Add additional test for validating admin user access.
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/2e296361 Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/2e296361 Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/2e296361 Branch: refs/heads/master Commit: 2e296361ab1b0afb8e762a3b7d16297944652f87 Parents: dfcec88 Author: Michael Russo <[email protected]> Authored: Mon Feb 22 18:27:35 2016 -0800 Committer: Michael Russo <[email protected]> Committed: Thu Feb 25 11:54:28 2016 -0800 ---------------------------------------------------------------------- .../usergrid/rest/management/AdminUsersIT.java | 35 ++++++++++++++++++++ 1 file changed, 35 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/2e296361/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java b/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java index 423af29..e294556 100644 --- a/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java +++ b/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java @@ -408,6 +408,41 @@ public class AdminUsersIT extends AbstractRestIT { } + @Test + public void updateManagementUserWrongAdminToken() throws Exception { + + Organization newOrg = createOrgPayload( "updateManagementUserWrongAdminToken", null ); + Organization orgReturned = clientSetup.getRestClient().management().orgs().post( newOrg ); + assertNotNull( orgReturned.getOwner() ); + + // add a new management user to the org for the purpose of a 'wrong' user trying update others + Entity adminUserPayload = new Entity(); + String wrongAdminUsername = "wrongAdminUser"+UUIDUtils.newTimeUUID(); + adminUserPayload.put( "username", wrongAdminUsername ); + adminUserPayload.put( "name", wrongAdminUsername ); + adminUserPayload.put( "email", wrongAdminUsername+"@usergrid.com" ); + adminUserPayload.put( "password", wrongAdminUsername ); + management().orgs().org( clientSetup.getOrganizationName() ).users().post(User.class ,adminUserPayload ); + + + // get token of the newly added wrongAdminUser + Token wrongAdminToken = management.token().get(wrongAdminUsername, wrongAdminUsername); + assertNotNull(wrongAdminToken); + management.token().setToken( wrongAdminToken ); + + try{ + //Add a property to management user + Entity userProperty = new Entity( ).chainPut( "company","usergrid" ); + management().users().user( newOrg.getUsername() ).put( userProperty ); + + } catch( UniformInterfaceException e ){ + + int status = e.getResponse().getStatus(); + assertEquals(401, status); + } + + } +
