.rst
+++ b/docs/dev-guide/integration/rest-api/consumer/content.rst
@@ -21,7 +21,7 @@ performs the operation.
 
 | :method:`post`
 | :path:`/v2/consumers/<consumer_id>/actions/content/install/`
-| :permission:`create`
+| :permission:`execute`
 | :param_list:`post`
 
 * :param:`units,array,array of content units to install`
@@ -73,7 +73,7 @@ performs the operation.
 
 | :method:`post`
 | :path:`/v2/consumers/<consumer_id>/actions/content/update/`
-| :permission:`create`
+| :permission:`execute`
 | :param_list:`post`
 
 * :param:`units,array,array of content units to update`
@@ -122,7 +122,7 @@ performs the operation.
 
 | :method:`post`
 | :path:`/v2/consumers/<consumer_id>/actions/content/uninstall/`
-| :permission:`create`
+| :permission:`execute`
 | :param_list:`post`
 
 * :param:`units,array,array of content units to uninstall`
diff --git a/docs/dev-guide/integration/rest-api/consumer/group/content.rst b/docs/dev-guide/integration/rest-api/consumer/group/content.rst
index 29e0eed..bf377b0 100644
--- a/docs/dev-guide/integration/rest-api/consumer/group/content.rst
+++ b/docs/dev-guide/integration/rest-api/consumer/group/content.rst
@@ -21,7 +21,7 @@ content are handler specific.  The options drive how the handler performs the op
 
 | :method:`post`
 | :path:`/v2/consumer_groups/<group_id>/actions/content/install/`
-| :permission:`create`
+| :permission:`execute`
 | :param_list:`post`
 
 * :param:`units,array,array of content units to install`
@@ -72,7 +72,7 @@ content are handler specific.  The options drive how the handler performs the op
 
 | :method:`post`
 | :path:`/v2/consumer_groups/<group_id>/actions/content/update/`
-| :permission:`create`
+| :permission:`execute`
 | :param_list:`post`
 
 * :param:`units,array,array of content units to update`
@@ -125,7 +125,7 @@ content are handler specific.  The options drive how the handler performs the op
 
 | :method:`post`
 | :path:`/v2/consumer_groups/<group_id>/actions/content/uninstall/`
-| :permission:`create`
+| :permission:`execute`
 | :param_list:`post`
 
 * :param:`units,array,array of content units to uninstall`
diff --git a/server/pulp/server/webservices/views/consumer_groups.py b/server/pulp/server/webservices/views/consumer_groups.py
index e2b1020..714ec2b 100644
--- a/server/pulp/server/webservices/views/consumer_groups.py
+++ b/server/pulp/server/webservices/views/consumer_groups.py
@@ -199,7 +199,7 @@ class ConsumerGroupContentActionView(View):
     Views for content manipulation on consumer group.
     """
 
-    @auth_required(authorization.CREATE)
+    @auth_required(authorization.EXECUTE)
     @json_body_allow_empty
     def post(self, request, consumer_group_id, action):
         """
diff --git a/server/pulp/server/webservices/views/consumers.py b/server/pulp/server/webservices/views/consumers.py
index 6f245a6..9c3ad0e 100644
--- a/server/pulp/server/webservices/views/consumers.py
+++ b/server/pulp/server/webservices/views/consumers.py
@@ -363,7 +363,7 @@ class ConsumerContentActionView(View):
     Views for content manipulation on the consumer.
     """
 
-    @auth_required(authorization.CREATE)
+    @auth_required(authorization.EXECUTE)
     @json_body_required
     def post(self, request, consumer_id, action):
         """
diff --git a/server/test/unit/server/webservices/views/test_consumer_groups.py b/server/test/unit/server/webservices/views/test_consumer_groups.py
index 664dff9..c795517 100644
--- a/server/test/unit/server/webservices/views/test_consumer_groups.py
+++ b/server/test/unit/server/webservices/views/test_consumer_groups.py
@@ -439,7 +439,7 @@ class TestConsumerGroupContentActionView(unittest.TestCase):
     """
 
     @mock.patch('pulp.server.webservices.controllers.decorators._verify_auth',
-                new=assert_auth_CREATE())
+                new=assert_auth_EXECUTE())
     def test_consumer_group_bad_request_content(self):
         """
         Test consumer group invalid content action.
@@ -452,7 +452,7 @@ class TestConsumerGroupContentActionView(unittest.TestCase):
         self.assertEqual(response.status_code, 400)
 
     @mock.patch('pulp.server.webservices.controllers.decorators._verify_auth',
-                new=assert_auth_CREATE())
+                new=assert_auth_EXECUTE())
     @mock.patch('pulp.server.webservices.views.consumer_groups.factory')
     def test_consumer_group_content_install(self, mock_factory):
         """
@@ -468,7 +468,7 @@ class TestConsumerGroupContentActionView(unittest.TestCase):
             'my-group', [], {})
 
