[GitHub] incubator-trafficcontrol pull request #751: [TC-462] Ds tenancy validation r...
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/751#discussion_r129904376 --- Diff: traffic_ops/app/lib/API/DeliveryServiceMatches.pm --- @@ -28,11 +29,19 @@ sub index { my $format = $self->param("format") || ""; my $rs; - if ( _privileged($self) ) { + # TO the reviewer: Do we need to override the "is_priviledged" here byt the standard "ignore_ds_user_table" flag? + # What is the reason of the is_priv test - was someone just dussmissed the ds_tmuser table tests + if ( _privileged($self)) { --- End diff -- what about if you change this line to: if ( (use-tenancy=1) || _privileged($self)) { ^^ that's just pseudo code obviously if tenancy is in place, fine let them in and you will only see "matches" for the ds's assigned to you if tenancy is not in place, then it will fall back to what it was before and will check is_privileged --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #751: [TC-462] Ds tenancy validation r...
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/751#discussion_r129904886 --- Diff: traffic_ops/app/lib/API/DeliveryServiceRegexes.pm --- @@ -27,12 +28,18 @@ use Validate::Tiny ':all'; sub all { my $self = shift; + my $tenant_utils = Utils::Tenant->new($self); + my $tenants_data = $tenant_utils->create_tenants_data_from_db(); + my $rs; - if ( _privileged($self) ) { + if ( _privileged($self) or $tenant_utils->ignore_ds_users_table()) { --- End diff -- I thought you were changing this to check the 'use-tenancy' parameter so i would expect something like this to be: if ( _privileged($self) or $tenant_utils->use_tenancy()) { --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #751: [TC-462] Ds tenancy validation r...
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/751#discussion_r129906932 --- Diff: traffic_ops/app/lib/API/DeliveryServiceRegexes.pm --- @@ -222,6 +262,18 @@ sub delete { return $self->forbidden(); } + my $ds = $self->db->resultset('Deliveryservice')->find( { id => $ds_id } ); + if ( !defined($ds) ) { + #allow deletion if the ds is not valid --- End diff -- I dont' understand this part. why not just return 404 not found if ds is invalid? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #751: [TC-462] Ds tenancy validation r...
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/751#discussion_r129905512 --- Diff: traffic_ops/app/lib/API/DeliveryServiceRegexes.pm --- @@ -66,6 +73,12 @@ sub index { return $self->not_found(); } + my $tenant_utils = Utils::Tenant->new($self); + my $tenants_data = $tenant_utils->create_tenants_data_from_db(); + if (!$tenant_utils->is_ds_resource_accessible($tenants_data, $ds->tenant_id)) { + return $self->forbidden(); --- End diff -- can you put a message in here like return $self->forbidden('this delivery service belongs to a tenant you are not authorized to see'); ... or something like that --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #751: [TC-462] Ds tenancy validation r...
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/751#discussion_r129906584 --- Diff: traffic_ops/app/lib/API/DeliveryServiceRegexes.pm --- @@ -66,6 +73,12 @@ sub index { return $self->not_found(); } + my $tenant_utils = Utils::Tenant->new($self); + my $tenants_data = $tenant_utils->create_tenants_data_from_db(); + if (!$tenant_utils->is_ds_resource_accessible($tenants_data, $ds->tenant_id)) { + return $self->forbidden(); --- End diff -- actually, can you do that on all your forbidden message for now on that are the result of a tenancy check failure? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #761: Add TO client DS ByServer, Regex...
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/761#discussion_r129881754 --- Diff: traffic_ops/client/delivery_service_endpoints.go --- @@ -22,6 +22,10 @@ func deliveryServicesEp() string { return apiBase + dsPath + ".json" } +func deliveryServicesByServerEp(id string) string { + return apiBase + "/servers/" + id + dsPath + ".json" --- End diff -- you don't need the .json anymore on any api routes btw --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #760: [TC-477] - disables select all c...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/760 [TC-477] - disables select all checkbox when results are filtered You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-477-select-all Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/760.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #760 commit 07807d5e825ab9abf62096506649eba387329fd2 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-07-27T15:21:01Z disables select all checkbox when results are filtered --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #757: TPv2 - changes form input identi...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/757 TPv2 - changes form input identifiers on login page to avoid browser saved v⦠â¦alues from showing in other form inputs of same name You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol fixes-u-p-autopopulate Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/757.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #757 commit 9ebce37e92919a02a59105a46d647d2faff724a6 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-07-27T03:28:45Z changes form input identifiers on login page to avoid browser saved values from showing in other form inputs of same name --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #755: [TC-476] - TPv2 - improper datab...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/755 [TC-476] - TPv2 - improper databinding to maxDNSAnswers instead of maxDnsAnswers You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-476-fixes-maxdnsanswers Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/755.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #755 commit e4b94d6e7c0a910251c7b88d8f7300edf8fc56fc Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-07-26T21:52:06Z maxDnsAnswers not maxDNSAnswers --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #742: [TC-428] Ds tenancy validation
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/742 just so i'm clear. to fully implement tenancy you should set the parameters like this? ignore-tenancy=0 ignore_ds_tmuser_assignment=1 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #740: add safe (limited field) update ...
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/740#discussion_r129148171 --- Diff: docs/source/development/traffic_ops_api/v12/deliveryservice.rst --- @@ -2648,7 +2648,266 @@ SSL Keys } | +**PUT /api/1.2/deliveryservices/{:id}/safe** + Allows a portal user to edit limited fields of an assigned delivery service. + + Authentication Required: Yes + + Role(s) Required: portal or above --- End diff -- can you update this? what's the rule? ops or above or deliveryservice is assigned to the user? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #748: [TC-419] - implements configurab...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/748 [TC-419] - implements configurable autorefresh of TPv2 dashboard components You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-419-dashboard-refresh Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/748.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #748 commit 144c52e0fda5c973728bb6a073e1ac6e3922ab6e Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-07-24T19:16:24Z implements configurable autorefresh or dashboard components --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #742: [TC-428] Ds tenancy validation
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/742 I'm a little worried that I don't see an entry in the seeds.sql file for the ignore-tenancy parameter. I feel like if somebody want's to disable tenancy they will not know to add that parameter and set it to 1. what do you think? should we have an entry in seeds.sql with ignore-tenancy=0? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #742: [TC-428] Ds tenancy validation
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/742#discussion_r129085204 --- Diff: traffic_ops/app/lib/API/Deliveryservice.pm --- @@ -950,8 +996,13 @@ sub state { my $id = $self->param('id'); if ( $self->is_valid_delivery_service($id) ) { - if ( $self->is_delivery_service_assigned($id) || _admin($self) || _oper($self) ) { + my $tenant_utils = Utils::Tenant->new($self); + my $tenants_data = $tenant_utils->create_tenants_data_from_db(); + if ( $self->is_delivery_service_assigned($id) || $tenant_utils->ignore_ds_users_table() || _admin($self) || _oper($self) ) { --- End diff -- same comment from capacity method --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #740: add safe (limited field) update endpoin...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/740 Can you add some documentation for this new api endpoint? you'll want to update this file: https://github.com/apache/incubator-trafficcontrol/blob/master/docs/source/development/traffic_ops_api/v12/deliveryservice.rst --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #740: add safe (limited field) update ...
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/740#discussion_r128634422 --- Diff: traffic_ops/app/lib/API/Deliveryservice.pm --- @@ -442,6 +442,139 @@ sub update { } } +sub safe_update { + my $self = shift; + my $id = $self->param('id'); + my $params = $self->req->json; + + + my $helper = new Utils::Helper( { mojo => $self } ); + + my $ds = $self->db->resultset('Deliveryservice')->find( { id => $id } ); + if ( !defined($ds) ) { + return $self->not_found(); + } + + + if ( _portal($self) && $helper->is_delivery_service_assigned($id) ) { + + my $xml_id = $params->{xmlId}; + if ( $ds->xml_id ne $xml_id ) { + my $existing = $self->db->resultset('Deliveryservice')->find( { xml_id => $xml_id } ); + if ($existing) { + return $self->alert( "A deliveryservice with xmlId " . $xml_id . " already exists." ); + } + } + + my $values = { + display_name => $params->{displayName}, + info_url => $params->{infoUrl}, + long_desc => $params->{longDesc}, + long_desc_1=> $params->{longDesc1}, + long_desc_2=> $params->{longDesc2}, + }; + + my $rs = $ds->update($values); + if ($rs) { + + # create location parameters for header_rewrite*, regex_remap* and cacheurl* config files if necessary + ::DeliveryService::header_rewrite( $self, $rs->id, $params->{profileId}, $params->{xmlId}, $params->{edgeHeaderRewrite}, "edge" ); + ::DeliveryService::header_rewrite( $self, $rs->id, $params->{profileId}, $params->{xmlId}, $params->{midHeaderRewrite}, "mid" ); + ::DeliveryService::regex_remap( $self, $rs->id, $params->{profileId}, $params->{xmlId}, $params->{regexRemap} ); + ::DeliveryService::cacheurl( $self, $rs->id, $params->{profileId}, $params->{xmlId}, $params->{cacheurl} ); + + # build example urls + my @example_urls = (); + my $cdn_domain= $rs->cdn->domain_name; + my $regexp_set = ::DeliveryService::get_regexp_set( $self, $rs->id ); + @example_urls = ::DeliveryService::get_example_urls( $self, $rs->id, $regexp_set, $rs, $cdn_domain, $rs->protocol ); + + # build the matchlist (the list of ds regexes and their type) + my @matchlist = (); + my $ds_regexes = $self->db->resultset('DeliveryserviceRegex')->search( { deliveryservice => $rs->id }, { prefetch => [ { 'regex' => 'type' } ] } ); + while ( my $ds_regex = $ds_regexes->next ) { + push( + @matchlist, { + type => $ds_regex->regex->type->name, + pattern => $ds_regex->regex->pattern, + setNumber => $ds_regex->set_number + } + ); + } + + my @response; + push( + @response, { + "active" => $rs->active, + "cacheurl" => $rs->cacheurl, + "ccrDnsTtl"=> $rs->ccr_dns_ttl, + "cdnId"=> $rs->cdn->id, + "cdnName" => $rs->cdn->name, + "checkPath"=> $rs->check_path, + "displayName" => $rs->display_name, + "dnsBypassCname" => $rs->dns_bypass_cname, + "dnsBypassIp" => $rs->dns_bypass_ip, + "dnsBy
[GitHub] incubator-trafficcontrol pull request #740: add safe (limited field) update ...
