From 0ec22953dfab0ee0271144318251ee34e8e6623c Mon Sep 17 00:00:00 2001
From: Michael Desa <mjdesa@gmail.com>
Date: Wed, 9 Jan 2019 11:43:58 -0500
Subject: [PATCH] fix(testing:bolt:inmem): add org admin permissions during
 onboarding generate

---
 bolt/onboarding.go      |  9 +++++++++
 bolt/onboarding_test.go |  2 +-
 inmem/onboarding.go     | 15 ++++++++++++++-
 testing/onboarding.go   | 18 +++++++++++++++++-
 4 files changed, 41 insertions(+), 3 deletions(-)

diff --git a/bolt/onboarding.go b/bolt/onboarding.go
index 737e0c88e9..cb5d2e0d8b 100644
--- a/bolt/onboarding.go
+++ b/bolt/onboarding.go
@@ -120,6 +120,15 @@ func (c *Client) Generate(ctx context.Context, req *platform.OnboardingRequest)
 
 	perms := platform.OperPermissions()
 	perms = append(perms, platform.OrgAdminPermissions(o.ID)...)
+	writeBucketPerm, err := platform.NewPermissionAtID(bucket.ID, platform.WriteAction, platform.BucketsResource)
+	if err != nil {
+		return nil, err
+	}
+	readBucketPerm, err := platform.NewPermissionAtID(bucket.ID, platform.ReadAction, platform.BucketsResource)
+	if err != nil {
+		return nil, err
+	}
+	perms = append(perms, *writeBucketPerm, *readBucketPerm)
 
 	auth := &platform.Authorization{
 		UserID:      u.ID,
diff --git a/bolt/onboarding_test.go b/bolt/onboarding_test.go
index 9bcc21a9b0..0142c9a6b1 100644
--- a/bolt/onboarding_test.go
+++ b/bolt/onboarding_test.go
@@ -28,6 +28,6 @@ func initOnboardingService(f platformtesting.OnboardingFields, t *testing.T) (pl
 	}
 }
 
-func TestGenerate(t *testing.T) {
+func TestOnboardingService_Generate(t *testing.T) {
 	platformtesting.Generate(initOnboardingService, t)
 }
diff --git a/inmem/onboarding.go b/inmem/onboarding.go
index aebcea745f..c174f57e36 100644
--- a/inmem/onboarding.go
+++ b/inmem/onboarding.go
@@ -92,11 +92,24 @@ func (s *Service) Generate(ctx context.Context, req *platform.OnboardingRequest)
 	if err = s.CreateBucket(ctx, bucket); err != nil {
 		return nil, err
 	}
+
+	perms := platform.OperPermissions()
+	perms = append(perms, platform.OrgAdminPermissions(o.ID)...)
+	writeBucketPerm, err := platform.NewPermissionAtID(bucket.ID, platform.WriteAction, platform.BucketsResource)
+	if err != nil {
+		return nil, err
+	}
+	readBucketPerm, err := platform.NewPermissionAtID(bucket.ID, platform.ReadAction, platform.BucketsResource)
+	if err != nil {
+		return nil, err
+	}
+	perms = append(perms, *writeBucketPerm, *readBucketPerm)
+
 	auth := &platform.Authorization{
 		UserID:      u.ID,
 		Description: fmt.Sprintf("%s's Token", u.Name),
 		OrgID:       o.ID,
-		Permissions: platform.OperPermissions(),
+		Permissions: perms,
 	}
 	if err = s.CreateAuthorization(ctx, auth); err != nil {
 		return nil, err
diff --git a/testing/onboarding.go b/testing/onboarding.go
index fa6942fb55..a9f0cc802f 100644
--- a/testing/onboarding.go
+++ b/testing/onboarding.go
@@ -170,7 +170,7 @@ func Generate(
 						UserID:      MustIDBase16(oneID),
 						Description: "admin's Token",
 						OrgID:       MustIDBase16(twoID),
-						Permissions: platform.OperPermissions(),
+						Permissions: mustGeneratePermissions(MustIDBase16(twoID), MustIDBase16(threeID)),
 					},
 				},
 			},
@@ -203,6 +203,22 @@ func Generate(
 
 }
 
+func mustGeneratePermissions(orgID, bucketID platform.ID) []platform.Permission {
+	perms := platform.OperPermissions()
+	perms = append(perms, platform.OrgAdminPermissions(orgID)...)
+	writeBucketPerm, err := platform.NewPermissionAtID(bucketID, platform.WriteAction, platform.BucketsResource)
+	if err != nil {
+		panic(err)
+	}
+	readBucketPerm, err := platform.NewPermissionAtID(bucketID, platform.ReadAction, platform.BucketsResource)
+	if err != nil {
+		panic(err)
+	}
+	perms = append(perms, *writeBucketPerm, *readBucketPerm)
+
+	return perms
+}
+
 const (
 	oneID    = "020f755c3c082000"
 	twoID    = "020f755c3c082001"