DS tenancy checks, replace some of the 403 with 400
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/f5c9536c Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/f5c9536c Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/f5c9536c Branch: refs/heads/master Commit: f5c9536c1d4aca1efc430c798bc137eb9a13b5d2 Parents: 76df06a Author: nir-sopher <n...@qwilt.com> Authored: Tue Jun 27 10:27:51 2017 +0300 Committer: Jeremy Mitchell <mitchell...@gmail.com> Committed: Tue Jul 25 12:55:59 2017 -0600 ---------------------------------------------------------------------- traffic_ops/app/lib/API/Deliveryservice.pm | 4 ++-- traffic_ops/app/t/api/1.2/tenant_access.t | 8 ++++++-- 2 files changed, 8 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/f5c9536c/traffic_ops/app/lib/API/Deliveryservice.pm ---------------------------------------------------------------------- diff --git a/traffic_ops/app/lib/API/Deliveryservice.pm b/traffic_ops/app/lib/API/Deliveryservice.pm index fb66240..fb66d89 100644 --- a/traffic_ops/app/lib/API/Deliveryservice.pm +++ b/traffic_ops/app/lib/API/Deliveryservice.pm @@ -310,7 +310,7 @@ sub update { #setting tenant_id to undef if tenant is not set. my $tenant_id = exists($params->{tenantId}) ? $params->{tenantId} : undef; if (!$tenant_utils->is_ds_resource_accessible($tenants_data, $tenant_id)) { - return $self->forbidden(); + return $self->alert("Invalid tenant. This tenant is not available to you for assignment."); } my $values = { @@ -592,7 +592,7 @@ sub create { #setting tenant_id to the user id if tenant is not set. my $tenant_id = exists($params->{tenantId}) ? $params->{tenantId} : $tenant_utils->current_user_tenant(); if (!$tenant_utils->is_ds_resource_accessible($tenants_data, $tenant_id)) { - return $self->forbidden(); + return $self->alert("Invalid tenant. This tenant is not available to you for assignment."); } my ( $is_valid, $result ) = $self->is_deliveryservice_valid($params); http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/f5c9536c/traffic_ops/app/t/api/1.2/tenant_access.t ---------------------------------------------------------------------- diff --git a/traffic_ops/app/t/api/1.2/tenant_access.t b/traffic_ops/app/t/api/1.2/tenant_access.t index 83867e6..eb5c626 100644 --- a/traffic_ops/app/t/api/1.2/tenant_access.t +++ b/traffic_ops/app/t/api/1.2/tenant_access.t @@ -779,6 +779,8 @@ sub test_ds_resource_write_block_access { my $login_tenant = shift; my $resource_tenant = shift; my $tenants_data = shift; + + my $is_login_tenant_active = is_tenant_active($login_tenant); login_to_tenant_admin($login_tenant, $tenants_data); #adding a ds @@ -806,7 +808,8 @@ sub test_ds_resource_write_block_access { "geoProvider" => 0, "qstringIgnore" => 0, }) - ->status_is(403)->or( sub { diag $t->tx->res->content->asset->{content}; } ) + ->status_is(400)->or( sub { diag $t->tx->res->content->asset->{content}; } ) + ->json_is( "/alerts/0/text" => "Invalid tenant. This tenant is not available to you for assignment.") , 'Cannot add ds: login tenant:'.$login_tenant.' resource tenant: '.$resource_tenant.'?'; @@ -903,7 +906,8 @@ sub test_ds_resource_write_block_access { #changing only its tenancy $response2edit2->{"tenantId"} = $tenants_data->{$resource_tenant}->{'id'}; ok $t->put_ok('/api/1.2/deliveryservices/'.$new_ds_id2 => {Accept => 'application/json'} => json => $response2edit2) - ->status_is(403)->or( sub { diag $t->tx->res->content->asset->{content}; } ) + ->status_is($is_login_tenant_active ? 400 : 403)->or( sub { diag $t->tx->res->content->asset->{content}; } ) + ->json_is( "/alerts/0/text" => $is_login_tenant_active ? "Invalid tenant. This tenant is not available to you for assignment." : "Forbidden") , 'Cannot change ds tenant to the target resource tenant: login tenant:'.$login_tenant.' resource tenant: '.$resource_tenant.'?'; ok $t->delete_ok('/api/1.2/deliveryservices/'.$new_ds_id2 => {Accept => 'application/json'} => json => $response2edit2)