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/740#discussion_r128633810 --- Diff: traffic_ops/app/lib/API/Deliveryservice.pm --- @@ -442,6 +442,139 @@ sub update { } } +sub safe_update { + my $self = shift; + my $id = $self->param('id'); + my $params = $self->req->json; + + + my $helper = new Utils::Helper( { mojo => $self } ); + + my $ds = $self->db->resultset('Deliveryservice')->find( { id => $id } ); + if ( !defined($ds) ) { + return $self->not_found(); + } + + + if ( _portal($self) && $helper->is_delivery_service_assigned($id) ) { + + my $xml_id = $params->{xmlId}; + if ( $ds->xml_id ne $xml_id ) { + my $existing = $self->db->resultset('Deliveryservice')->find( { xml_id => $xml_id } ); + if ($existing) { + return $self->alert( "A deliveryservice with xmlId " . $xml_id . " already exists." ); + } + } + + my $values = { + display_name => $params->{displayName}, + info_url => $params->{infoUrl}, + long_desc => $params->{longDesc}, + long_desc_1=> $params->{longDesc1}, + long_desc_2=> $params->{longDesc2}, + }; + + my $rs = $ds->update($values); + if ($rs) { + + # create location parameters for header_rewrite*, regex_remap* and cacheurl* config files if necessary --- End diff -- I don't think you need to do lines 481-484, actually you probably shouldn't be because this would imply that i can pass in a new profileId or xmlId and make significant changes to the delivery service when really they can change xmlId and profileId all day long and it "should" have no effect in this route. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #740: add safe (limited field) update ...
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/740#discussion_r128633945 --- Diff: traffic_ops/app/lib/API/Deliveryservice.pm --- @@ -442,6 +442,139 @@ sub update { } } +sub safe_update { + my $self = shift; + my $id = $self->param('id'); + my $params = $self->req->json; + + + my $helper = new Utils::Helper( { mojo => $self } ); + + my $ds = $self->db->resultset('Deliveryservice')->find( { id => $id } ); + if ( !defined($ds) ) { + return $self->not_found(); + } + + + if ( _portal($self) && $helper->is_delivery_service_assigned($id) ) { + + my $xml_id = $params->{xmlId}; --- End diff -- I don't think you have to do this because xmlId is ignored anyhow, right? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #745: [TC-444] - removes references to...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/745 [TC-444] - removes references to migrations user and role as it is no longer use⦠â¦d for database migrations You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-444-remove-migrations-user-and-role Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/745.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #745 commit 4dd747ffc9d72aadcef6b359e06e4752ceb9fc49 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-07-20T21:07:46Z removes references to migrations user and role as it is no longer used for database migrations --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #740: add safe (limited field) update endpoin...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/740 actually, you know what? can you just add your api to the ds-write capability in seeds.sql? i think rather than creating a new capability, we stick to the standard ones and let users of the system extend the capabilities as they see fit. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #740: add safe (limited field) update endpoin...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/740 when adding api endpoints, be sure to add your endpoint to the seeds.sql file. my guess is you'll want to create a new capability called ds-write-safe or something that maps to your new api endpoint. if you don't add your api endpoint to seeds.sql, when TO flips over to using roles/capabilities to enforce permissions, nobody will be able to use your new endpoint. let me know if you have questions. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #744: [TC-430] - accounts for scenario...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/744 [TC-430] - accounts for scenario where no servers exist You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-430-fixes-server-status Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/744.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #744 commit 668259483db360a621b59ac089bef3eb19da3bfa Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-07-20T16:40:59Z accounts for scenario where no servers exist --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #741: updates TP readme files
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/741 updates TP readme files You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol fixes-tp-build-instructions Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/741.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #741 commit 16b724fedf41ac4a04feb4a611e47053ab2bd39f Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-07-20T01:28:23Z updates TP readme files --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #735: [TC-427] User tenancy validation
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/735#discussion_r128346564 --- Diff: traffic_ops/app/lib/API/User.pm --- @@ -477,6 +506,13 @@ sub update_current { return $self->alert( "Profile cannot be updated because '" . $user->{username} . "' is logged in as LDAP." ); } + if ( defined( $user->{"tenantId"} ) ) { --- End diff -- Can you make it so you can update your current userbut only with an approved tenant? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #730: [TC-64] - updating current user ...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/730 [TC-64] - updating current user uses a different api than updating any user You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-64-fix-update-current-user Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/730.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #730 commit 21d7f320b01d9521fa6f9eb213af4c5916115a92 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-07-13T18:05:04Z updating current user uses a different api than updating any user --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #727: [TC-417] - clears tm_user.token ...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/727 [TC-417] - clears tm_user.token that was generated during portal user registration process as u⦠â¦pdating your current user signifies that your registration is complete and token is no longer needed You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-417-clear-token Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/727.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #727 commit b73e89369337b03307a9f355ed3ebc5f83e30cd2 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-07-12T18:53:01Z clears token that was generated during user registration process as updating your current user signifies that your registration is complete and token is no longer needed --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #722: [TC-64] - fixes tp release info ...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/722 [TC-64] - fixes tp release info dialog You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-64-fixes-release-info Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/722.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #722 commit 19994680af58d12d92e061f55ef740bb5c0ae47f Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-07-11T18:01:07Z fixes tp release info dialog --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #719: [TC-64] - hooks steering targets...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/719 [TC-64] - hooks steering targets into TP â¦c portal You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-64-ds-targets Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/719.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #719 commit 3474c3b0cdd9d234e7f91a76354b32a7debb5f6c Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-07-05T16:05:43Z adds crud apis for managing steering targets and hooks it into traffic portal --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #711: [TC-64] - adds ccr dns ttl to ht...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/711 [TC-64] - adds ccr dns ttl to http* and dns* deliveryservices with an appropria⦠â¦te default value You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-64-adds-ccr-dns-ttl Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/711.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #711 commit 5d114507359a79311a323b747b369071e05c770c Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-07-03T18:03:18Z adds ccr dns ttl to http* and dns* deliveryservices with an appropriate default value --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #708: promotes TO experimental UI to the new ...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/708 Per this email it has been decided that the new TO UI (that consumes the TO API) will take the place of the Traffic Portal https://lists.apache.org/thread.html/b24a6a6807a50c52d6c9e82e4a3e00f78a56179e57cfadf21fc1711a@%3Cusers.trafficcontrol.apache.org%3E The old traffic portal still exists in a v1 subdirectory --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #644: Tenant utils
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/644#discussion_r124806475 --- Diff: traffic_ops/app/lib/API/Tenant.pm --- @@ -131,21 +130,74 @@ sub update { my $is_active = $params->{active}; - if ( !$params->{active} && $self->isRootTenant($id)) { - return $self->alert("Root user cannot be in-active."); + if ( !$params->{active} && $tenant_utils->is_root_tenant($tenants_data, $id)) { + return $self->alert("Root tenant cannot be in-active."); + } + + #this is a write operation, allowed only by parents of the tenant (which are the owners of the resource of type tenant) + my $current_resource_tenancy = $self->db->resultset('Tenant')->search( { id => $id } )->get_column('parent_id')->single(); + if (!defined($current_resource_tenancy)) { + #no parent - the tenant is its-own owner + $current_resource_tenancy = $id; } + if (!$tenant_utils->is_tenant_resource_accessible($tenants_data, $current_resource_tenancy)) { + return $self->forbidden(); #Current owning tenant is not under user's tenancy + } - if ( !defined($params->{parentId}) && !isRootTenant($id) ) { - return $self->alert("Only the \"root\" tenant can have no parent."); + if (!$tenant_utils->is_tenant_resource_accessible($tenants_data, $params->{parentId})) { + return $self->forbidden(); #Parent tenant to be set is not under user's tenancy } + + + if ($params->{parentId} != $tenant->parent) { + #parent replacement + if (!defined($tenant_utils->get_tenant_by_id($tenants_data, $params->{parentId}))) { + return $self->alert("Parent tenant does not exists."); + } + my $parent_depth = $tenant_utils->get_tenant_heirarchy_depth($tenants_data, $params->{parentId}); + if (!defined($parent_depth)) + { + return $self->alert("Failed to retrieve parent tenant depth."); + } + + my $tenant_height = $tenant_utils->get_tenant_heirarchy_height($tenants_data, $id); + if (!defined($tenant_height)) + { + return $self->alert("Failed to retrieve tenant height."); + } + + if ($parent_depth+$tenant_height+1 > $tenant_utils->max_heirarchy_limit()) --- End diff -- inside your is_ancestor function, you probably need a recursive function to walk down the tree starting with the tenant to be updated to ensure that the new parent is != self or child. so your function call would look like this if (!is_ancestor($tenant, $parent)) return $self->alert("Invalid parent") here's an article regarding recursion in perl: https://perlmaven.com/recursive-subroutines --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #644: Tenant utils
