You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by mr...@apache.org on 2016/02/23 03:03:52 UTC

usergrid git commit: Allow superuser to access @RequireAdminUserAccess

Repository: usergrid
Updated Branches:
  refs/heads/hotfix-2.1.0 [created] 17de74208


Allow superuser to access @RequireAdminUserAccess


Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/17de7420
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/17de7420
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/17de7420

Branch: refs/heads/hotfix-2.1.0
Commit: 17de742084130412b2ae97255d5b38f85dd0f469
Parents: 58c9a7b
Author: Michael Russo <mr...@apigee.com>
Authored: Mon Feb 22 18:02:58 2016 -0800
Committer: Michael Russo <mr...@apigee.com>
Committed: Mon Feb 22 18:02:58 2016 -0800

----------------------------------------------------------------------
 .../rest/management/users/UserResource.java     |  2 +-
 .../security/SecuredResourceFilterFactory.java  |  2 +-
 .../usergrid/rest/management/AdminUsersIT.java  | 68 ++++++++++++++------
 3 files changed, 52 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/usergrid/blob/17de7420/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
index 7ea4eec..799d59f 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
@@ -100,7 +100,7 @@ public class UserResource extends AbstractContextResource {
         return getSubResource( OrganizationsResource.class ).init( user );
     }
 
-
+    @RequireAdminUserAccess
     @PUT
     public JSONWithPadding setUserInfo( @Context UriInfo ui, Map<String, Object> json,
                                         @QueryParam( "callback" ) @DefaultValue( "callback" ) String callback )

http://git-wip-us.apache.org/repos/asf/usergrid/blob/17de7420/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
index d867e1b..70411d9 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
@@ -324,7 +324,7 @@ public class SecuredResourceFilterFactory implements ResourceFilterFactory {
         @Override
         public void authorize( ContainerRequest request ) {
             logger.debug( "AdminUserFilter.authorize" );
-            if ( !isUser( getUserIdentifier() ) ) {
+            if ( !isUser( getUserIdentifier()) && !isServiceAdmin() ) {
                 throw mappableSecurityException( "unauthorized", "No admin user access authorized" );
             }
         }

http://git-wip-us.apache.org/repos/asf/usergrid/blob/17de7420/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java b/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
index 286f893..9793393 100644
--- a/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
+++ b/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
@@ -342,16 +342,12 @@ public class AdminUsersIT extends AbstractRestIT {
         }
     }
 
-    /**
-     * Update the current management user and make sure the change persists
-     * @throws Exception
-     */
-    @Ignore("Fails because we cannot GET a management user with a super user token - only with an Admin level token."
-        + "But, we can PUT with a superuser token. This test will work once that issue has been resolved.")
+
     @Test
-    public void updateManagementUser() throws Exception {
+    public void updateManagementUserNoToken() throws Exception {
+
 
-        Organization newOrg = createOrgPayload( "updateManagementUser", null );
+        Organization newOrg = createOrgPayload( "updateManagementUserNoToken", null );
 
 
         Organization orgReturned = clientSetup.getRestClient().management().orgs().post( newOrg );
@@ -360,28 +356,64 @@ public class AdminUsersIT extends AbstractRestIT {
 
         //Add a property to management user
         Entity userProperty = new Entity(  ).chainPut( "company","usergrid" );
-        management().users().user( newOrg.getUsername() ).put( userProperty );
 
-        Entity userUpdated = updateAdminUser( userProperty, orgReturned );
+        try{
+            management().users().user( newOrg.getUsername() ).put( userProperty );
+        } catch( UniformInterfaceException e ){
+
+            int status = e.getResponse().getStatus();
+            assertEquals(401, status);
+        }
+
+    }
+
+    @Test
+    public void updateManagementUserSuperuserToken() throws Exception {
+
+
+        Organization newOrg = createOrgPayload( "updateManagementUserSuperuserToken", null );
+
 
-        assertEquals( "usergrid",userUpdated.getAsString( "company" ) );
+        Organization orgReturned = clientSetup.getRestClient().management().orgs().post( newOrg );
 
-        //Update property with new management value.
-        userProperty = new Entity(  ).chainPut( "company","Apigee" );
+        assertNotNull( orgReturned.getOwner() );
+
+        //Add a property to management user
+        Entity userProperty = new Entity(  ).chainPut( "company","usergrid" );
+
+        management.token().setToken( clientSetup.getSuperuserToken());
+        management().users().user( newOrg.getUsername() ).put( userProperty );
 
-        userUpdated = updateAdminUser( userProperty, orgReturned);
 
-        assertEquals( "Apigee",userUpdated.getAsString( "company" ) );
     }
 
-    private Entity updateAdminUser(Entity userProperty, Organization organization){
-        management().users().user( organization.getUsername() ).put( userProperty );
+    @Test
+    public void updateManagementUserAdminToken() throws Exception {
+
+        Organization newOrg = createOrgPayload( "updateManagementUserAdminToken", null );
+
+
+        Organization orgReturned = clientSetup.getRestClient().management().orgs().post( newOrg );
+
+        assertNotNull( orgReturned.getOwner() );
 
-        return management().users().user( organization.getUsername() ).get();
+        String orgName = orgReturned.getName();
+
+        //Add a property to management user
+        Entity userProperty = new Entity(  ).chainPut( "company","usergrid" );
+
+        User adminUser = orgReturned.getOwner();
+
+        Token adminToken = management.token().get(adminUser.getUsername(), orgName);
+        assertNotNull(adminToken);
+        management.token().setToken( adminToken );
+        management().users().user( newOrg.getUsername() ).put( userProperty );
 
     }
 
 
+
+
     /**
      * Check that we send the reactivate email to the user after calling the reactivate endpoint.
      * @throws Exception