Repository: usergrid Updated Branches: refs/heads/hotfix-2.1.0 [created] 17de74208
Allow superuser to access @RequireAdminUserAccess Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/17de7420 Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/17de7420 Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/17de7420 Branch: refs/heads/hotfix-2.1.0 Commit: 17de742084130412b2ae97255d5b38f85dd0f469 Parents: 58c9a7b Author: Michael Russo <[email protected]> Authored: Mon Feb 22 18:02:58 2016 -0800 Committer: Michael Russo <[email protected]> Committed: Mon Feb 22 18:02:58 2016 -0800 ---------------------------------------------------------------------- .../rest/management/users/UserResource.java | 2 +- .../security/SecuredResourceFilterFactory.java | 2 +- .../usergrid/rest/management/AdminUsersIT.java | 68 ++++++++++++++------ 3 files changed, 52 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/17de7420/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java index 7ea4eec..799d59f 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java @@ -100,7 +100,7 @@ public class UserResource extends AbstractContextResource { return getSubResource( OrganizationsResource.class ).init( user ); } - + @RequireAdminUserAccess @PUT public JSONWithPadding setUserInfo( @Context UriInfo ui, Map<String, Object> json, @QueryParam( "callback" ) @DefaultValue( "callback" ) String callback ) http://git-wip-us.apache.org/repos/asf/usergrid/blob/17de7420/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java index d867e1b..70411d9 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java @@ -324,7 +324,7 @@ public class SecuredResourceFilterFactory implements ResourceFilterFactory { @Override public void authorize( ContainerRequest request ) { logger.debug( "AdminUserFilter.authorize" ); - if ( !isUser( getUserIdentifier() ) ) { + if ( !isUser( getUserIdentifier()) && !isServiceAdmin() ) { throw mappableSecurityException( "unauthorized", "No admin user access authorized" ); } } http://git-wip-us.apache.org/repos/asf/usergrid/blob/17de7420/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java b/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java index 286f893..9793393 100644 --- a/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java +++ b/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java @@ -342,16 +342,12 @@ public class AdminUsersIT extends AbstractRestIT { } } - /** - * Update the current management user and make sure the change persists - * @throws Exception - */ - @Ignore("Fails because we cannot GET a management user with a super user token - only with an Admin level token." - + "But, we can PUT with a superuser token. This test will work once that issue has been resolved.") + @Test - public void updateManagementUser() throws Exception { + public void updateManagementUserNoToken() throws Exception { + - Organization newOrg = createOrgPayload( "updateManagementUser", null ); + Organization newOrg = createOrgPayload( "updateManagementUserNoToken", null ); Organization orgReturned = clientSetup.getRestClient().management().orgs().post( newOrg ); @@ -360,28 +356,64 @@ public class AdminUsersIT extends AbstractRestIT { //Add a property to management user Entity userProperty = new Entity( ).chainPut( "company","usergrid" ); - management().users().user( newOrg.getUsername() ).put( userProperty ); - Entity userUpdated = updateAdminUser( userProperty, orgReturned ); + try{ + management().users().user( newOrg.getUsername() ).put( userProperty ); + } catch( UniformInterfaceException e ){ + + int status = e.getResponse().getStatus(); + assertEquals(401, status); + } + + } + + @Test + public void updateManagementUserSuperuserToken() throws Exception { + + + Organization newOrg = createOrgPayload( "updateManagementUserSuperuserToken", null ); + - assertEquals( "usergrid",userUpdated.getAsString( "company" ) ); + Organization orgReturned = clientSetup.getRestClient().management().orgs().post( newOrg ); - //Update property with new management value. - userProperty = new Entity( ).chainPut( "company","Apigee" ); + assertNotNull( orgReturned.getOwner() ); + + //Add a property to management user + Entity userProperty = new Entity( ).chainPut( "company","usergrid" ); + + management.token().setToken( clientSetup.getSuperuserToken()); + management().users().user( newOrg.getUsername() ).put( userProperty ); - userUpdated = updateAdminUser( userProperty, orgReturned); - assertEquals( "Apigee",userUpdated.getAsString( "company" ) ); } - private Entity updateAdminUser(Entity userProperty, Organization organization){ - management().users().user( organization.getUsername() ).put( userProperty ); + @Test + public void updateManagementUserAdminToken() throws Exception { + + Organization newOrg = createOrgPayload( "updateManagementUserAdminToken", null ); + + + Organization orgReturned = clientSetup.getRestClient().management().orgs().post( newOrg ); + + assertNotNull( orgReturned.getOwner() ); - return management().users().user( organization.getUsername() ).get(); + String orgName = orgReturned.getName(); + + //Add a property to management user + Entity userProperty = new Entity( ).chainPut( "company","usergrid" ); + + User adminUser = orgReturned.getOwner(); + + Token adminToken = management.token().get(adminUser.getUsername(), orgName); + assertNotNull(adminToken); + management.token().setToken( adminToken ); + management().users().user( newOrg.getUsername() ).put( userProperty ); } + + /** * Check that we send the reactivate email to the user after calling the reactivate endpoint. * @throws Exception