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/644#discussion_r124660517 --- Diff: traffic_ops/app/lib/API/Tenant.pm --- @@ -248,7 +326,17 @@ sub delete { if ( !defined($tenant) ) { return $self->not_found(); } - my $name = $self->db->resultset('Tenant')->search( { id => $id } )->get_column('name')->single(); + + my $parent_tenant = $tenant->parent_id; + + my $tenant_utils = UI::TenantUtils->new($self); + my $tenants_data = $tenant_utils->create_tenants_data_from_db(undef); + + if (!$tenant_utils->is_tenant_resource_accessible($tenants_data, $parent_tenant)) { --- End diff -- oh, that's a good point. if i try to delete my own tenant, i will get back "sorry, this tenant is assigned to a user", right? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #644: Tenant utils
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/644#discussion_r124660063 --- Diff: traffic_ops/app/lib/API/Tenant.pm --- @@ -131,21 +130,74 @@ sub update { my $is_active = $params->{active}; - if ( !$params->{active} && $self->isRootTenant($id)) { - return $self->alert("Root user cannot be in-active."); + if ( !$params->{active} && $tenant_utils->is_root_tenant($tenants_data, $id)) { + return $self->alert("Root tenant cannot be in-active."); + } + + #this is a write operation, allowed only by parents of the tenant (which are the owners of the resource of type tenant) + my $current_resource_tenancy = $self->db->resultset('Tenant')->search( { id => $id } )->get_column('parent_id')->single(); + if (!defined($current_resource_tenancy)) { + #no parent - the tenant is its-own owner + $current_resource_tenancy = $id; } + if (!$tenant_utils->is_tenant_resource_accessible($tenants_data, $current_resource_tenancy)) { + return $self->forbidden(); #Current owning tenant is not under user's tenancy + } - if ( !defined($params->{parentId}) && !isRootTenant($id) ) { - return $self->alert("Only the \"root\" tenant can have no parent."); + if (!$tenant_utils->is_tenant_resource_accessible($tenants_data, $params->{parentId})) { + return $self->forbidden(); #Parent tenant to be set is not under user's tenancy } + + + if ($params->{parentId} != $tenant->parent) { + #parent replacement + if (!defined($tenant_utils->get_tenant_by_id($tenants_data, $params->{parentId}))) { + return $self->alert("Parent tenant does not exists."); + } + my $parent_depth = $tenant_utils->get_tenant_heirarchy_depth($tenants_data, $params->{parentId}); + if (!defined($parent_depth)) + { + return $self->alert("Failed to retrieve parent tenant depth."); + } + + my $tenant_height = $tenant_utils->get_tenant_heirarchy_height($tenants_data, $id); + if (!defined($tenant_height)) + { + return $self->alert("Failed to retrieve tenant height."); + } + + if ($parent_depth+$tenant_height+1 > $tenant_utils->max_heirarchy_limit()) --- End diff -- ok, i see --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #644: Tenant utils
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/644#discussion_r124659823 --- Diff: traffic_ops/app/lib/API/Tenant.pm --- @@ -121,7 +115,12 @@ sub update { } } - if ( !defined( $params->{parentId}) && !$self->isRootTenant($id) ) { + my $tenant_utils = UI::TenantUtils->new($self); + my $tenants_data = $tenant_utils->create_tenants_data_from_db(undef); + --- End diff -- yes, i would say the root tenant can't be changed in any way. you can't change it's name, or it's active flag or it's parent (which has to be null). that is a record in the database that can't be changed at all thru the api. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #644: Tenant utils
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/644#discussion_r124628818 --- Diff: traffic_ops/app/lib/API/User.pm --- @@ -404,7 +406,7 @@ sub current { my $self = shift; my @data; my $current_username = $self->current_user()->{username}; - + my $tenantUtils = UI::TenantUtils->new($self); --- End diff -- this can go away. you are not using this variable. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #644: Tenant utils
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/644#discussion_r124592678 --- Diff: traffic_ops/app/lib/API/Tenant.pm --- @@ -31,34 +32,28 @@ sub getTenantName { return defined($tenant_id) ? $self->db->resultset('Tenant')->search( { id => $tenant_id } )->get_column('name')->single() : "n/a"; } -sub isRootTenant { - my $self= shift; - my $tenant_id = shift; - return !defined($self->db->resultset('Tenant')->search( { id => $tenant_id } )->get_column('parent_id')->single()); -} - sub index { - my $self= shift; - my @data = (); - my %idnames; + my $self= shift; my $orderby = $self->param('orderby') || "name"; - my $rs_data = $self->db->resultset("Tenant")->search(); - while ( my $row = $rs_data->next ) { - $idnames{ $row->id } = $row->name; - } + my $tenant_utils = UI::TenantUtils->new($self); --- End diff -- and then you can just call it Utils::Tenant --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #644: Tenant utils
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/644#discussion_r124624257 --- Diff: traffic_ops/app/lib/API/Tenant.pm --- @@ -131,21 +130,74 @@ sub update { my $is_active = $params->{active}; - if ( !$params->{active} && $self->isRootTenant($id)) { - return $self->alert("Root user cannot be in-active."); + if ( !$params->{active} && $tenant_utils->is_root_tenant($tenants_data, $id)) { + return $self->alert("Root tenant cannot be in-active."); + } + + #this is a write operation, allowed only by parents of the tenant (which are the owners of the resource of type tenant) + my $current_resource_tenancy = $self->db->resultset('Tenant')->search( { id => $id } )->get_column('parent_id')->single(); + if (!defined($current_resource_tenancy)) { + #no parent - the tenant is its-own owner + $current_resource_tenancy = $id; } + if (!$tenant_utils->is_tenant_resource_accessible($tenants_data, $current_resource_tenancy)) { + return $self->forbidden(); #Current owning tenant is not under user's tenancy + } - if ( !defined($params->{parentId}) && !isRootTenant($id) ) { - return $self->alert("Only the \"root\" tenant can have no parent."); + if (!$tenant_utils->is_tenant_resource_accessible($tenants_data, $params->{parentId})) { + return $self->forbidden(); #Parent tenant to be set is not under user's tenancy } + + + if ($params->{parentId} != $tenant->parent) { + #parent replacement + if (!defined($tenant_utils->get_tenant_by_id($tenants_data, $params->{parentId}))) { + return $self->alert("Parent tenant does not exists."); + } + my $parent_depth = $tenant_utils->get_tenant_heirarchy_depth($tenants_data, $params->{parentId}); + if (!defined($parent_depth)) + { + return $self->alert("Failed to retrieve parent tenant depth."); + } + + my $tenant_height = $tenant_utils->get_tenant_heirarchy_height($tenants_data, $id); + if (!defined($tenant_height)) + { + return $self->alert("Failed to retrieve tenant height."); + } + + if ($parent_depth+$tenant_height+1 > $tenant_utils->max_heirarchy_limit()) + { + return $self->alert("Parent tenant is invalid: heirarchy limit reached."); + } + if ($params->{parentId} == $id){ + return $self->alert("Parent tenant is invalid: same as updated tenant."); + } + + my $is_tenant_achestor_of_parent = $tenant_utils->is_anchestor_of($tenants_data, $id, $params->{parentId}); + if (!defined($is_tenant_achestor_of_parent)) + { + return $self->alert("Failed to check tenant and parent current relations."); --- End diff -- I don't understand this error message --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #644: Tenant utils
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/644#discussion_r124621754 --- Diff: traffic_ops/app/lib/API/Tenant.pm --- @@ -131,21 +130,74 @@ sub update { my $is_active = $params->{active}; - if ( !$params->{active} && $self->isRootTenant($id)) { - return $self->alert("Root user cannot be in-active."); + if ( !$params->{active} && $tenant_utils->is_root_tenant($tenants_data, $id)) { + return $self->alert("Root tenant cannot be in-active."); + } + + #this is a write operation, allowed only by parents of the tenant (which are the owners of the resource of type tenant) + my $current_resource_tenancy = $self->db->resultset('Tenant')->search( { id => $id } )->get_column('parent_id')->single(); + if (!defined($current_resource_tenancy)) { + #no parent - the tenant is its-own owner --- End diff -- every tenant must have a parent, right? except for the root tenant. therefore, I don't think this is necessary if you follow my advice above and exit the function if the tenant is the root tenant. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #644: Tenant utils
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/644#discussion_r124597615 --- Diff: traffic_ops/app/lib/API/Tenant.pm --- @@ -121,7 +115,12 @@ sub update { } } - if ( !defined( $params->{parentId}) && !$self->isRootTenant($id) ) { + my $tenant_utils = UI::TenantUtils->new($self); + my $tenants_data = $tenant_utils->create_tenants_data_from_db(undef); + --- End diff -- how about right here adding something like: if ( is_root_tenant($tenants_data, $id) ) { return $self->alert("Root tenant cannot be updated."); } I think we agreed that the root tenant can't be updated but I could be wrong. Anyhow, if you put this code right about here, then you won't have to check is_root_tenant() anymore in this function which I think will make your code easier to read. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #644: Tenant utils
