You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by mi...@apache.org on 2018/12/27 20:23:49 UTC

[trafficcontrol] branch master updated: Fix TO missing return (#3165)

This is an automated email from the ASF dual-hosted git repository.

mitchell852 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git


The following commit(s) were added to refs/heads/master by this push:
     new dc2b16d  Fix TO missing return (#3165)
dc2b16d is described below

commit dc2b16d6fb043b020d3e0406e6c1fc75ab827ef7
Author: Robert Butts <ro...@users.noreply.github.com>
AuthorDate: Thu Dec 27 13:23:44 2018 -0700

    Fix TO missing return (#3165)
    
    * Fix TO missing return
    
    Fixes #3164
    
    * Add Test TO API, verify readonly user can't change
---
 .../testing/api/v14/readonlycannotmodify_test.go   | 91 ++++++++++++++++++++++
 traffic_ops/testing/api/v14/tc-fixtures.json       | 22 ++++++
 traffic_ops/traffic_ops_golang/wrappers.go         |  1 +
 3 files changed, 114 insertions(+)

diff --git a/traffic_ops/testing/api/v14/readonlycannotmodify_test.go b/traffic_ops/testing/api/v14/readonlycannotmodify_test.go
new file mode 100644
index 0000000..b718c49
--- /dev/null
+++ b/traffic_ops/testing/api/v14/readonlycannotmodify_test.go
@@ -0,0 +1,91 @@
+package v14
+
+/*
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+import (
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/apache/trafficcontrol/lib/go-tc"
+	toclient "github.com/apache/trafficcontrol/traffic_ops/client"
+)
+
+func TestReadOnlyCannotModify(t *testing.T) {
+	CreateTestCDNs(t)
+	CreateTestTypes(t)
+	CreateTestTenants(t)
+	CreateTestProfiles(t)
+	CreateTestStatuses(t)
+	CreateTestDivisions(t)
+	CreateTestRegions(t)
+	CreateTestPhysLocations(t)
+	CreateTestCacheGroups(t)
+	CreateTestDeliveryServices(t)
+	CreateTestUsers(t)
+
+	CreateTestCDNWithReadOnlyUser(t)
+
+	ForceDeleteTestUsers(t)
+	DeleteTestDeliveryServices(t)
+	DeleteTestCacheGroups(t)
+	DeleteTestPhysLocations(t)
+	DeleteTestRegions(t)
+	DeleteTestDivisions(t)
+	DeleteTestStatuses(t)
+	DeleteTestProfiles(t)
+	DeleteTestTenants(t)
+	DeleteTestTypes(t)
+	DeleteTestCDNs(t)
+}
+
+func CreateTestCDNWithReadOnlyUser(t *testing.T) {
+	if len(testData.CDNs) == 0 {
+		t.Fatalf("Can't test readonly user creating a cdns: test data has no cdns\n")
+	}
+
+	toReqTimeout := time.Second * time.Duration(Config.Default.Session.TimeoutInSecs)
+	readonlyTOClient, _, err := toclient.LoginWithAgent(TOSession.URL, "readonlyuser", "pa$$word", true, "to-api-v14-client-tests/readonlyuser", true, toReqTimeout)
+	if err != nil {
+		t.Fatalf("failed to get log in with readonlyuser: " + err.Error())
+	}
+
+	cdn := tc.CDN{
+		Name:       "cdn-test-readonly-create-failure",
+		DomainName: "createfailure.invalid",
+	}
+
+	alerts, _, err := readonlyTOClient.CreateCDN(cdn)
+
+	if err == nil {
+		t.Errorf("readonlyuser creating cdn error expected: not nil, actual: nil error")
+	}
+
+	if !strings.Contains(strings.ToLower(err.Error()), "forbidden") {
+		t.Errorf("readonlyuser creating cdn error expected: contains 'forbidden', actual: '" + err.Error() + "'")
+	}
+
+	for _, alert := range alerts.Alerts {
+		if alert.Level == string(tc.SuccessLevel) {
+			t.Errorf("readonlyuser creating cdn, alerts expected: no success alert, actual: got success alert '" + alert.Text + "'")
+		}
+	}
+
+	cdns, _, _ := TOSession.GetCDNByName(cdn.Name)
+	if len(cdns) > 0 {
+		t.Errorf("readonlyuser getting created cdn, len(cdns) expected: 0, actual: %+v %++v", len(cdns), cdns)
+	}
+}
diff --git a/traffic_ops/testing/api/v14/tc-fixtures.json b/traffic_ops/testing/api/v14/tc-fixtures.json
index 00f3b92..110ed92 100644
--- a/traffic_ops/testing/api/v14/tc-fixtures.json
+++ b/traffic_ops/testing/api/v14/tc-fixtures.json
@@ -1807,6 +1807,28 @@
             "tenant": "tenant1",
             "uid": 0,
             "username": "disalloweduser"
+        },
+        {
+            "addressLine1": "address of readonly",
+            "addressLine2": "place",
+            "city": "somewhere",
+            "company": "else",
+            "country": "UK",
+            "email": "readonly@example.com",
+            "fullName": "Readonly User",
+            "gid": 0,
+            "localPasswd": "pa$$word",
+            "confirmLocalPasswd": "pa$$word",
+            "newUser": false,
+            "phoneNumber": "",
+            "postalCode": "",
+            "publicSshKey": "",
+            "registrationSent": "",
+            "role": 2,
+            "stateOrProvince": "",
+            "tenant": "tenant1",
+            "uid": 0,
+            "username": "readonlyuser"
         }
     ],
     "steeringTargets": [
diff --git a/traffic_ops/traffic_ops_golang/wrappers.go b/traffic_ops/traffic_ops_golang/wrappers.go
index b06fd5b..ef68b51 100644
--- a/traffic_ops/traffic_ops_golang/wrappers.go
+++ b/traffic_ops/traffic_ops_golang/wrappers.go
@@ -62,6 +62,7 @@ func (a AuthBase) GetWrapper(privLevelRequired int) Middleware {
 			}
 			if user.PrivLevel < privLevelRequired {
 				api.HandleErr(w, r, nil, http.StatusForbidden, errors.New("Forbidden."), nil)
+				return
 			}
 			api.AddUserToReq(r, user)
 			handlerFunc(w, r)