     @mock.patch('pulp.server.webservices.controllers.decorators._verify_auth',
-                new=assert_auth_CREATE())
+                new=assert_auth_EXECUTE())
     @mock.patch('pulp.server.webservices.views.consumer_groups.factory')
     def test_consumer_group_content_update(self, mock_factory):
         """
@@ -484,7 +484,7 @@ class TestConsumerGroupContentActionView(unittest.TestCase):
             'my-group', [], {})
 
     @mock.patch('pulp.server.webservices.controllers.decorators._verify_auth',
-                new=assert_auth_CREATE())
+                new=assert_auth_EXECUTE())
     @mock.patch('pulp.server.webservices.views.consumer_groups.factory')
     def test_consumer_group_content_uninstall(self, mock_factory):
         """
diff --git a/server/test/unit/server/webservices/views/test_consumers.py b/server/test/unit/server/webservices/views/test_consumers.py
index 26feadc..05c36cd 100644
--- a/server/test/unit/server/webservices/views/test_consumers.py
+++ b/server/test/unit/server/webservices/views/test_consumers.py
@@ -4,7 +4,8 @@ import unittest
 import mock
 from django.http import HttpResponseBadRequest
 
-from base import assert_auth_CREATE, assert_auth_DELETE, assert_auth_READ, assert_auth_UPDATE
+from base import (assert_auth_CREATE, assert_auth_DELETE, assert_auth_EXECUTE, assert_auth_READ,
+                  assert_auth_UPDATE)
 from pulp.server.exceptions import (InvalidValue, MissingResource, MissingValue,
                                     OperationPostponed, UnsupportedValue)
 from pulp.server.webservices.views import consumers
@@ -704,7 +705,7 @@ class TestConsumerContentActionView(unittest.TestCase):
     """
 
     @mock.patch('pulp.server.webservices.controllers.decorators._verify_auth',
-                new=assert_auth_CREATE())
+                new=assert_auth_EXECUTE())
     def test_consumer_bad_request_content(self):
         """
         Test consumer invalid content action.
@@ -717,7 +718,7 @@ class TestConsumerContentActionView(unittest.TestCase):
         self.assertEqual(response.status_code, 400)
 
     @mock.patch('pulp.server.webservices.controllers.decorators._verify_auth',
-                new=assert_auth_CREATE())
+                new=assert_auth_EXECUTE())
     @mock.patch('pulp.server.webservices.views.consumers.factory.consumer_manager')
     def test_consumer_content_install_missing_cons(self, mock_consumer):
         """
@@ -737,7 +738,7 @@ class TestConsumerContentActionView(unittest.TestCase):
         self.assertEqual(response.error_data['resources'], {'consumer_id': 'my-consumer'})
 
     @mock.patch('pulp.server.webservices.controllers.decorators._verify_auth',
-                new=assert_auth_CREATE())
+                new=assert_auth_EXECUTE())
     @mock.patch('pulp.server.webservices.views.consumers.factory.consumer_manager')
     def test_consumer_content_install_missing_units(self, mock_consumer):
         """
@@ -757,7 +758,7 @@ class TestConsumerContentActionView(unittest.TestCase):
         self.assertEqual(response.error_data['property_names'], ['units'])
 
     @mock.patch('pulp.server.webservices.controllers.decorators._verify_auth',
-                new=assert_auth_CREATE())
+                new=assert_auth_EXECUTE())
     @mock.patch('pulp.server.webservices.views.consumers.factory.consumer_manager')
     def test_consumer_content_install_missing_options(self, mock_consumer):
         """
@@ -777,7 +778,7 @@ class TestConsumerContentActionView(unittest.TestCase):
         self.assertEqual(response.error_data['property_names'], ['options'])
 
     @mock.patch('pulp.server.webservices.controllers.decorators._verify_auth',
-                new=assert_auth_CREATE())
+                new=assert_auth_EXECUTE())
     @mock.patch('pulp.server.webservices.views.consumers.factory.consumer_manager')
     @mock.patch('pulp.server.webservices.views.consumers.factory.consumer_agent_manager')
     def test_consumer_content_install(self, mock_factory, mock_consumer):
@@ -795,7 +796,7 @@ class TestConsumerContentActionView(unittest.TestCase):
             'my-consumer', [], {})
 
     @mock.patch('pulp.server.webservices.controllers.decorators._verify_auth',
-                new=assert_auth_CREATE())
+                new=assert_auth_EXECUTE())
     @mock.patch('pulp.server.webservices.views.consumers.factory.consumer_manager')
     @mock.patch('pulp.server.webservices.views.consumers.factory.consumer_agent_manager')
     def test_consumer_content_update(self, mock_factory, mock_consumer):
@@ -813,7 +814,7 @@ class TestConsumerContentActionView(unittest.TestCase):
             'my-consumer', [], {})
 
     @mock.patch('pulp.server.webservices.controllers.decorators._verify_auth',
-                new=assert_auth_CREATE())
+                new=assert_auth_EXECUTE())
     @mock.patch('pulp.server.webservices.views.consumers.factory.consumer_manager')
     @mock.patch('pulp.server.webservices.views.consumers.factory.consumer_agent_manager')
     def test_consumer_content_uninstall(self, mock_factory, mock_consumer):
-- 
1.9.3