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/644#discussion_r124625194 --- Diff: traffic_ops/app/lib/API/Tenant.pm --- @@ -185,11 +237,36 @@ sub create { return $self->alert("Tenant name is required."); } + #not allowing to create additional root tenants. + #there is no real problem with that, but no real use also my $parent_id = $params->{parentId}; if ( !defined($parent_id) ) { return $self->alert("Parent Id is required."); } + + my $tenant_utils = UI::TenantUtils->new($self); + my $tenants_data = $tenant_utils->create_tenants_data_from_db(undef); + + if (!$tenant_utils->is_tenant_resource_accessible($tenants_data, $params->{parentId})) { + return $self->forbidden(); #Parent tenant to be set is not under user's tenancy + } + if (!defined($tenant_utils->get_tenant_by_id($tenants_data, $params->{parentId}))) { + return $self->alert("Parent tenant does not exists."); + } + + my $parent_depth = $tenant_utils->get_tenant_heirarchy_depth($tenants_data, $params->{parentId}); + + if (!defined($parent_depth)) + { + return $self->alert("Failed to retrieve parent tenant depth."); + } + + if ($parent_depth+1 > $tenant_utils->max_heirarchy_limit()-1) --- End diff -- again, if we get rid of the max_heirarchy_limit, then you can simplify this code. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #644: Tenant utils
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/644#discussion_r124625956 --- Diff: traffic_ops/app/lib/API/Tenant.pm --- @@ -248,7 +326,17 @@ sub delete { if ( !defined($tenant) ) { return $self->not_found(); } - my $name = $self->db->resultset('Tenant')->search( { id => $id } )->get_column('name')->single(); + + my $parent_tenant = $tenant->parent_id; + + my $tenant_utils = UI::TenantUtils->new($self); + my $tenants_data = $tenant_utils->create_tenants_data_from_db(undef); + + if (!$tenant_utils->is_tenant_resource_accessible($tenants_data, $parent_tenant)) { --- End diff -- i don't think that deleting a tenant should matter what the parent tenant is. for example, if this is the tenant hierarcy: - root -- tenant 1 --- tenant 1a --- tenant 1b and i have a user with tenant = tenant 1a, then i should be able to delete tenant 1a even though i don't have tenant 1 assigned to me. what do you think? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #644: Tenant utils
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/644#discussion_r124589621 --- Diff: traffic_ops/app/lib/API/Tenant.pm --- @@ -31,34 +32,28 @@ sub getTenantName { return defined($tenant_id) ? $self->db->resultset('Tenant')->search( { id => $tenant_id } )->get_column('name')->single() : "n/a"; } -sub isRootTenant { - my $self= shift; - my $tenant_id = shift; - return !defined($self->db->resultset('Tenant')->search( { id => $tenant_id } )->get_column('parent_id')->single()); -} - sub index { - my $self= shift; - my @data = (); - my %idnames; + my $self= shift; my $orderby = $self->param('orderby') || "name"; - my $rs_data = $self->db->resultset("Tenant")->search(); - while ( my $row = $rs_data->next ) { - $idnames{ $row->id } = $row->name; - } + my $tenant_utils = UI::TenantUtils->new($self); --- End diff -- this doesn't seem like it's in the right place. how about putting TenantUtils in the Utils directory? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #644: Tenant utils
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/644#discussion_r124623700 --- Diff: traffic_ops/app/lib/API/Tenant.pm --- @@ -131,21 +130,74 @@ sub update { my $is_active = $params->{active}; - if ( !$params->{active} && $self->isRootTenant($id)) { - return $self->alert("Root user cannot be in-active."); + if ( !$params->{active} && $tenant_utils->is_root_tenant($tenants_data, $id)) { + return $self->alert("Root tenant cannot be in-active."); + } + + #this is a write operation, allowed only by parents of the tenant (which are the owners of the resource of type tenant) + my $current_resource_tenancy = $self->db->resultset('Tenant')->search( { id => $id } )->get_column('parent_id')->single(); + if (!defined($current_resource_tenancy)) { + #no parent - the tenant is its-own owner + $current_resource_tenancy = $id; } + if (!$tenant_utils->is_tenant_resource_accessible($tenants_data, $current_resource_tenancy)) { + return $self->forbidden(); #Current owning tenant is not under user's tenancy + } - if ( !defined($params->{parentId}) && !isRootTenant($id) ) { - return $self->alert("Only the \"root\" tenant can have no parent."); + if (!$tenant_utils->is_tenant_resource_accessible($tenants_data, $params->{parentId})) { + return $self->forbidden(); #Parent tenant to be set is not under user's tenancy } + + + if ($params->{parentId} != $tenant->parent) { + #parent replacement + if (!defined($tenant_utils->get_tenant_by_id($tenants_data, $params->{parentId}))) { + return $self->alert("Parent tenant does not exists."); + } + my $parent_depth = $tenant_utils->get_tenant_heirarchy_depth($tenants_data, $params->{parentId}); + if (!defined($parent_depth)) + { + return $self->alert("Failed to retrieve parent tenant depth."); + } + + my $tenant_height = $tenant_utils->get_tenant_heirarchy_height($tenants_data, $id); + if (!defined($tenant_height)) + { + return $self->alert("Failed to retrieve tenant height."); + } + + if ($parent_depth+$tenant_height+1 > $tenant_utils->max_heirarchy_limit()) --- End diff -- can we just get rid of the max_heirarchy_limit? that would get rid of your need to figure out depth and height and simplify this code --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #703: [TC-64] - new TO UI is to be named traf...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/703 Per this email thread - https://lists.apache.org/thread.html/b24a6a6807a50c52d6c9e82e4a3e00f78a56179e57cfadf21fc1711a@%3Cusers.trafficcontrol.apache.org%3E --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #701: TPv2 - adds back missing css cha...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/701 TPv2 - adds back missing css changes when file was deleted You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol theme-scss Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/701.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #701 commit 21dca6bbbe8b0c2a2f544e5c23667b1dd885159a Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-26T18:52:31Z adds back missing changes when file was deleted --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #700: fixes problematic character
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/700 fixes problematic character You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol fixes-character Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/700.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #700 commit 15dad3cf5e2890a7dedd372cefa4779696698936 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-26T16:33:16Z fixes problematic character --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #698: TPv2 - adds the ability to defin...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/698 TPv2 - adds the ability to define a custom menu via a json file You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-64-tpv2-custom-menu Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/698.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #698 commit b18980add9955ca4ecf7b939102ec669a7cbed9d Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-26T15:16:44Z adds the ability to define a custom menu via a json file --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #664: [TC-64] - TP v2 - minor changes ...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/664 [TC-64] - TP v2 - minor changes based on feedback You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-64-tpv2-feedback-6-9-17 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/664.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #664 commit 668230e4e8066b29a40681b57513b59bc8253ce8 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-09T16:03:30Z minor changes based on feedback --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #658: [TC-64] - failed to account for ...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/658 [TC-64] - failed to account for traffic monitors in snapshot diff You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-64-fixes-snapshot-diff Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/658.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #658 commit b47345187fec9c46eb834292ee8644cf6355f422 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-08T21:44:00Z failed to account for traffic monitors --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #657: [TC-372] - optimizes user/ds ass...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/657 [TC-372] - optimizes user/ds assignment endpoint and allows for bulk assignment thru ui You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-372-optimizes-ds-assignment Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/657.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #657 commit e826508fb2cf950c6a7e0e86201d7a86f7873d7a Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-08T17:50:17Z optimizes user/ds assignments endpoint commit b5b51d9b3e2d201ef08391cf03e8dd90fbe244c7 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-08T17:50:53Z adds the ability to bulk assign ds's to user in ui --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #656: [TC-371] - TO API - optimizes se...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/656 [TC-371] - TO API - optimizes server to ds assignment endpoint You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-371-optimize-server-assignment Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/656.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #656 commit 7a15c34a5ed3fa574bdcc51b57a94f1e411d6474 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-08T16:22:32Z one bulk query as opposed to many single queries to optimize performance --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #627: Change Traffic Ops to hide sensitive da...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/627 This PR should be merged first - https://github.com/apache/incubator-trafficcontrol/pull/642 Once that PR is merged, username will be added to access logs and that data can be used to determine who is logging in as ldap only and then a "local" user in the tm_user table can be created for those usersthis will prevent those ldap only users from being totally cut off when this PR is merged... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #655: [TC-64] to exp - allows for bulk...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/655 [TC-64] to exp - allows for bulk assignment of servers to a ds You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-64-bulk-assignments Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/655.