You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by mr...@apache.org on 2016/02/23 03:03:52 UTC
usergrid git commit: Allow superuser to access @RequireAdminUserAccess
Repository: usergrid
Updated Branches:
refs/heads/hotfix-2.1.0 [created] 17de74208
Allow superuser to access @RequireAdminUserAccess
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/17de7420
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/17de7420
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/17de7420
Branch: refs/heads/hotfix-2.1.0
Commit: 17de742084130412b2ae97255d5b38f85dd0f469
Parents: 58c9a7b
Author: Michael Russo <mr...@apigee.com>
Authored: Mon Feb 22 18:02:58 2016 -0800
Committer: Michael Russo <mr...@apigee.com>
Committed: Mon Feb 22 18:02:58 2016 -0800
----------------------------------------------------------------------
.../rest/management/users/UserResource.java | 2 +-
.../security/SecuredResourceFilterFactory.java | 2 +-
.../usergrid/rest/management/AdminUsersIT.java | 68 ++++++++++++++------
3 files changed, 52 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/usergrid/blob/17de7420/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
index 7ea4eec..799d59f 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
@@ -100,7 +100,7 @@ public class UserResource extends AbstractContextResource {
return getSubResource( OrganizationsResource.class ).init( user );
}
-
+ @RequireAdminUserAccess
@PUT
public JSONWithPadding setUserInfo( @Context UriInfo ui, Map<String, Object> json,
@QueryParam( "callback" ) @DefaultValue( "callback" ) String callback )
http://git-wip-us.apache.org/repos/asf/usergrid/blob/17de7420/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
index d867e1b..70411d9 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
@@ -324,7 +324,7 @@ public class SecuredResourceFilterFactory implements ResourceFilterFactory {
@Override
public void authorize( ContainerRequest request ) {
logger.debug( "AdminUserFilter.authorize" );
- if ( !isUser( getUserIdentifier() ) ) {
+ if ( !isUser( getUserIdentifier()) && !isServiceAdmin() ) {
throw mappableSecurityException( "unauthorized", "No admin user access authorized" );
}
}
http://git-wip-us.apache.org/repos/asf/usergrid/blob/17de7420/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java b/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
index 286f893..9793393 100644
--- a/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
+++ b/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
@@ -342,16 +342,12 @@ public class AdminUsersIT extends AbstractRestIT {
}
}
- /**
- * Update the current management user and make sure the change persists
- * @throws Exception
- */
- @Ignore("Fails because we cannot GET a management user with a super user token - only with an Admin level token."
- + "But, we can PUT with a superuser token. This test will work once that issue has been resolved.")
+
@Test
- public void updateManagementUser() throws Exception {
+ public void updateManagementUserNoToken() throws Exception {
+
- Organization newOrg = createOrgPayload( "updateManagementUser", null );
+ Organization newOrg = createOrgPayload( "updateManagementUserNoToken", null );
Organization orgReturned = clientSetup.getRestClient().management().orgs().post( newOrg );
@@ -360,28 +356,64 @@ public class AdminUsersIT extends AbstractRestIT {
//Add a property to management user
Entity userProperty = new Entity( ).chainPut( "company","usergrid" );
- management().users().user( newOrg.getUsername() ).put( userProperty );
- Entity userUpdated = updateAdminUser( userProperty, orgReturned );
+ try{
+ management().users().user( newOrg.getUsername() ).put( userProperty );
+ } catch( UniformInterfaceException e ){
+
+ int status = e.getResponse().getStatus();
+ assertEquals(401, status);
+ }
+
+ }
+
+ @Test
+ public void updateManagementUserSuperuserToken() throws Exception {
+
+
+ Organization newOrg = createOrgPayload( "updateManagementUserSuperuserToken", null );
+
- assertEquals( "usergrid",userUpdated.getAsString( "company" ) );
+ Organization orgReturned = clientSetup.getRestClient().management().orgs().post( newOrg );
- //Update property with new management value.
- userProperty = new Entity( ).chainPut( "company","Apigee" );
+ assertNotNull( orgReturned.getOwner() );
+
+ //Add a property to management user
+ Entity userProperty = new Entity( ).chainPut( "company","usergrid" );
+
+ management.token().setToken( clientSetup.getSuperuserToken());
+ management().users().user( newOrg.getUsername() ).put( userProperty );
- userUpdated = updateAdminUser( userProperty, orgReturned);
- assertEquals( "Apigee",userUpdated.getAsString( "company" ) );
}
- private Entity updateAdminUser(Entity userProperty, Organization organization){
- management().users().user( organization.getUsername() ).put( userProperty );
+ @Test
+ public void updateManagementUserAdminToken() throws Exception {
+
+ Organization newOrg = createOrgPayload( "updateManagementUserAdminToken", null );
+
+
+ Organization orgReturned = clientSetup.getRestClient().management().orgs().post( newOrg );
+
+ assertNotNull( orgReturned.getOwner() );
- return management().users().user( organization.getUsername() ).get();
+ String orgName = orgReturned.getName();
+
+ //Add a property to management user
+ Entity userProperty = new Entity( ).chainPut( "company","usergrid" );
+
+ User adminUser = orgReturned.getOwner();
+
+ Token adminToken = management.token().get(adminUser.getUsername(), orgName);
+ assertNotNull(adminToken);
+ management.token().setToken( adminToken );
+ management().users().user( newOrg.getUsername() ).put( userProperty );
}
+
+
/**
* Check that we send the reactivate email to the user after calling the reactivate endpoint.
* @throws Exception