[15/17] incubator-trafficcontrol git commit: DS tenancy checks, replace some of the 403 with 400

mitchell852 Tue, 25 Jul 2017 11:57:16 -0700

DS tenancy checks, replace some of the 403 with 400


Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/f5c9536c
Tree: 
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/f5c9536c
Diff: 
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/f5c9536c

Branch: refs/heads/master
Commit: f5c9536c1d4aca1efc430c798bc137eb9a13b5d2
Parents: 76df06a
Author: nir-sopher <n...@qwilt.com>
Authored: Tue Jun 27 10:27:51 2017 +0300
Committer: Jeremy Mitchell <mitchell...@gmail.com>
Committed: Tue Jul 25 12:55:59 2017 -0600

----------------------------------------------------------------------
 traffic_ops/app/lib/API/Deliveryservice.pm | 4 ++--
 traffic_ops/app/t/api/1.2/tenant_access.t  | 8 ++++++--
 2 files changed, 8 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/f5c9536c/traffic_ops/app/lib/API/Deliveryservice.pm
----------------------------------------------------------------------
diff --git a/traffic_ops/app/lib/API/Deliveryservice.pm 
b/traffic_ops/app/lib/API/Deliveryservice.pm
index fb66240..fb66d89 100644
--- a/traffic_ops/app/lib/API/Deliveryservice.pm
+++ b/traffic_ops/app/lib/API/Deliveryservice.pm
@@ -310,7 +310,7 @@ sub update {
        #setting tenant_id to undef if tenant is not set. 
        my $tenant_id = exists($params->{tenantId}) ? $params->{tenantId} :  
undef;
        if (!$tenant_utils->is_ds_resource_accessible($tenants_data, 
$tenant_id)) {
-               return $self->forbidden();
+               return $self->alert("Invalid tenant. This tenant is not 
available to you for assignment.");
        }
 
        my $values = {
@@ -592,7 +592,7 @@ sub create {
        #setting tenant_id to the user id if tenant is not set.
        my $tenant_id = exists($params->{tenantId}) ? $params->{tenantId} :  
$tenant_utils->current_user_tenant();
        if (!$tenant_utils->is_ds_resource_accessible($tenants_data, 
$tenant_id)) {
-               return $self->forbidden();
+               return $self->alert("Invalid tenant. This tenant is not 
available to you for assignment.");
        }
 
        my ( $is_valid, $result ) = $self->is_deliveryservice_valid($params);

http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/f5c9536c/traffic_ops/app/t/api/1.2/tenant_access.t
----------------------------------------------------------------------
diff --git a/traffic_ops/app/t/api/1.2/tenant_access.t 
b/traffic_ops/app/t/api/1.2/tenant_access.t
index 83867e6..eb5c626 100644
--- a/traffic_ops/app/t/api/1.2/tenant_access.t
+++ b/traffic_ops/app/t/api/1.2/tenant_access.t
@@ -779,6 +779,8 @@ sub test_ds_resource_write_block_access {
     my $login_tenant = shift;
     my $resource_tenant = shift;
     my $tenants_data = shift;
+
+    my $is_login_tenant_active = is_tenant_active($login_tenant);
     login_to_tenant_admin($login_tenant, $tenants_data);
 
     #adding a ds
@@ -806,7 +808,8 @@ sub test_ds_resource_write_block_access {
                 "geoProvider" => 0,
                 "qstringIgnore" => 0,
             })
-            ->status_is(403)->or( sub { diag 
$t->tx->res->content->asset->{content}; } )
+            ->status_is(400)->or( sub { diag 
$t->tx->res->content->asset->{content}; } )
+            ->json_is( "/alerts/0/text" => "Invalid tenant. This tenant is not 
available to you for assignment.")
         , 'Cannot add ds: login tenant:'.$login_tenant.' resource tenant: 
'.$resource_tenant.'?';
 
 
@@ -903,7 +906,8 @@ sub test_ds_resource_write_block_access {
     #changing only its tenancy
     $response2edit2->{"tenantId"} = $tenants_data->{$resource_tenant}->{'id'};
     ok $t->put_ok('/api/1.2/deliveryservices/'.$new_ds_id2 => {Accept => 
'application/json'} => json => $response2edit2)
-            ->status_is(403)->or( sub { diag 
$t->tx->res->content->asset->{content}; } )
+            ->status_is($is_login_tenant_active ? 400 : 403)->or( sub { diag 
$t->tx->res->content->asset->{content}; } )
+            ->json_is( "/alerts/0/text" => $is_login_tenant_active ? "Invalid 
tenant. This tenant is not available to you for assignment." : "Forbidden")
         , 'Cannot change ds tenant to the target resource tenant: login 
tenant:'.$login_tenant.' resource tenant: '.$resource_tenant.'?';
 
     ok $t->delete_ok('/api/1.2/deliveryservices/'.$new_ds_id2 => {Accept => 
'application/json'} => json => $response2edit2)

[15/17] incubator-trafficcontrol git commit: DS tenancy checks, replace some of the 403 with 400

Reply via email to