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #655 commit b47288e12151ad95c2d0986d5d8a37e74e2b0659 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-07T20:59:47Z adds api to get eligible servers for ds commit 356f33d7427a558704c684bda1723ea7dcbdf7e4 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-07T21:18:24Z changes the way servers are assigned to ds's. always shows all servers and puts a checkmark next to currently assigned servers. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #653: stop tp before clean. also, reme...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/653 stop tp before clean. also, remember to remove container first. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol fix-docker-clean Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/653.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #653 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #652: TO API - updates access_control_...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/652 TO API - updates access_control_allow_origin to allow multiple api consumers You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol cdn-conf Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/652.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #652 commit e03e0accf4f293c7cea990ab1fc2e8f8947c6e5c Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-07T18:09:23Z multiple clients can access the api, therefore this needs to be * --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #602: Change Traffic Ops password hashing to ...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/602 i'm seeing this when i try to login [2017-06-07 10:59:36,931] [DEBUG] POST "/api/1.2/user/login". [2017-06-07 10:59:37,072] [DEBUG] Routing to controller "API::User" and action "login". [2017-06-07 10:59:37,077] [ERROR] Undefined subroutine ::Helper::sha1_hex called at /code/src/github.com/apache/incubator-trafficcontrol/traffic_ops/app/lib/Utils/Helper.pm line 147. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #567: API GW phase 0 (replaces #551, depends ...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/567 @amiryesh - can you rebase this? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #642: Add Traffic Ops username to access log
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/642 this is what the log line looks like now: 127.0.0.1 - - [05/Jun/2017:13:54:34 -0600] "GET /api/1.2/logs/newcount HTTP/1.1" 200 51 25823 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" so, yea, @dew it looks like the %u is there...it's just blank... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #645: Change Traffic Ops `/update` to `priv >...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/645 do you want to create a role for this? maybe call it 'ort' with a priv level of 11? this role would be added to the seeds.sql file. i'm guessing everyone could benefit from this new role. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #646: [TC-364] - adds the ability to a...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/646 [TC-364] - adds the ability to assign/unassign ds's to user thru the api You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-364-assign-ds-to-user Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/646.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #646 commit 5b99cbc7730c9d42740230d30794b06ac7fdb934 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-02T16:38:16Z repoints api away from controller that will soon be deprecated commit 55dfec9504fd9def23914250f7d10e5cc1b5004b Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-02T22:39:47Z fixes ability to edit current user commit aedddb734f7a470275fd5b81dfeeb1713091d68d Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-05T20:42:20Z adds the ability to add/remove ds's from a user thru the api and also hooks it into the new TO UI --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #642: Add Traffic Ops username to access log
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/642 Tested locally, here were my results: 127.0.0.1 - localUsername [05/Jun/2017:13:38:48 -0600] "GET /api/1.2/logs/newcount HTTP/1.1" 200 51 7370 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" ^^ local database user 127.0.0.1 - ldapUsername [05/Jun/2017:13:39:07 -0600] "GET /newlogcount HTTP/1.1" 200 38 4830 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" ^^ ldap user (user is not found in the database) @dewrich or @dangogh - any concerns? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #602: Change Traffic Ops password hashing to ...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/602 sorry, i merged another PR that created a conflict for you... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #370: Adding a "create user" to the api
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/370 yes, there is a UT failure: t/user.t (Wstat: 256 Tests: 21 Failed: 1) Failed test: 5 Non-zero exit status: 1 but i'm pretty sure this was fixed in master so i'll pull this in and if it's still broken, i can fix it. it only changes the behavior of user-update in the sense that role is now checked which in my opinion is a very valid check. you should not be able to update a user and leave out a required field - role. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #641: changelog fix - current_user() d...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/641 changelog fix - current_user() does not have a userid. also making sure count is nume⦠â¦ric. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol changelog-fix Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/641.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #641 commit bb8a7dadf5876a83fc9694b0950cc936cf492434 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-02T16:56:20Z current_user() does not have a userid. also making sure count is numeric. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #640: fixes broken user test
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/640 fixes broken user test You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol fixes-broken-user-test Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/640.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #640 commit 71e67ac81a4fe8abdfde3d3cef94ebbdb53fbb47 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-01T22:12:17Z fixes broken user test --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #639: [TC-362] - adds api for updating...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/639 [TC-362] - adds api for updating server status and ties it into new UI You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-362-update-status Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/639.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #639 commit deb1414f39a719ed8f9b0744535bc49b950138da Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-06-01T21:45:08Z adds api for updating server status and ties it into new UI --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #638: [TC-64] - to exp - ui tweaks
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/638 [TC-64] - to exp - ui tweaks You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-64-ui-tweaks Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/638.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #638 commit 66b4164b169703f42403b3649b5f5ff84273d739 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-05-30T21:35:31Z updates default table size commit 4b19daf8c7799e25967399f5219271d913a195e4 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-05-31T03:46:38Z ui tweaks (i know great commit message huh?) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #370: Adding a "create user" to the ap...
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/370#discussion_r119400623 --- Diff: traffic_ops/app/lib/API/User.pm --- @@ -229,6 +229,112 @@ sub update { } +# Create +sub create { + my $self = shift; + my $params = $self->req->json; + + if ( !_oper($self) ) { + return $self->forbidden(); + } + + my $name = $params->{username}; + if ( !defined($name) ) { + return $self->alert("Username is required."); + } + + my $existing = $self->db->resultset('TmUser')->search( { username => $name } )->single(); + if ($existing) { + return $self->alert("A user with username \"$name\" already exists."); + } + + + if ( !defined($params->{localPassword}) ) { + return $self->alert("local-password is required."); + } + + if ( !defined($params->{confirmLocalPassword}) ) { + return $self->alert("confirm-local-password is required."); + } + + if ($params->{localPassword} ne $params->{confirmLocalPassword}){ --- End diff -- this is not necessary, it is validated in the is_valid method --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #370: Adding a "create user" to the ap...
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/370#discussion_r119400399 --- Diff: traffic_ops/app/lib/API/User.pm --- @@ -226,6 +226,120 @@ sub update { } +# Create +sub create { + my $self = shift; + my $params = $self->req->json; + + if ( !_oper($self) ) { + return $self->forbidden(); + } + + my $name = $params->{username}; + if ( !defined($name) ) { + return $self->alert("Username is required."); --- End diff -- I don't understand. fullname, email and username are validated here: https://github.com/apache/incubator-trafficcontrol/blob/master/traffic_ops/app/lib/API/User.pm#L463 also, you should probably add role to line 463 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #605: [TC-355] Add CDN match checks wh...
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/605#discussion_r119394809 --- Diff: traffic_ops/app/lib/API/Server.pm --- @@ -911,6 +911,21 @@ sub is_server_valid { return ( 0, "Invalid server type" ); } + my $cdn_mismatch; + if ($id) { + my $profile = $self->db->resultset('Profile')->search( { 'me.id' => $params->{profileId}}, { prefetch => ['cdn'] } )->single(); + if ( !defined($profile->cdn) ) { + $cdn_mismatch = 1; + } + elsif ( $params->{cdnId} != $profile->cdn->id ) { + $cdn_mismatch = 1; + } + } + + if ($cdn_mismatch) { + return ( 0, "CDN of profile does not match Server CDN" ); + } --- End diff -- you could simplify all this code to simply: if ($id) { my $profile = $self->db->resultset('Profile')->search( { 'me.id' => $params->{profileId}}, { prefetch => ['cdn'] } )->single(); if ( !defined($profile->cdn) || $params->{cdnId} != $profile->cdn->id ) { return ( 0, "CDN of profile does not match Server CDN" ); } } --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #624: [TC-359] - fixes bug where updat...
