Repository: incubator-trafficcontrol Updated Branches: refs/heads/master 7d70bd455 -> 53db37990
User tenancy checks - allow user to change his tenancy Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/0fb04a7e Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/0fb04a7e Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/0fb04a7e Branch: refs/heads/master Commit: 0fb04a7e60015f486f5f77e464697d6246a3ba24 Parents: 20213b2 Author: nir-sopher <n...@qwilt.com> Authored: Thu Jul 13 07:22:45 2017 +0300 Committer: Jeremy Mitchell <mitchell...@gmail.com> Committed: Wed Jul 19 15:55:31 2017 -0600 ---------------------------------------------------------------------- traffic_ops/app/lib/API/User.pm | 9 ++++----- traffic_ops/app/t/api/1.2/tenant_access.t | 23 +++++++++++++++++------ 2 files changed, 21 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/0fb04a7e/traffic_ops/app/lib/API/User.pm ---------------------------------------------------------------------- diff --git a/traffic_ops/app/lib/API/User.pm b/traffic_ops/app/lib/API/User.pm index ebaceda..85dac74 100644 --- a/traffic_ops/app/lib/API/User.pm +++ b/traffic_ops/app/lib/API/User.pm @@ -506,11 +506,10 @@ sub update_current { return $self->alert( "Profile cannot be updated because '" . $user->{username} . "' is logged in as LDAP." ); } - if ( defined( $user->{"tenantId"} ) ) { - my $current_user_tenant_id = $self->db->resultset('TmUser')->search( { username => $self->current_user()->{username} } )->get_column('tenant_id')->single; - if (!defined($current_user_tenant_id) or $user->{"tenantId"} != $current_user_tenant_id){ - return $self->alert("Cannot change user tenancy"); - } + my $tenant_utils = Utils::Tenant->new($self); + my $tenants_data = $tenant_utils->create_tenants_data_from_db(); + if (!$tenant_utils->is_user_resource_accessible($tenants_data, $user->{"tenantId"})) { + return $self->alert("Invalid tenant. This tenant is not available to you for assignment."); } my $db_user; http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/0fb04a7e/traffic_ops/app/t/api/1.2/tenant_access.t ---------------------------------------------------------------------- diff --git a/traffic_ops/app/t/api/1.2/tenant_access.t b/traffic_ops/app/t/api/1.2/tenant_access.t index 302cb3e..57fdafc 100644 --- a/traffic_ops/app/t/api/1.2/tenant_access.t +++ b/traffic_ops/app/t/api/1.2/tenant_access.t @@ -125,12 +125,23 @@ my $num_of_tenants_can_be_accessed = 3; #A1, A1a, A1b #sanity check on tenants - testing of tenant as a resource is taken care of in tenants.t ok $t->get_ok('/api/1.2/tenants')->status_is(200)->$count_response_test($num_of_tenants_can_be_accessed+$fixture_num_of_tenants); ok $t->get_ok('/api/1.2/users')->status_is(200)->$count_response_test($num_of_tenants_can_be_accessed+$fixture_num_of_users); -#cannot change its tenancy +#cannot change its tenancy to parent ok $t->put_ok('/api/1.2/user/current' => {Accept => 'application/json'} => - json => { user => { tenantId => $tenants_data->{"A1a"}->{'id'}} } ) - ->json_is( "/alerts/0/text" => "Cannot change user tenancy") + json => { user => { tenantId => $tenants_data->{"A"}->{'id'}, + localPasswd => "pass", + confirmLocalPasswd => "pass2"} } ) + ->json_is( "/alerts/0/text" => "Invalid tenant. This tenant is not available to you for assignment.") ->status_is(400)->or( sub { diag $t->tx->res->content->asset->{content}; } ) , 'Cannot change my tenancy: tenant: A1?'; +#can change its tenancy to child (fail on another reason, currently on missing email, +# but if it will not be mandatory anymore it should fail on password mismatch) +ok $t->put_ok('/api/1.2/user/current' => {Accept => 'application/json'} => + json => { user => { tenantId => $tenants_data->{"A1a"}->{'id'}, + localPasswd => "pass", + confirmLocalPasswd => "pass2"} } ) + ->json_is( "/alerts/0/text" => "email is required") + ->status_is(400)->or( sub { diag $t->tx->res->content->asset->{content}; } ) + , 'Can change my tenancy: tenant: A1?'; logout_from_tenant_admin(); #access to himself @@ -158,10 +169,10 @@ $num_of_tenants_can_be_accessed = 0; #sanity check on tenants - testing of tenant as a resource is taken care of in tenants.t ok $t->get_ok('/api/1.2/tenants')->status_is(200)->$count_response_test(0); ok $t->get_ok('/api/1.2/users')->status_is(200)->$count_response_test(0); -#cannot change its tenancy +#cannot change its tenancy to non related ok $t->put_ok('/api/1.2/user/current' => {Accept => 'application/json'} => json => { user => { tenantId => $tenants_data->{"A1a"}->{'id'}} } ) - ->json_is( "/alerts/0/text" => "Cannot change user tenancy") + ->json_is( "/alerts/0/text" => "Invalid tenant. This tenant is not available to you for assignment.") ->status_is(400)->or( sub { diag $t->tx->res->content->asset->{content}; } ) , 'Cannot change my tenancy: tenant: A1?'; logout_from_tenant_admin(); @@ -186,7 +197,7 @@ ok $t->get_ok('/api/1.2/tenants')->status_is(200)->$count_response_test($num_of_ #cannot change its tenancy ok $t->put_ok('/api/1.2/user/current' => {Accept => 'application/json'} => json => { user => { tenantId => $tenants_data->{"A1a"}->{'id'}} } ) - ->json_is( "/alerts/0/text" => "Cannot change user tenancy") + ->json_is( "/alerts/0/text" => "Invalid tenant. This tenant is not available to you for assignment.") ->status_is(400)->or( sub { diag $t->tx->res->content->asset->{content}; } ) , 'Cannot change my tenancy: tenant: A1?'; logout_from_tenant_admin();
