[06/11] incubator-trafficcontrol git commit: Current user update - cannot change tenancy

Wed, 19 Jul 2017 14:56:24 -0700 

Current user update - cannot change tenancy


Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/93bcdfbd
Tree: 
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/93bcdfbd
Diff: 
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/93bcdfbd

Branch: refs/heads/master
Commit: 93bcdfbdd02db790195c5ba36267a982c17063cc
Parents: d7e77e3
Author: nir-sopher <n...@qwilt.com>
Authored: Tue Jun 20 05:33:51 2017 +0300
Committer: Jeremy Mitchell <mitchell...@gmail.com>
Committed: Wed Jul 19 15:55:31 2017 -0600

----------------------------------------------------------------------
 traffic_ops/app/lib/API/User.pm           |  7 +++++++
 traffic_ops/app/t/api/1.2/tenant_access.t | 20 ++++++++++++++++++++
 2 files changed, 27 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/93bcdfbd/traffic_ops/app/lib/API/User.pm
----------------------------------------------------------------------
diff --git a/traffic_ops/app/lib/API/User.pm b/traffic_ops/app/lib/API/User.pm
index d56d5a9..5b09d74 100644
--- a/traffic_ops/app/lib/API/User.pm
+++ b/traffic_ops/app/lib/API/User.pm
@@ -506,6 +506,13 @@ sub update_current {
                return $self->alert( "Profile cannot be updated because '" . 
$user->{username} . "' is logged in as LDAP." );
        }
 
+       if ( defined( $user->{"tenantId"} ) ) {
+               my $current_user_tenant_id = 
$self->db->resultset('TmUser')->search( { username => 
$self->current_user()->{username} } )->get_column('tenant_id')->single;
+               if (!defined($current_user_tenant_id) or $user->{"tenantId"} != 
$current_user_tenant_id){
+                       return $self->alert("Cannot change user tenancy");
+               }
+       }
+
        my $db_user;
 
        # Prevent these from getting updated

http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/93bcdfbd/traffic_ops/app/t/api/1.2/tenant_access.t
----------------------------------------------------------------------
diff --git a/traffic_ops/app/t/api/1.2/tenant_access.t 
b/traffic_ops/app/t/api/1.2/tenant_access.t
index 6803d11..22df77b 100644
--- a/traffic_ops/app/t/api/1.2/tenant_access.t
+++ b/traffic_ops/app/t/api/1.2/tenant_access.t
@@ -126,6 +126,13 @@ login_to_tenant_admin ("A1", $tenants_data);
 my $num_of_tenants_can_be_accessed = 3; #A1, A1a, A1b
 #sanity check on tenants - testing of tenant as a resource is taken care of in 
tenants.t
 ok 
$t->get_ok('/api/1.2/tenants')->status_is(200)->$count_response_test($num_of_tenants_can_be_accessed+$fixture_num_of_tenants);
+#cannot change its tenancy
+ok $t->put_ok('/api/1.2/user/current' => {Accept => 'application/json'} =>
+        json => { user => { tenantId => $tenants_data->{"A1a"}->{'id'}} } )
+        ->json_is( "/alerts/0/text" => "Cannot change user tenancy")
+        ->status_is(400)->or( sub { diag 
$t->tx->res->content->asset->{content}; } )
+    , 'Cannot change my tenancy: tenant: A1?';
+
 logout_from_tenant_admin();
 #access to himself
 test_user_resource_read_allow_access ("A1", "A1", $tenants_data);
@@ -160,6 +167,12 @@ login_to_tenant_admin ("A3", $tenants_data);
 $num_of_tenants_can_be_accessed = 0;
 #sanity check on tenants - testing of tenant as a resource is taken care of in 
tenants.t
 ok 
$t->get_ok('/api/1.2/tenants')->status_is(200)->$count_response_test($num_of_tenants_can_be_accessed+$fixture_num_of_tenants);
+#cannot change its tenancy
+ok $t->put_ok('/api/1.2/user/current' => {Accept => 'application/json'} =>
+        json => { user => { tenantId => $tenants_data->{"A1a"}->{'id'}} } )
+        ->json_is( "/alerts/0/text" => "Cannot change user tenancy")
+        ->status_is(400)->or( sub { diag 
$t->tx->res->content->asset->{content}; } )
+    , 'Cannot change my tenancy: tenant: A1?';
 logout_from_tenant_admin();
 #no access to anywhere
 test_user_resource_read_block_access ("A3", "A3", $tenants_data);
@@ -184,6 +197,12 @@ login_to_tenant_admin ("none", $tenants_data);
 $num_of_tenants_can_be_accessed = 0;
 #sanity check on tenants - testing of tenant as a resource is taken care of in 
tenants.t
 ok 
$t->get_ok('/api/1.2/tenants')->status_is(200)->$count_response_test($num_of_tenants_can_be_accessed+$fixture_num_of_tenants);
+#cannot change its tenancy
+ok $t->put_ok('/api/1.2/user/current' => {Accept => 'application/json'} =>
+        json => { user => { tenantId => $tenants_data->{"A1a"}->{'id'}} } )
+        ->json_is( "/alerts/0/text" => "Cannot change user tenancy")
+        ->status_is(400)->or( sub { diag 
$t->tx->res->content->asset->{content}; } )
+    , 'Cannot change my tenancy: tenant: A1?';
 logout_from_tenant_admin();
 #access to himself
 test_user_resource_read_allow_access ("none", "none", $tenants_data);
@@ -534,3 +553,4 @@ sub test_user_resource_write_block_access {
     #deleting the user for cleanup - no API for that yet
     ok $schema->resultset('TmUser')->find( { id => $new_userid2 } )->delete();
 }
+

Reply via email to