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/624#discussion_r119386426 --- Diff: traffic_ops/app/lib/API/User.pm --- @@ -579,7 +573,7 @@ sub is_good_password { return "Your password cannot be the same as your username."; } - if ( ( $value ne '' ) && $value !~ qr/^.{8,100}$/ ) { + if ( ( $value ne '' ) && ( length($value) < 8 ) ) { --- End diff -- thanks! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #627: Change Traffic Ops to hide sensitive da...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/627 I can't get TO to build/start Couldn't load application from file "bin/../local/../script/cdn": Not a CODE reference at /src/github.com/apache/incubator-trafficcontrol/traffic_ops/app/lib/TrafficOpsRoutes.pm line 375, <$fn> line 1. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #370: Adding a "create user" to the api
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/370 @nir-sopher - can you fix this PR? "This branch cannot be rebased safely" - i'd like to get it merged if possible --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #602: Change Traffic Ops password hashing to ...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/602 I'll try to look at this tomorrow. thanks @rob05c --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #627: Change Traffic Ops to hide sensitive da...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/627 I'll try to check this out tomorrow. thanks @rob05c --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #624: [TC-359] - fixes bug where updat...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/624 [TC-359] - fixes bug where updating a user always returned "email taken" or "use⦠â¦rname taken". well of course it's taken...it's taken by the user that I'm trying to update...also, registration_sent is a timestamp, not a boolean..and also, regex is confusing... You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-359-fixes-user-update Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/624.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #624 commit 652bb007e6e9c81a9a968f73b8ee6f5a04f07426 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-05-30T21:00:39Z fixes bug where updating a user always returned "email taken" or "username taken" --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #623: [TC-356] - adds missing license ...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/623 [TC-356] - adds missing license header You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-356-adds-missing-licenses Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/623.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #623 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #622: [TC-358] - adds apis to fetch cu...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/622 [TC-358] - adds apis to fetch current and pending cdn snapshots You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-358-snapshot-apis Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/622.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #622 commit 17cdd74df7de07e31ff1bd47a9d5e364bee1994f Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-05-30T16:42:20Z adds apis to fetch current and pending cdn snapshots --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #615: [TC-64] - TO exp - hooks up cdn ...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/615 [TC-64] - TO exp - hooks up cdn config diff / snapshot You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-64-diff-snapshot Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/615.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #615 commit 7f8bebcbe1d6ddb4b305221fd0347a7637e99d2f Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-05-25T17:43:25Z hooks up cdn config diff / snapshot --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #606: [TC-354] - adds api, docs and te...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/606 [TC-354] - adds api, docs and tests to assign servers to a ds as well as fetch unassigned server⦠â¦s for a ds You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-354-assign-server-to-ds Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/606.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #606 commit 1e83cef27714f025573de899e5d1592e36f0b1bd Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-05-24T02:30:36Z adds api to assign servers to a ds as well as fetch unassigned servers for a ds --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #605: Add CDN match checks when assigning or ...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/605 In the API, I see where you are checking this: - when updating/creating a server, check that server.profile.cdn == server.cdn but i don't see where you are checking this in the API: - when updating a profile, check that profile.cdn == the cdn of the servers currently assigned to the profile --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #604: [TC-64] - TO exp - adds ability ...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/604 [TC-64] - TO exp - adds ability to assign servers to ds You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-64-assign-servers-to-ds Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/604.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #604 commit 1f6a1312966aa49745bf78324a2cdd7f704b4c20 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-05-23T17:33:30Z adds ability to assign servers to ds --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #544: Authorization model
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/544 I'm ready to merge this PR however it says "This branch cannot be rebased safely". To be honest I'm not really sure what that means but it doesn't sound great. So here's what I'd suggest: 1. update your master branch 2. git checkout authorization_model 3. git rebase master if all goes smoothly: 4. git push origin authorization_model --force (which will update your PR) if all doesn't go smoothly: 4. resolve conflicts (this is the tricky part of course do a git status to see where the conflicts are) 5. git rebase --continue (i think. it will tell you on the command line) 6. git push origin authorization_model --force (which will update your PR) of course if that doesn't work you can always do: git rebase --abort and we'll sync up and see what the issue is... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #550: adds timezone to last_seen_log b...
Github user mitchell852 closed the pull request at: https://github.com/apache/incubator-trafficcontrol/pull/550 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #589: [TC-64] - To experimental - allo...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/589 [TC-64] - To experimental - allows user to assign/unassign params from profile or cachegroup You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-64-link-param-to-profile Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/589.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #589 commit efa7708d87e12b06580a06851f1921e816f8e4b1 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-05-19T02:34:23Z allows user to assign/unassign params from profile or cachegroup --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #586: [TC-64] - TO experimental - adds...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/586 [TC-64] - TO experimental - adds different views for each ds type You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-64-ds-views Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/586.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #586 commit 8d578bd005f9d23fda45757f48b03748a0b789ad Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-05-17T18:39:59Z adds different views for each ds type --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol issue #561: Adds documentation for configfiles API ...
Github user mitchell852 commented on the issue: https://github.com/apache/incubator-trafficcontrol/pull/561 last i checked, these docs now build properly via sphinx...so i'm fine with the PR once the @dangogh comment is addressed. I'll kick this over to @dangogh --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #572: contributing.md - adds details r...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/572 contributing.md - adds details regarding writing documentation You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol contributing-changes Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/572.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #572 commit 4ddcd67d25bf190f95c30e919ec92a41dc1b25fa Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-05-12T15:43:07Z adds details regarding writing documentation --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #570: [TC-280] - adds api/*/servers/st...
GitHub user mitchell852 opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/570 [TC-280] - adds api/*/servers/status api endpoint to show a count of servers in ⦠â¦each status. also fixed broken asn tests. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mitchell852/incubator-trafficcontrol tc-280-server-status Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/570.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #570 commit 2cf7f46466869f4085a4547a34808f4af6373509 Author: Jeremy Mitchell <mitchell...@gmail.com> Date: 2017-05-11T20:48:25Z adds api/*/servers/status api endpoint to show a count of servers in each status. also fixed broken asn tests. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #544: Authorization model
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/544#discussion_r115898210 --- Diff: traffic_ops/app/db/seeds.sql --- @@ -81,10 +81,260 @@ insert into role (name, description, priv_level) values ('steering', 'Role for S insert into role (name, description, priv_level) values ('read-only user', 'Read-Only user', 10) ON CONFLICT (name) DO NOTHING; insert into role (name, description, priv_level) values ('portal', 'Portal User', 2) ON CONFLICT (name) DO NOTHING; insert into role (name, description, priv_level) values ('disallowed', 'Block all access', 0) ON CONFLICT (name) DO NOTHING; +insert into role (name, description, priv_level) values ('root', 'Role for full capabilities - super-user ', 30) ON CONFLICT DO NOTHING; -- tenants insert into tenant (name, active, parent_id) values ('root', true, null) ON CONFLICT DO NOTHING; +-- capabilities +insert into capability (name, description) values ('all-read', 'Full read access') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('all-write', 'Full write access') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('asn-read', 'View ASN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('asn-write', 'Create, edit or delete ASN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('basic-read', 'Basic read operations. Every user should have this capability') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('basic-write', 'Basic write operations. Every user should have this capability') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-config-files-read', 'View the generated cache configuration files') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-group-read', 'View cache-group configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-group-write', 'Create, edit or delete cache-group configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-stats-read', 'View Cache statistics read access') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-config-snapshot-read', 'View config snapshot at CDN level') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-config-snapshot-write', 'Config snapshot write access at CDN level') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-health-read', 'View CDN health') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-read', 'View CDN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-write', 'Create, edit or delete CDN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-security-keys-read', 'View CDN DNSSEC keys') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-security-keys-write', 'Create, edit or delete CDN DNSSEC keys') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-stats-read', 'View CDN statistics') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-stats-write', 'Create, edit or delete CDN statistics') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('change-log-read', 'View change-log') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('change-log-write', 'Create change-log entries') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('division-read', 'View division configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('division-write', 'Create, edit or delete division configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-cache-read', 'View delivery-service cache assignment') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-cache-read', 'Create, edit or delete delivery-service cache assignment') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-health-read', 'View delivery-service health') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-read', 'View delivery-service configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-write', 'Create, edit or delete delivery-service
