Tenant-utils PR review changes
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/ab801791 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/ab801791 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/ab801791 Branch: refs/heads/master Commit: ab801791569874ca54771de8e3da41b34fd34529 Parents: e0ae552 Author: nir-sopher <[email protected]> Authored: Mon Jun 26 20:46:29 2017 +0300 Committer: Jeremy Mitchell <[email protected]> Committed: Tue Jul 18 12:12:32 2017 -0600 ---------------------------------------------------------------------- traffic_ops/app/lib/API/Tenant.pm | 21 ++++++++++----------- traffic_ops/app/lib/API/User.pm | 3 +-- traffic_ops/app/t/api/1.2/tenant.t | 4 ++-- 3 files changed, 13 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/ab801791/traffic_ops/app/lib/API/Tenant.pm ---------------------------------------------------------------------- diff --git a/traffic_ops/app/lib/API/Tenant.pm b/traffic_ops/app/lib/API/Tenant.pm index 3653455..932ab0f 100644 --- a/traffic_ops/app/lib/API/Tenant.pm +++ b/traffic_ops/app/lib/API/Tenant.pm @@ -108,17 +108,22 @@ sub update { } if ( $params->{name} ne $self->getTenantName($id) ) { - my $name = $params->{name}; + my $name = $params->{name}; my $existing = $self->db->resultset('Tenant')->search( { name => $name } )->get_column('name')->single(); if ($existing) { return $self->alert("A tenant with name \"$name\" already exists."); } - } + } + my $tenant_utils = UI::TenantUtils->new($self); my $tenants_data = $tenant_utils->create_tenants_data_from_db(undef); - if ( !defined( $params->{parentId}) && !$tenant_utils->is_root_tenant($tenants_data, $id) ) { + if ( $tenant_utils->is_root_tenant($tenants_data, $id) ) { + return $self->alert("Root tenant cannot be updated."); + } + + if ( !defined( $params->{parentId}) ) { # Cannot turn a simple tenant to a root tenant. # Practically there is no problem with doing so, but it is to risky to be done by mistake. return $self->alert("Parent Id is required."); @@ -128,19 +133,13 @@ sub update { return $self->alert("Active field is required."); } - my $is_active = $params->{active}; - if ( !$params->{active} && $tenant_utils->is_root_tenant($tenants_data, $id)) { return $self->alert("Root tenant cannot be in-active."); } #this is a write operation, allowed only by parents of the tenant (which are the owners of the resource of type tenant) my $current_resource_tenancy = $self->db->resultset('Tenant')->search( { id => $id } )->get_column('parent_id')->single(); - if (!defined($current_resource_tenancy)) { - #no parent - the tenant is its-own owner - $current_resource_tenancy = $id; - } - + if (!$tenant_utils->is_tenant_resource_accessible($tenants_data, $current_resource_tenancy)) { return $self->forbidden(); #Current owning tenant is not under user's tenancy } @@ -243,7 +242,7 @@ sub create { if ( !defined($parent_id) ) { return $self->alert("Parent Id is required."); } - + my $tenant_utils = UI::TenantUtils->new($self); my $tenants_data = $tenant_utils->create_tenants_data_from_db(undef); http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/ab801791/traffic_ops/app/lib/API/User.pm ---------------------------------------------------------------------- diff --git a/traffic_ops/app/lib/API/User.pm b/traffic_ops/app/lib/API/User.pm index 3f03ad2..e98f969 100644 --- a/traffic_ops/app/lib/API/User.pm +++ b/traffic_ops/app/lib/API/User.pm @@ -406,8 +406,7 @@ sub current { my $self = shift; my @data; my $current_username = $self->current_user()->{username}; - my $tenantUtils = UI::TenantUtils->new($self); - if ( &is_ldap($self) ) { +it if ( &is_ldap($self) ) { my $role = $self->db->resultset('Role')->search( { name => "read-only" } )->get_column('id')->single; push( http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/ab801791/traffic_ops/app/t/api/1.2/tenant.t ---------------------------------------------------------------------- diff --git a/traffic_ops/app/t/api/1.2/tenant.t b/traffic_ops/app/t/api/1.2/tenant.t index ced60bd..08a3913 100644 --- a/traffic_ops/app/t/api/1.2/tenant.t +++ b/traffic_ops/app/t/api/1.2/tenant.t @@ -127,7 +127,7 @@ ok $t->put_ok('/api/1.2/tenants/' . $tenantA_id => {Accept => 'application/json #cannot change root-tenant to inactive ok $t->put_ok('/api/1.2/tenants/' . $root_tenant_id => {Accept => 'application/json'} => json => { "name" => "root", "active" => 0, "parentId" => undef}) - ->json_is( "/alerts/0/text" => "Root tenant cannot be in-active.") + ->json_is( "/alerts/0/text" => "Root tenant cannot be updated.") ->status_is(400); #adding a child tenant @@ -348,7 +348,7 @@ ok $t->post_ok('/api/1.2/tenants' => {Accept => 'application/json'} => json => { ok $t->put_ok('/api/1.2/tenants/' . $root_tenant_id => {Accept => 'application/json'} => json => { "name" => "rooty", "active" => 1, "parentId" => undef}) - ->status_is(403)->or( sub { diag $t->tx->res->content->asset->{content}; } ); + ->status_is(400)->or( sub { diag $t->tx->res->content->asset->{content}; } ); #no tenants in the list ok $t->get_ok("/api/1.2/tenants")->status_is(200)
