From 0608f60be59183de294b283677fbc24b7a0cbfb2 Mon Sep 17 00:00:00 2001
From: Beth Skurrie <beth@bethesque.com>
Date: Thu, 9 Jun 2022 16:37:31 +1000
Subject: [PATCH] chore: add put_can_create? method to base resource

---
 lib/pact_broker/api/resources/base_resource.rb  | 6 ++++++
 lib/pact_broker/api/resources/branch_version.rb | 4 ++++
 lib/pact_broker/api/resources/environment.rb    | 4 ++++
 lib/pact_broker/api/resources/label.rb          | 4 ++++
 lib/pact_broker/api/resources/pact.rb           | 4 ++++
 lib/pact_broker/api/resources/pacticipant.rb    | 5 +++++
 lib/pact_broker/api/resources/tag.rb            | 4 ++++
 lib/pact_broker/api/resources/version.rb        | 4 ++++
 lib/pact_broker/api/resources/webhook.rb        | 4 ++++
 9 files changed, 39 insertions(+)

diff --git a/lib/pact_broker/api/resources/base_resource.rb b/lib/pact_broker/api/resources/base_resource.rb
index 080bb7f2a..29e843237 100644
--- a/lib/pact_broker/api/resources/base_resource.rb
+++ b/lib/pact_broker/api/resources/base_resource.rb
@@ -313,6 +313,12 @@ def content_type_is_json_but_invalid_json_provided?
         def content_type_json?
           request.content_type&.include?("json")
         end
+
+        # Not a Webmachine method. This is used by security policy code to identify whether
+        # a PUT to a non existing resource can create a new object.
+        def put_can_create?
+          false
+        end
       end
     end
   end
diff --git a/lib/pact_broker/api/resources/branch_version.rb b/lib/pact_broker/api/resources/branch_version.rb
index b9442c217..4e16640a1 100644
--- a/lib/pact_broker/api/resources/branch_version.rb
+++ b/lib/pact_broker/api/resources/branch_version.rb
@@ -17,6 +17,10 @@ def allowed_methods
           ["GET", "PUT", "DELETE", "OPTIONS"]
         end
 
+        def put_can_create?
+          true
+        end
+
         def resource_exists?
           !!branch_version
         end
diff --git a/lib/pact_broker/api/resources/environment.rb b/lib/pact_broker/api/resources/environment.rb
index 3cfbf3c95..c7e334286 100644
--- a/lib/pact_broker/api/resources/environment.rb
+++ b/lib/pact_broker/api/resources/environment.rb
@@ -17,6 +17,10 @@ def allowed_methods
           ["GET", "PUT", "DELETE", "OPTIONS"]
         end
 
+        def put_can_create?
+          false
+        end
+
         def resource_exists?
           !!environment
         end
diff --git a/lib/pact_broker/api/resources/label.rb b/lib/pact_broker/api/resources/label.rb
index f4b93a943..5e9ff5aed 100644
--- a/lib/pact_broker/api/resources/label.rb
+++ b/lib/pact_broker/api/resources/label.rb
@@ -17,6 +17,10 @@ def allowed_methods
           ["GET", "PUT", "DELETE", "OPTIONS"]
         end
 
+        def put_can_create?
+          true
+        end
+
         def from_json
           unless label
             @label = label_service.create(identifier_from_path)
diff --git a/lib/pact_broker/api/resources/pact.rb b/lib/pact_broker/api/resources/pact.rb
index 212068156..8b3c13f0b 100644
--- a/lib/pact_broker/api/resources/pact.rb
+++ b/lib/pact_broker/api/resources/pact.rb
@@ -36,6 +36,10 @@ def allowed_methods
           ["GET", "PUT", "DELETE", "PATCH", "OPTIONS"]
         end
 
+        def put_can_create?
+          true
+        end
+
         def is_conflict?
           merge_conflict = request.patch? && resource_exists? && Pacts::Merger.conflict?(pact.json_content, pact_params.json_content)
 
diff --git a/lib/pact_broker/api/resources/pacticipant.rb b/lib/pact_broker/api/resources/pacticipant.rb
index 4045a4d28..b03b5bfcd 100644
--- a/lib/pact_broker/api/resources/pacticipant.rb
+++ b/lib/pact_broker/api/resources/pacticipant.rb
@@ -21,6 +21,10 @@ def allowed_methods
           ["GET", "PUT", "PATCH", "DELETE", "OPTIONS"]
         end
 
+        def put_can_create?
+          false
+        end
+
         def known_methods
           super + ["PATCH"]
         end
@@ -29,6 +33,7 @@ def malformed_request?
           super || ((request.patch? || request.really_put?) && validation_errors_for_schema?)
         end
 
+        # PUT or PATCH with content-type application/json
         def from_json
           if pacticipant
             @pacticipant = update_existing_pacticipant
diff --git a/lib/pact_broker/api/resources/tag.rb b/lib/pact_broker/api/resources/tag.rb
index e4a4c3ac7..923d2b0b4 100644
--- a/lib/pact_broker/api/resources/tag.rb
+++ b/lib/pact_broker/api/resources/tag.rb
@@ -17,6 +17,10 @@ def allowed_methods
           ["GET","PUT","DELETE", "OPTIONS"]
         end
 
+        def put_can_create?
+          true
+        end
+
         def from_json
           unless tag
             @tag = tag_service.create(identifier_from_path)
diff --git a/lib/pact_broker/api/resources/version.rb b/lib/pact_broker/api/resources/version.rb
index cf23c8069..ccabb5ba0 100644
--- a/lib/pact_broker/api/resources/version.rb
+++ b/lib/pact_broker/api/resources/version.rb
@@ -21,6 +21,10 @@ def allowed_methods
           ["GET", "PUT", "PATCH", "DELETE", "OPTIONS"]
         end
 
+        def put_can_create?
+          true
+        end
+
         def resource_exists?
           !!version
         end
diff --git a/lib/pact_broker/api/resources/webhook.rb b/lib/pact_broker/api/resources/webhook.rb
index 2b717df2a..a165e294f 100644
--- a/lib/pact_broker/api/resources/webhook.rb
+++ b/lib/pact_broker/api/resources/webhook.rb
@@ -22,6 +22,10 @@ def allowed_methods
           ["GET", "PUT", "DELETE", "OPTIONS"]
         end
 
+        def put_can_create?
+          true
+        end
+
         def resource_exists?
           !!webhook
         end