[GitHub] incubator-trafficcontrol pull request #544: Authorization model
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/544#discussion_r115896943 --- Diff: traffic_ops/app/db/seeds.sql --- @@ -81,10 +81,260 @@ insert into role (name, description, priv_level) values ('steering', 'Role for S insert into role (name, description, priv_level) values ('read-only user', 'Read-Only user', 10) ON CONFLICT (name) DO NOTHING; insert into role (name, description, priv_level) values ('portal', 'Portal User', 2) ON CONFLICT (name) DO NOTHING; insert into role (name, description, priv_level) values ('disallowed', 'Block all access', 0) ON CONFLICT (name) DO NOTHING; +insert into role (name, description, priv_level) values ('root', 'Role for full capabilities - super-user ', 30) ON CONFLICT DO NOTHING; -- tenants insert into tenant (name, active, parent_id) values ('root', true, null) ON CONFLICT DO NOTHING; +-- capabilities +insert into capability (name, description) values ('all-read', 'Full read access') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('all-write', 'Full write access') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('asn-read', 'View ASN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('asn-write', 'Create, edit or delete ASN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('basic-read', 'Basic read operations. Every user should have this capability') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('basic-write', 'Basic write operations. Every user should have this capability') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-config-files-read', 'View the generated cache configuration files') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-group-read', 'View cache-group configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-group-write', 'Create, edit or delete cache-group configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-stats-read', 'View Cache statistics read access') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-config-snapshot-read', 'View config snapshot at CDN level') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-config-snapshot-write', 'Config snapshot write access at CDN level') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-health-read', 'View CDN health') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-read', 'View CDN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-write', 'Create, edit or delete CDN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-security-keys-read', 'View CDN DNSSEC keys') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-security-keys-write', 'Create, edit or delete CDN DNSSEC keys') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-stats-read', 'View CDN statistics') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-stats-write', 'Create, edit or delete CDN statistics') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('change-log-read', 'View change-log') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('change-log-write', 'Create change-log entries') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('division-read', 'View division configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('division-write', 'Create, edit or delete division configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-cache-read', 'View delivery-service cache assignment') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-cache-read', 'Create, edit or delete delivery-service cache assignment') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-health-read', 'View delivery-service health') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-read', 'View delivery-service configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-write', 'Create, edit or delete delivery-service
[GitHub] incubator-trafficcontrol pull request #544: Authorization model
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/544#discussion_r115896288 --- Diff: traffic_ops/app/db/seeds.sql --- @@ -81,10 +81,260 @@ insert into role (name, description, priv_level) values ('steering', 'Role for S insert into role (name, description, priv_level) values ('read-only user', 'Read-Only user', 10) ON CONFLICT (name) DO NOTHING; insert into role (name, description, priv_level) values ('portal', 'Portal User', 2) ON CONFLICT (name) DO NOTHING; insert into role (name, description, priv_level) values ('disallowed', 'Block all access', 0) ON CONFLICT (name) DO NOTHING; +insert into role (name, description, priv_level) values ('root', 'Role for full capabilities - super-user ', 30) ON CONFLICT DO NOTHING; -- tenants insert into tenant (name, active, parent_id) values ('root', true, null) ON CONFLICT DO NOTHING; +-- capabilities +insert into capability (name, description) values ('all-read', 'Full read access') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('all-write', 'Full write access') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('asn-read', 'View ASN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('asn-write', 'Create, edit or delete ASN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('basic-read', 'Basic read operations. Every user should have this capability') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('basic-write', 'Basic write operations. Every user should have this capability') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-config-files-read', 'View the generated cache configuration files') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-group-read', 'View cache-group configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-group-write', 'Create, edit or delete cache-group configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-stats-read', 'View Cache statistics read access') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-config-snapshot-read', 'View config snapshot at CDN level') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-config-snapshot-write', 'Config snapshot write access at CDN level') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-health-read', 'View CDN health') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-read', 'View CDN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-write', 'Create, edit or delete CDN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-security-keys-read', 'View CDN DNSSEC keys') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-security-keys-write', 'Create, edit or delete CDN DNSSEC keys') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-stats-read', 'View CDN statistics') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-stats-write', 'Create, edit or delete CDN statistics') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('change-log-read', 'View change-log') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('change-log-write', 'Create change-log entries') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('division-read', 'View division configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('division-write', 'Create, edit or delete division configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-cache-read', 'View delivery-service cache assignment') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-cache-read', 'Create, edit or delete delivery-service cache assignment') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-health-read', 'View delivery-service health') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-read', 'View delivery-service configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-write', 'Create, edit or delete delivery-service
[GitHub] incubator-trafficcontrol pull request #544: Authorization model
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/544#discussion_r115896312 --- Diff: traffic_ops/app/db/seeds.sql --- @@ -81,10 +81,260 @@ insert into role (name, description, priv_level) values ('steering', 'Role for S insert into role (name, description, priv_level) values ('read-only user', 'Read-Only user', 10) ON CONFLICT (name) DO NOTHING; insert into role (name, description, priv_level) values ('portal', 'Portal User', 2) ON CONFLICT (name) DO NOTHING; insert into role (name, description, priv_level) values ('disallowed', 'Block all access', 0) ON CONFLICT (name) DO NOTHING; +insert into role (name, description, priv_level) values ('root', 'Role for full capabilities - super-user ', 30) ON CONFLICT DO NOTHING; -- tenants insert into tenant (name, active, parent_id) values ('root', true, null) ON CONFLICT DO NOTHING; +-- capabilities +insert into capability (name, description) values ('all-read', 'Full read access') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('all-write', 'Full write access') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('asn-read', 'View ASN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('asn-write', 'Create, edit or delete ASN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('basic-read', 'Basic read operations. Every user should have this capability') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('basic-write', 'Basic write operations. Every user should have this capability') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-config-files-read', 'View the generated cache configuration files') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-group-read', 'View cache-group configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-group-write', 'Create, edit or delete cache-group configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cache-stats-read', 'View Cache statistics read access') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-config-snapshot-read', 'View config snapshot at CDN level') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-config-snapshot-write', 'Config snapshot write access at CDN level') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-health-read', 'View CDN health') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-read', 'View CDN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-write', 'Create, edit or delete CDN configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-security-keys-read', 'View CDN DNSSEC keys') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-security-keys-write', 'Create, edit or delete CDN DNSSEC keys') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-stats-read', 'View CDN statistics') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('cdn-stats-write', 'Create, edit or delete CDN statistics') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('change-log-read', 'View change-log') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('change-log-write', 'Create change-log entries') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('division-read', 'View division configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('division-write', 'Create, edit or delete division configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-cache-read', 'View delivery-service cache assignment') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-cache-read', 'Create, edit or delete delivery-service cache assignment') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-health-read', 'View delivery-service health') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-read', 'View delivery-service configuration') ON CONFLICT (name) DO NOTHING; +insert into capability (name, description) values ('ds-write', 'Create, edit or delete delivery-service
[GitHub] incubator-trafficcontrol pull request #544: Authorization model
