sharinfoo

Merge lp:~mattyw/sharinfoo/view-access-list into lp:sharinfoo

view-access-list
Merge into trunk

Proposed by Matthew Williams on 2014-01-08

Status:	Merged
Merged at revision:	11
Proposed branch:	lp:~mattyw/sharinfoo/view-access-list
Merge into:	lp:sharinfoo
Diff against target:	148 lines (+81/-1) 3 files modified README (+15/-0) cmd/shfoo/main.go (+35/-0) server.go (+31/-1)
To merge this branch:	bzr merge lp:~mattyw/sharinfoo/view-access-list
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Casey Marshall	2014-01-08	Needs Fixing on 2014-01-08
Cloud Engineering: Green Squad	2014-01-08	Pending
Review via email: mp+200835@code.launchpad.net

Commit message

Added support for listing the owners and readers of a file
Also added a readme

Description of the change

Added support for listing the owners and readers of a file

Revision history for this message

Casey Marshall (cmars) wrote on 2014-01-08:

I'm realizing now that we should be using POST for the metadata access rather than GET. GET is not typically used with encoded form values in the request. This will fix req.ParseForm and the req.Form.Get("meta") test for the access listing.

Reading the request body in FileServer.handle also breaks the content PUT, as the request Body can only be read once.

I would recommend the following changes:

1. Don't read req.Body in FileServer.handle(...). Get rid of the "meta=1" substring check.
2. In handleMetadata, process the request as an Access query if method == POST. PUT or DELETE should still dispatch to modifyOwner/modifyReader. Update the client accordingly.

review: Needs Fixing

Revision history for this message

Andrew W. Deane (andrew-w-deane) wrote on 2014-01-09:

You want to use POST to GET info out of the server? Whats the problem with
retrieving the encoded values on the server side?

On Wed, Jan 8, 2014 at 9:20 PM, Casey Marshall <<email address hidden>
> wrote:

> Review: Needs Fixing
>
> I'm realizing now that we should be using POST for the metadata access
> rather than GET. GET is not typically used with encoded form values in the
> request. This will fix req.ParseForm and the req.Form.Get("meta") test for
> the access listing.
>
> Reading the request body in FileServer.handle also breaks the content PUT,
> as the request Body can only be read once.
>
> I would recommend the following changes:
>
> 1. Don't read req.Body in FileServer.handle(...). Get rid of the "meta=1"
> substring check.
> 2. In handleMetadata, process the request as an Access query if method ==
> POST. PUT or DELETE should still dispatch to modifyOwner/modifyReader.
> Update the client accordingly.
> --
> https://code.launchpad.net/~mattyw/sharinfoo/view-access-list/+merge/200835
> Your team Cloud Engineering: Green Squad is requested to review the
> proposed merge of lp:~mattyw/sharinfoo/view-access-list into lp:sharinfoo.
>

lp:~mattyw/sharinfoo/view-access-list updated on 2014-01-09

9. By Matthew Williams on 2014-01-09: user query string in get instead of body
10. By Matthew Williams on 2014-01-09: use query instead of path
11. By Matthew Williams on 2014-01-09: proper way of parsing the query

Revision history for this message

Casey Marshall (cmars) wrote on 2014-01-09:

awd: you're absolutely correct, should be a GET. We don't need to send form data at all!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Casey Marshall

