[11/15] usergrid git commit: Allow superuser to access @RequireAdminUserAccess

Thu, 25 Feb 2016 11:57:18 -0800 

Allow superuser to access @RequireAdminUserAccess

Conflicts:
        
stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
        
stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java


Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/dfcec88d
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/dfcec88d
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/dfcec88d

Branch: refs/heads/master
Commit: dfcec88d41079f51bd393581b6c5419d9995b0e4
Parents: 3ea2b3c
Author: Michael Russo <[email protected]>
Authored: Mon Feb 22 18:02:58 2016 -0800
Committer: Michael Russo <[email protected]>
Committed: Thu Feb 25 11:54:08 2016 -0800

----------------------------------------------------------------------
 .../rest/management/users/UserResource.java     |  2 +-
 .../security/SecuredResourceFilterFactory.java  |  2 +-
 .../usergrid/rest/management/AdminUsersIT.java  | 68 ++++++++++++++------
 3 files changed, 52 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/usergrid/blob/dfcec88d/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
----------------------------------------------------------------------
diff --git 
a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
 
b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
index ed39c31..7ca6418 100644
--- 
a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
+++ 
b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
@@ -89,7 +89,7 @@ public class UserResource extends AbstractContextResource {
         return getSubResource( OrganizationsResource.class ).init( user );
     }
 
-
+    @RequireAdminUserAccess
     @PUT
     @JSONP
     @Produces({MediaType.APPLICATION_JSON, "application/javascript"})

http://git-wip-us.apache.org/repos/asf/usergrid/blob/dfcec88d/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
----------------------------------------------------------------------
diff --git 
a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
 
b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
index 531d355..0514dca 100644
--- 
a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
+++ 
b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
@@ -368,7 +368,7 @@ public class SecuredResourceFilterFactory implements 
DynamicFeature {
                 if (logger.isTraceEnabled()) {
                     logger.trace("AdminUserFilter.authorize");
                 }
-                if (!isUser( getUserIdentifier() )) {
+                if (!isUser( getUserIdentifier() ) && !isServiceAdmin() ) {
                     throw mappableSecurityException( "unauthorized", "No admin 
user access authorized" );
                 }
             }

http://git-wip-us.apache.org/repos/asf/usergrid/blob/dfcec88d/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
----------------------------------------------------------------------
diff --git 
a/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
 
b/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
index cf27644..423af29 100644
--- 
a/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
+++ 
b/stack/rest/src/test/java/org/apache/usergrid/rest/management/AdminUsersIT.java
@@ -17,6 +17,7 @@
 
 package org.apache.usergrid.rest.management;
 
+import com.sun.jersey.api.client.UniformInterfaceException;
 import net.jcip.annotations.NotThreadSafe;
 import org.apache.usergrid.management.MockImapClient;
 import org.apache.usergrid.persistence.core.util.StringUtils;
@@ -25,7 +26,6 @@ import org.apache.usergrid.rest.test.resource.AbstractRestIT;
 import 
org.apache.usergrid.rest.test.resource.endpoints.mgmt.ManagementResource;
 import org.apache.usergrid.rest.test.resource.model.*;
 import org.junit.Before;
-import org.junit.Ignore;
 import org.junit.Test;
 import org.jvnet.mock_javamail.Mailbox;
 
@@ -340,15 +340,11 @@ public class AdminUsersIT extends AbstractRestIT {
         }
     }
 
-    /**
-     * Update the current management user and make sure the change persists
-     * @throws Exception
-     */
-    @Ignore("Pending new feature 
https://issues.apache.org/jira/browse/USERGRID-1127";)
     @Test
-    public void updateManagementUser() throws Exception {
+    public void updateManagementUserNoToken() throws Exception {
 
-        Organization newOrg = createOrgPayload( "updateManagementUser", null );
+
+        Organization newOrg = createOrgPayload( "updateManagementUserNoToken", 
null );
 
 
         Organization orgReturned = 
clientSetup.getRestClient().management().orgs().post( newOrg );
@@ -357,28 +353,64 @@ public class AdminUsersIT extends AbstractRestIT {
 
         //Add a property to management user
         Entity userProperty = new Entity(  ).chainPut( "company","usergrid" );
-        management().users().user( newOrg.getUsername() ).put( userProperty );
 
-        Entity userUpdated = updateAdminUser( userProperty, orgReturned );
+        try{
+            management().users().user( newOrg.getUsername() ).put( 
userProperty );
+        } catch( UniformInterfaceException e ){
 
-        assertEquals( "usergrid",userUpdated.getAsString( "company" ) );
+            int status = e.getResponse().getStatus();
+            assertEquals(401, status);
+        }
+
+    }
+
+    @Test
+    public void updateManagementUserSuperuserToken() throws Exception {
+
+
+        Organization newOrg = createOrgPayload( 
"updateManagementUserSuperuserToken", null );
+
+
+        Organization orgReturned = 
clientSetup.getRestClient().management().orgs().post( newOrg );
+
+        assertNotNull( orgReturned.getOwner() );
+
+        //Add a property to management user
+        Entity userProperty = new Entity(  ).chainPut( "company","usergrid" );
 
-        //Update property with new management value.
-        userProperty = new Entity(  ).chainPut( "company","Apigee" );
+        management.token().setToken( clientSetup.getSuperuserToken());
+        management().users().user( newOrg.getUsername() ).put( userProperty );
 
-        userUpdated = updateAdminUser( userProperty, orgReturned);
 
-        assertEquals( "Apigee",userUpdated.getAsString( "company" ) );
     }
 
-    private Entity updateAdminUser(Entity userProperty, Organization 
organization){
-        management().users().user( organization.getUsername() ).put( 
userProperty );
+    @Test
+    public void updateManagementUserAdminToken() throws Exception {
+
+        Organization newOrg = createOrgPayload( 
"updateManagementUserAdminToken", null );
+
+
+        Organization orgReturned = 
clientSetup.getRestClient().management().orgs().post( newOrg );
+
+        assertNotNull( orgReturned.getOwner() );
 
-        return management().users().user( organization.getUsername() ).get();
+        String orgName = orgReturned.getName();
+
+        //Add a property to management user
+        Entity userProperty = new Entity(  ).chainPut( "company","usergrid" );
+
+        User adminUser = orgReturned.getOwner();
+
+        Token adminToken = management.token().get(adminUser.getUsername(), 
orgName);
+        assertNotNull(adminToken);
+        management.token().setToken( adminToken );
+        management().users().user( newOrg.getUsername() ).put( userProperty );
 
     }
 
 
+
+
     /**
      * Check that we send the reactivate email to the user after calling the 
reactivate endpoint.
      * @throws Exception

Reply via email to