You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by mi...@apache.org on 2018/12/27 20:23:49 UTC
[trafficcontrol] branch master updated: Fix TO missing return
(#3165)
This is an automated email from the ASF dual-hosted git repository.
mitchell852 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new dc2b16d Fix TO missing return (#3165)
dc2b16d is described below
commit dc2b16d6fb043b020d3e0406e6c1fc75ab827ef7
Author: Robert Butts <ro...@users.noreply.github.com>
AuthorDate: Thu Dec 27 13:23:44 2018 -0700
Fix TO missing return (#3165)
* Fix TO missing return
Fixes #3164
* Add Test TO API, verify readonly user can't change
---
.../testing/api/v14/readonlycannotmodify_test.go | 91 ++++++++++++++++++++++
traffic_ops/testing/api/v14/tc-fixtures.json | 22 ++++++
traffic_ops/traffic_ops_golang/wrappers.go | 1 +
3 files changed, 114 insertions(+)
diff --git a/traffic_ops/testing/api/v14/readonlycannotmodify_test.go b/traffic_ops/testing/api/v14/readonlycannotmodify_test.go
new file mode 100644
index 0000000..b718c49
--- /dev/null
+++ b/traffic_ops/testing/api/v14/readonlycannotmodify_test.go
@@ -0,0 +1,91 @@
+package v14
+
+/*
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+import (
+ "strings"
+ "testing"
+ "time"
+
+ "github.com/apache/trafficcontrol/lib/go-tc"
+ toclient "github.com/apache/trafficcontrol/traffic_ops/client"
+)
+
+func TestReadOnlyCannotModify(t *testing.T) {
+ CreateTestCDNs(t)
+ CreateTestTypes(t)
+ CreateTestTenants(t)
+ CreateTestProfiles(t)
+ CreateTestStatuses(t)
+ CreateTestDivisions(t)
+ CreateTestRegions(t)
+ CreateTestPhysLocations(t)
+ CreateTestCacheGroups(t)
+ CreateTestDeliveryServices(t)
+ CreateTestUsers(t)
+
+ CreateTestCDNWithReadOnlyUser(t)
+
+ ForceDeleteTestUsers(t)
+ DeleteTestDeliveryServices(t)
+ DeleteTestCacheGroups(t)
+ DeleteTestPhysLocations(t)
+ DeleteTestRegions(t)
+ DeleteTestDivisions(t)
+ DeleteTestStatuses(t)
+ DeleteTestProfiles(t)
+ DeleteTestTenants(t)
+ DeleteTestTypes(t)
+ DeleteTestCDNs(t)
+}
+
+func CreateTestCDNWithReadOnlyUser(t *testing.T) {
+ if len(testData.CDNs) == 0 {
+ t.Fatalf("Can't test readonly user creating a cdns: test data has no cdns\n")
+ }
+
+ toReqTimeout := time.Second * time.Duration(Config.Default.Session.TimeoutInSecs)
+ readonlyTOClient, _, err := toclient.LoginWithAgent(TOSession.URL, "readonlyuser", "pa$$word", true, "to-api-v14-client-tests/readonlyuser", true, toReqTimeout)
+ if err != nil {
+ t.Fatalf("failed to get log in with readonlyuser: " + err.Error())
+ }
+
+ cdn := tc.CDN{
+ Name: "cdn-test-readonly-create-failure",
+ DomainName: "createfailure.invalid",
+ }
+
+ alerts, _, err := readonlyTOClient.CreateCDN(cdn)
+
+ if err == nil {
+ t.Errorf("readonlyuser creating cdn error expected: not nil, actual: nil error")
+ }
+
+ if !strings.Contains(strings.ToLower(err.Error()), "forbidden") {
+ t.Errorf("readonlyuser creating cdn error expected: contains 'forbidden', actual: '" + err.Error() + "'")
+ }
+
+ for _, alert := range alerts.Alerts {
+ if alert.Level == string(tc.SuccessLevel) {
+ t.Errorf("readonlyuser creating cdn, alerts expected: no success alert, actual: got success alert '" + alert.Text + "'")
+ }
+ }
+
+ cdns, _, _ := TOSession.GetCDNByName(cdn.Name)
+ if len(cdns) > 0 {
+ t.Errorf("readonlyuser getting created cdn, len(cdns) expected: 0, actual: %+v %++v", len(cdns), cdns)
+ }
+}
diff --git a/traffic_ops/testing/api/v14/tc-fixtures.json b/traffic_ops/testing/api/v14/tc-fixtures.json
index 00f3b92..110ed92 100644
--- a/traffic_ops/testing/api/v14/tc-fixtures.json
+++ b/traffic_ops/testing/api/v14/tc-fixtures.json
@@ -1807,6 +1807,28 @@
"tenant": "tenant1",
"uid": 0,
"username": "disalloweduser"
+ },
+ {
+ "addressLine1": "address of readonly",
+ "addressLine2": "place",
+ "city": "somewhere",
+ "company": "else",
+ "country": "UK",
+ "email": "readonly@example.com",
+ "fullName": "Readonly User",
+ "gid": 0,
+ "localPasswd": "pa$$word",
+ "confirmLocalPasswd": "pa$$word",
+ "newUser": false,
+ "phoneNumber": "",
+ "postalCode": "",
+ "publicSshKey": "",
+ "registrationSent": "",
+ "role": 2,
+ "stateOrProvince": "",
+ "tenant": "tenant1",
+ "uid": 0,
+ "username": "readonlyuser"
}
],
"steeringTargets": [
diff --git a/traffic_ops/traffic_ops_golang/wrappers.go b/traffic_ops/traffic_ops_golang/wrappers.go
index b06fd5b..ef68b51 100644
--- a/traffic_ops/traffic_ops_golang/wrappers.go
+++ b/traffic_ops/traffic_ops_golang/wrappers.go
@@ -62,6 +62,7 @@ func (a AuthBase) GetWrapper(privLevelRequired int) Middleware {
}
if user.PrivLevel < privLevelRequired {
api.HandleErr(w, r, nil, http.StatusForbidden, errors.New("Forbidden."), nil)
+ return
}
api.AddUserToReq(r, user)
handlerFunc(w, r)