Matthew Williams

 === added file 'README'
 --- README	1970-01-01 00:00:00 +0000
 +++ README	2014-01-09 12:50:37 +0000
@@ -0,0 +1,15 @@
++Running the server:
++
++$ ./shfood
++
++Running the client:
++
++First log in to SSO: ./shfoo -login email@addr
++
++Put a file: cat content | ./shfoo -put /some/arbitrary/path
++
++Get the file: ./shfoo -get /some/arbitrary/path > content
++
++Delete the file: ./shfoo -delete /some/arbitrary/path
++
++Grant read-access (if you own the file): ./shfoo -share /some/file -with email@addr
 === modified file 'cmd/shfoo/main.go'
 --- cmd/shfoo/main.go	2014-01-02 18:21:18 +0000
 +++ cmd/shfoo/main.go	2014-01-09 12:50:37 +0000
@@ -39,6 +39,7 @@
  var share *string = flag.String("share", "", "Share read-access to content")
  var with *string = flag.String("with", "", "Share read-access with user")
  var addr *string = flag.String("http", "localhost:8080", "Remote sharinfoo address")
++var access *string = flag.String("access", "", "Get list of users with access to this path")
  func die(err error) {
  	log.Println(err)
@@ -167,6 +168,38 @@
  	return err
+ }
++func Access() error {
++	authString, err := loadAuth()
++	if err != nil {
++		return err
++	}
++	query := url.Values{}
++	query.Add("meta", "1")
++
++	u := url.URL{
++		Scheme:   "http",
++		Host:     *addr,
++		Path:     *access,
++		RawQuery: query.Encode(),
++	}
++	req, err := http.NewRequest("GET", u.String(), nil)
++	if err != nil {
++		return err
++	}
++	req.Header.Add("Authorization", authString)
++	resp, err := http.DefaultClient.Do(req)
++	if err != nil {
++		return err
++	}
++	if resp.StatusCode != 200 {
++		return fmt.Errorf(resp.Status)
++	}
++	_, err = io.Copy(os.Stdout, resp.Body)
++	fmt.Printf("\n")
++	return err
++	panic("no impl")
++}
++
  func Share() error {
  	authString, err := loadAuth()
  	if err != nil {
@@ -211,6 +244,8 @@
  		err = Get()
  	case *share != "" && *with != "":
  		err = Share()
++	case *access != "":
++		err = Access()
  	default:
  		err = fmt.Errorf("No action specified")
+ 	}
 === modified file 'server.go'
 --- server.go	2014-01-07 21:43:04 +0000
 +++ server.go	2014-01-09 12:50:37 +0000
@@ -17,10 +17,12 @@
  package sharinfoo
  import (
++	"encoding/json"
  	"fmt"
  	"io"
  	"log"
  	"net/http"
++	"net/url"
  	"os"
  	"strings"
+ )
@@ -51,8 +53,13 @@
+ }
  func (fs *FileServer) handle(w http.ResponseWriter, req *http.Request) {
++	query, err := url.ParseQuery(req.URL.RawQuery)
++	if err != nil {
++		respError(w, err)
++		return
++	}
  	req.ParseForm()
--	if req.Form.Get("meta") == "1" {
++	if req.Form.Get("meta") == "1" || query["meta"][0] == "1" {
  		fs.handleMetadata(w, req)
  	} else {
  		fs.handleContent(w, req)
@@ -194,6 +201,21 @@
  		w.WriteHeader(http.StatusOK)
  		return
+ 	}
++	if req.Method == "GET" {
++		readers, err := fs.listOwnersAndReaders(req.Method, path, user, meta)
++		if err != nil {
++			respError(w, err)
++			return
++		}
++		w.WriteHeader(http.StatusOK)
++		jsonOutput, err := json.Marshal(readers)
++		if err != nil {
++			w.Write([]byte(fmt.Sprintf("%+v\n", readers)))
++			return
++		}
++		w.Write(jsonOutput)
++		return
++	}
  	respError(w, fmt.Errorf("No such method supported"))
+ }
@@ -209,6 +231,14 @@
  	return fmt.Errorf("Unsupported method")
+ }
++func (fs *FileServer) listOwnersAndReaders(method, path, reader string, meta *SimpleMetadata) ([]map[string]bool, error) {
++	switch method {
++	case "GET":
++		return []map[string]bool{meta.Owners, meta.Readers}, nil
++	}
++	return []map[string]bool{}, fmt.Errorf("Unsupported method")
++}
++
  func (fs *FileServer) modifyReader(method, path, reader string, meta *SimpleMetadata) error {
  	switch method {
  	case "PUT":