Current user update - cannot change tenancy
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/93bcdfbd Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/93bcdfbd Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/93bcdfbd Branch: refs/heads/master Commit: 93bcdfbdd02db790195c5ba36267a982c17063cc Parents: d7e77e3 Author: nir-sopher <n...@qwilt.com> Authored: Tue Jun 20 05:33:51 2017 +0300 Committer: Jeremy Mitchell <mitchell...@gmail.com> Committed: Wed Jul 19 15:55:31 2017 -0600 ---------------------------------------------------------------------- traffic_ops/app/lib/API/User.pm | 7 +++++++ traffic_ops/app/t/api/1.2/tenant_access.t | 20 ++++++++++++++++++++ 2 files changed, 27 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/93bcdfbd/traffic_ops/app/lib/API/User.pm ---------------------------------------------------------------------- diff --git a/traffic_ops/app/lib/API/User.pm b/traffic_ops/app/lib/API/User.pm index d56d5a9..5b09d74 100644 --- a/traffic_ops/app/lib/API/User.pm +++ b/traffic_ops/app/lib/API/User.pm @@ -506,6 +506,13 @@ sub update_current { return $self->alert( "Profile cannot be updated because '" . $user->{username} . "' is logged in as LDAP." ); } + if ( defined( $user->{"tenantId"} ) ) { + my $current_user_tenant_id = $self->db->resultset('TmUser')->search( { username => $self->current_user()->{username} } )->get_column('tenant_id')->single; + if (!defined($current_user_tenant_id) or $user->{"tenantId"} != $current_user_tenant_id){ + return $self->alert("Cannot change user tenancy"); + } + } + my $db_user; # Prevent these from getting updated http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/93bcdfbd/traffic_ops/app/t/api/1.2/tenant_access.t ---------------------------------------------------------------------- diff --git a/traffic_ops/app/t/api/1.2/tenant_access.t b/traffic_ops/app/t/api/1.2/tenant_access.t index 6803d11..22df77b 100644 --- a/traffic_ops/app/t/api/1.2/tenant_access.t +++ b/traffic_ops/app/t/api/1.2/tenant_access.t @@ -126,6 +126,13 @@ login_to_tenant_admin ("A1", $tenants_data); my $num_of_tenants_can_be_accessed = 3; #A1, A1a, A1b #sanity check on tenants - testing of tenant as a resource is taken care of in tenants.t ok $t->get_ok('/api/1.2/tenants')->status_is(200)->$count_response_test($num_of_tenants_can_be_accessed+$fixture_num_of_tenants); +#cannot change its tenancy +ok $t->put_ok('/api/1.2/user/current' => {Accept => 'application/json'} => + json => { user => { tenantId => $tenants_data->{"A1a"}->{'id'}} } ) + ->json_is( "/alerts/0/text" => "Cannot change user tenancy") + ->status_is(400)->or( sub { diag $t->tx->res->content->asset->{content}; } ) + , 'Cannot change my tenancy: tenant: A1?'; + logout_from_tenant_admin(); #access to himself test_user_resource_read_allow_access ("A1", "A1", $tenants_data); @@ -160,6 +167,12 @@ login_to_tenant_admin ("A3", $tenants_data); $num_of_tenants_can_be_accessed = 0; #sanity check on tenants - testing of tenant as a resource is taken care of in tenants.t ok $t->get_ok('/api/1.2/tenants')->status_is(200)->$count_response_test($num_of_tenants_can_be_accessed+$fixture_num_of_tenants); +#cannot change its tenancy +ok $t->put_ok('/api/1.2/user/current' => {Accept => 'application/json'} => + json => { user => { tenantId => $tenants_data->{"A1a"}->{'id'}} } ) + ->json_is( "/alerts/0/text" => "Cannot change user tenancy") + ->status_is(400)->or( sub { diag $t->tx->res->content->asset->{content}; } ) + , 'Cannot change my tenancy: tenant: A1?'; logout_from_tenant_admin(); #no access to anywhere test_user_resource_read_block_access ("A3", "A3", $tenants_data); @@ -184,6 +197,12 @@ login_to_tenant_admin ("none", $tenants_data); $num_of_tenants_can_be_accessed = 0; #sanity check on tenants - testing of tenant as a resource is taken care of in tenants.t ok $t->get_ok('/api/1.2/tenants')->status_is(200)->$count_response_test($num_of_tenants_can_be_accessed+$fixture_num_of_tenants); +#cannot change its tenancy +ok $t->put_ok('/api/1.2/user/current' => {Accept => 'application/json'} => + json => { user => { tenantId => $tenants_data->{"A1a"}->{'id'}} } ) + ->json_is( "/alerts/0/text" => "Cannot change user tenancy") + ->status_is(400)->or( sub { diag $t->tx->res->content->asset->{content}; } ) + , 'Cannot change my tenancy: tenant: A1?'; logout_from_tenant_admin(); #access to himself test_user_resource_read_allow_access ("none", "none", $tenants_data); @@ -534,3 +553,4 @@ sub test_user_resource_write_block_access { #deleting the user for cleanup - no API for that yet ok $schema->resultset('TmUser')->find( { id => $new_userid2 } )->delete(); } +