Tenancy access verification - global disable mechanisem
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/abd4f7b0 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/abd4f7b0 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/abd4f7b0 Branch: refs/heads/master Commit: abd4f7b0de2cf640a4792aa50eab18d0a3d960d6 Parents: c72dda5 Author: nir-sopher <n...@qwilt.com> Authored: Mon Jun 26 00:25:10 2017 +0300 Committer: Jeremy Mitchell <mitchell...@gmail.com> Committed: Tue Jul 18 12:12:32 2017 -0600 ---------------------------------------------------------------------- traffic_ops/app/lib/UI/TenantUtils.pm | 11 ++++++++ traffic_ops/app/t/api/1.2/tenant.t | 45 +++++++++++++++++++++++++++++- 2 files changed, 55 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/abd4f7b0/traffic_ops/app/lib/UI/TenantUtils.pm ---------------------------------------------------------------------- diff --git a/traffic_ops/app/lib/UI/TenantUtils.pm b/traffic_ops/app/lib/UI/TenantUtils.pm index 852380f..8751d76 100644 --- a/traffic_ops/app/lib/UI/TenantUtils.pm +++ b/traffic_ops/app/lib/UI/TenantUtils.pm @@ -60,6 +60,10 @@ sub new { $dbh = $context->db; } + my $ignore_tenancy_value = $dbh->resultset("Parameter")->search( { config_file => 'global', name => 'ignore-tenancy' } ) + ->get_column('value')->single(); + my $ignore_tenancy = defined($ignore_tenancy_value) ? $ignore_tenancy_value : 0; + my $self = { dbh => $dbh, context => $context, #saving the context - use it only for log please... @@ -67,6 +71,7 @@ sub new { # In order to reduce the number of calls from the DB, the current user tenant is taken in the class creation. # the below parameters are held temporarily until the info is taken from the jwt current_user_tenant => $current_user_tenant, + ignore_tenancy => $ignore_tenancy, }; bless $self, $class; return $self; @@ -340,6 +345,12 @@ sub _is_resource_accessable { my $tenants_data = shift; my $resource_tenant = shift; + if ($self->{ignore_tenancy}) { + #mechanisem disabled + return 1; + } + + my $user_tenant = $self->current_user_tenant(); if ( defined($user_tenant) ) { my $tenant_record = $tenants_data->{tenants_dict}->{$user_tenant}; http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/abd4f7b0/traffic_ops/app/t/api/1.2/tenant.t ---------------------------------------------------------------------- diff --git a/traffic_ops/app/t/api/1.2/tenant.t b/traffic_ops/app/t/api/1.2/tenant.t index 38bf1e2..ced60bd 100644 --- a/traffic_ops/app/t/api/1.2/tenant.t +++ b/traffic_ops/app/t/api/1.2/tenant.t @@ -244,7 +244,38 @@ ok $tenant_utils_of_e->is_tenant_resource_accessible($tenants_data_of_e, $tenant # itself - full access ok $tenant_utils_of_e->is_tenant_resource_accessible($tenants_data_of_e, $tenantE_id) == 0; # uncle - no access -ok $tenant_utils_of_e->is_tenant_resource_accessible($tenants_data_of_e, $tenantB_id) == 0; +ok $tenant_utils_of_e->is_tenant_resource_accessible($tenants_data_of_e, $tenantB_id) == 0; + + +#Test disable capabilities +ok $t->post_ok('/api/1.2/parameters' => {Accept => 'application/json'} => json => + { + 'name' => 'ignore-tenancy', + 'configFile' => 'global', + 'value' => '1', + 'secure' => '0' + } + )->status_is(200) + , 'Was the disabling paramter created?'; + +my $tenant_utils_of_d_disabled = UI::TenantUtils->new(undef, $tenantD_id, $schema); +my $tenants_data_of_d_disabled = $tenant_utils_of_d_disabled->create_tenants_data_from_db(); +#anchestor - now can access +ok $tenant_utils_of_d_disabled->is_tenant_resource_accessible($tenants_data_of_d_disabled, $root_tenant_id) == 1; +#undef - all have access +ok $tenant_utils_of_d_disabled->is_tenant_resource_accessible($tenants_data_of_d_disabled, undef) == 1; +# parent - now can access +ok $tenant_utils_of_d_disabled->is_tenant_resource_accessible($tenants_data_of_d_disabled, $tenantA_id) == 1; +# itself - full access +ok $tenant_utils_of_d_disabled->is_tenant_resource_accessible($tenants_data_of_d_disabled, $tenantD_id) == 1; +# uncle - now can access +ok $tenant_utils_of_d_disabled->is_tenant_resource_accessible($tenants_data_of_d_disabled, $tenantB_id) == 1; + +ok $t->delete_ok('/api/1.2/parameters/' . &get_param_id('ignore-tenancy') )->status_is(200) + ->or( sub { diag $t->tx->res->content->asset->{content}; } ) + , 'Was the disabling paramter deleted?'; + + ################# @@ -344,3 +375,15 @@ sub get_tenant_id { return $id; } +sub get_param_id { + my $name = shift; + my $q = "select id from parameter where name = \'$name\'"; + my $get_svr = $dbh->prepare($q); + $get_svr->execute(); + my $p = $get_svr->fetchall_arrayref( {} ); + $get_svr->finish(); + my $id = $p->[0]->{id}; + return $id; +} + +