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/544#discussion_r115861924 --- Diff: traffic_ops/app/lib/API/ApiCapability.pm --- @@ -0,0 +1,256 @@ +package API::ApiCapability; +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# + +use UI::Utils; + +use Mojo::Base 'Mojolicious::Controller'; +use Data::Dumper; + + + +my $finfo = __FILE__ . ":"; + +my %valid_http_methods = map { $_ => 1 } ('GET', 'POST', 'PUT', 'PATCH', 'DELETE'); + +sub index { + my $self = shift; + my $capability = $self->param('capability'); + + my %criteria; + if ( defined $capability ) { + $criteria{'me.capability'} = $capability; + } + my @data; + my $orderby = "capability"; + $orderby = $self->param('orderby') if ( defined $self->param('orderby') ); + + my $rs_data = $self->db->resultset("ApiCapability")->search( \%criteria, { prefetch => ['capability'], order_by => $orderby } ); + while ( my $row = $rs_data->next ) { + push( + @data, { + "id"=> $row->id, + "httpMethod"=> $row->http_method, + "route" => $row->route, + "capName" => $row->capability->name, + "lastUpdated" => $row->last_updated + } + ); + } + $self->success( \@data ); +} + + +sub renderResults { + my $self = shift; + my $rs_data = shift; + + my @data = (); + while ( my $row = $rs_data->next ) { + push( + @data, { + "id"=> $row->id, + "httpMethod"=> $row->http_method, + "route" => $row->route, + "capName" => $row->capability->name, + "lastUpdated" => $row->last_updated + } + ); + } + $self->success( \@data ); +} + +sub show { + my $self = shift; + my $id = $self->param('id'); + + my $rs_data = $self->db->resultset("ApiCapability")->search( 'me.id' => $id ); + $self->renderResults( $rs_data ) ; +} + +sub is_mapping_valid { + my $self = shift; + my $id = shift; + my $http_method = shift; + my $route = shift; + my $capability = shift; + + if ( !defined($http_method) ) { + return ( undef, "HTTP method is required." ); + } + + if ( !exists( $valid_http_methods{ $http_method } ) ) { + return ( undef, "HTTP method \'$http_method\' is invalid. Valid values are: " . join(", ", sort keys %valid_http_methods ) ); + } + + if ( !defined($route) or $route eq "" ) { + return ( undef, "Route is required." ); + } + + if ( !defined($capability) or $capability eq "" ) { + return (undef, "Capability name is required." ); + } + # check if capability exists + my $rs_data = $self->db->resultset("Capability")->search( { 'name' => { 'like', $capability } } )->single(); + if (!defined($rs_data)) { + return (undef, "Capability '$capability' does not exist." ); + } + + # search a mapping for the same http_method & route + $rs_data = $self->db->resultset("ApiCapability")->search( { 'route' => { 'like', $route } } )->search( { + 'http_method' => { '=', $http_method } } )->single(); + # if adding a new entry, make sure it is unique + if ( !defined( $id ) ) { + if (defined($rs_data)) { +
[GitHub] incubator-trafficcontrol pull request #544: Authorization model
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/544#discussion_r115859517 --- Diff: traffic_ops/app/db/migrations/2017040601_create_capabilities_and_roles.sql --- @@ -0,0 +1,91 @@ +/* + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +-- +goose Up +-- SQL in section 'Up' is executed when this migration is applied + + +-- capability +CREATE TABLE capability ( +name text primary key UNIQUE NOT NULL, +description text, +last_updated timestamp with time zone DEFAULT now() +); + +CREATE TRIGGER on_update_current_timestamp BEFORE UPDATE ON capability FOR EACH ROW EXECUTE PROCEDURE on_update_current_timestamp_last_updated(); + +-- http_method_t (enum) +CREATE TYPE http_method_t as ENUM ('GET', 'POST', 'PUT', 'PATCH', 'DELETE'); + +-- api_capability + +CREATE TABLE api_capability ( +id BIGSERIAL primary key NOT NULL, +http_method http_method_t NOT NULL, +route text NOT NULL, +capability text NOT NULL, +CONSTRAINT fk_capability FOREIGN KEY (capability) REFERENCES capability(name) ON DELETE RESTRICT, +UNIQUE (http_method, route, capability), +last_updated timestamp with time zone DEFAULT now() +); + +CREATE TRIGGER on_update_current_timestamp BEFORE UPDATE ON api_capability FOR EACH ROW EXECUTE PROCEDURE on_update_current_timestamp_last_updated(); + +-- role_capability +CREATE TABLE role_capability ( +role_id bigint NOT NULL, +CONSTRAINT fk_role_id FOREIGN KEY (role_id) REFERENCES role(id) ON DELETE CASCADE, +cap_name text NOT NULL, +CONSTRAINT fk_cap_name FOREIGN KEY (cap_name) REFERENCES capability(name) ON DELETE RESTRICT, +UNIQUE (role_id, cap_name), +last_updated timestamp with time zone DEFAULT now() +); + +CREATE TRIGGER on_update_current_timestamp BEFORE UPDATE ON role_capability FOR EACH ROW EXECUTE PROCEDURE on_update_current_timestamp_last_updated(); + +-- user_role +CREATE TABLE user_role ( +user_id bigint NOT NULL, --- End diff -- same thing as above. when a user is deleted all entries are deleted i this table where user_id = deleted user id? and when a role is deleted, all entries are deleted where role_id = deleted role id? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #544: Authorization model
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/544#discussion_r115858507 --- Diff: traffic_ops/app/db/migrations/2017040601_create_capabilities_and_roles.sql --- @@ -0,0 +1,91 @@ +/* + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +-- +goose Up +-- SQL in section 'Up' is executed when this migration is applied + + +-- capability +CREATE TABLE capability ( +name text primary key UNIQUE NOT NULL, +description text, +last_updated timestamp with time zone DEFAULT now() +); + +CREATE TRIGGER on_update_current_timestamp BEFORE UPDATE ON capability FOR EACH ROW EXECUTE PROCEDURE on_update_current_timestamp_last_updated(); + +-- http_method_t (enum) +CREATE TYPE http_method_t as ENUM ('GET', 'POST', 'PUT', 'PATCH', 'DELETE'); + +-- api_capability + +CREATE TABLE api_capability ( +id BIGSERIAL primary key NOT NULL, +http_method http_method_t NOT NULL, +route text NOT NULL, +capability text NOT NULL, +CONSTRAINT fk_capability FOREIGN KEY (capability) REFERENCES capability(name) ON DELETE RESTRICT, +UNIQUE (http_method, route, capability), --- End diff -- so this allows us to put one route in many capabilities if needed, right? for example GET /api/*/asns in asn-read GET /api/*/asns in foo-read that's what you want, right? just checking because if the idea is that an api can only belong to ONE capability, i believe that should change to UNIQUE (http_method, route), --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #544: Authorization model
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/544#discussion_r115863296 --- Diff: traffic_ops/app/lib/API/Capability.pm --- @@ -0,0 +1,184 @@ +package API::Capability; +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# + +use UI::Utils; + +use Mojo::Base 'Mojolicious::Controller'; +use Data::Dumper; + +my $finfo = __FILE__ . ":"; + +sub index { + my $self = shift; + my @data; + my $orderby = "name"; + $orderby = $self->param('orderby') if ( defined $self->param('orderby') ); + + my $rs_data = $self->db->resultset("Capability")->search( undef, { order_by => $orderby } ); + while ( my $row = $rs_data->next ) { + push( + @data, { + "name"=> $row->name, + "description" => $row->description, + "lastUpdated" => $row->last_updated + } + ); + } + $self->success( \@data ); +} + +sub name { + my $self = shift; + my $name = $self->param('name'); + + my $rs_data = $self->db->resultset("Capability")->search( 'me.name' => $name ); + my @data = (); + while ( my $row = $rs_data->next ) { + push( + @data, { + "name"=> $row->name, + "description" => $row->description, + "lastUpdated" => $row->last_updated + } + ); + } + $self->success( \@data ); +} + +sub create { + my $self = shift; + my $params = $self->req->json; + + if ( !_oper($self) ) { + return $self->forbidden(); + } + + if ( !defined($params) ) { + return $self->alert("Parameters must be in JSON format."); + } + + my $name= $params->{name}if defined( $params->{name} ); + my $description = $params->{description} if defined( $params->{description} ); + + if ( !defined($name) or $name eq "" ) { + return $self->alert("Name is required."); + } + + if ( !defined($description) or $description eq "" ) { + return $self->alert("Description is required."); + } + + # check if capability exists + my $rs_data = $self->db->resultset("Capability")->search( { 'name' => { 'like', $name } } )->single(); + if ( defined($rs_data) ) { + return $self->alert("Capability '$name' already exists."); + } + + my $values = { + name=> $name, + description => $description + }; + + my $insert = $self->db->resultset('Capability')->create($values); + my $rs = $insert->insert(); + if ($rs) { + my $response; + $response->{name}= $rs->name; + $response->{description} = $rs->description; + + ( $self, "Created Capability: '$response->{name}', '$response->{description}'", "APICHANGE" ); + + return $self->success( $response, "Capability was created." ); + } + else { + return $self->alert("Capability creation failed."); + } +} + +sub update { + my $self = shift; + my $name = $self->param('name'); + my $params = $self->req->json; + + if ( !_oper($self) ) { + return $self->forbidden(); + } + + if ( !defined($params) ) { + return $self->alert("Parameters must be in JSON format."); + } + + my $description = $params->{description} if defined( $params->{description} ); + + my $capability = $self->db->res
[GitHub] incubator-trafficcontrol pull request #544: Authorization model
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/544#discussion_r115862965 --- Diff: traffic_ops/app/lib/API/Capability.pm --- @@ -0,0 +1,184 @@ +package API::Capability; +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# + +use UI::Utils; + +use Mojo::Base 'Mojolicious::Controller'; +use Data::Dumper; + +my $finfo = __FILE__ . ":"; + +sub index { + my $self = shift; + my @data; + my $orderby = "name"; + $orderby = $self->param('orderby') if ( defined $self->param('orderby') ); + + my $rs_data = $self->db->resultset("Capability")->search( undef, { order_by => $orderby } ); + while ( my $row = $rs_data->next ) { + push( + @data, { + "name"=> $row->name, + "description" => $row->description, + "lastUpdated" => $row->last_updated + } + ); + } + $self->success( \@data ); +} + +sub name { + my $self = shift; + my $name = $self->param('name'); + + my $rs_data = $self->db->resultset("Capability")->search( 'me.name' => $name ); + my @data = (); --- End diff -- you might want to do this if ( !defined($rs_data) ) { return $self->not_found(); } so they get back a 404 instead of an empty result set if id is invalid --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #544: Authorization model
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/544#discussion_r115857172 --- Diff: traffic_ops/app/db/migrations/2017040601_create_capabilities_and_roles.sql --- @@ -0,0 +1,91 @@ +/* + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +-- +goose Up +-- SQL in section 'Up' is executed when this migration is applied + + +-- capability +CREATE TABLE capability ( +name text primary key UNIQUE NOT NULL, --- End diff -- I like that the primary key is name and not id ð . I wish we would have done that on a bunch of our other tables. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-trafficcontrol pull request #544: Authorization model
Github user mitchell852 commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/544#discussion_r115856064 --- Diff: docs/source/development/traffic_ops_api/v12/api_capability.rst --- @@ -0,0 +1,367 @@ +.. +.. +.. Licensed under the Apache License, Version 2.0 (the "License"); +.. you may not use this file except in compliance with the License. +.. You may obtain a copy of the License at +.. +.. http://www.apache.org/licenses/LICENSE-2.0 +.. +.. Unless required by applicable law or agreed to in writing, software +.. distributed under the License is distributed on an "AS IS" BASIS, +.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +.. See the License for the specific language governing permissions and +.. limitations under the License. +.. + +.. _to-api-v12-api_capability: + +API-Capabilities + + +.. _to-api-v12-api-capability-route: + +/api/1.2/api_capabilities ++ + +**GET /api/1.2/api_capabilities** + + Get all API-capability mappings. + + Authentication Required: Yes + + Role(s) Required: None + + **Response Properties** + + +---++--+ + |Parameter | Type | Description | + +===++==+ + | ``id``| int| Mapping id. | + +---++--+ + | ``httpMethod``| enum | One of: 'GET', 'POST', 'PUT', 'PATCH', 'DELETE'. | + +---++--+ + | ``route`` | string | API route. | + +---++--+ + | ``capName`` | string | Capability name. | + +---++--+ + | ``lastUpdated`` | string | | + +---++--+ + + **Response Example** :: + +{ + "response": [ + { + "id": "6", + "httpMethod": "GET", + "route": "/api/*/asns", + "capName": "asn-read", + "lastUpdated": "2017-04-02 08:22:43" + }, + { + "id": "7", + "httpMethod": "GET", + "route": "/api/*/asns/*", + "capName": "asn-read", + "lastUpdated": "2017-04-02 08:22:43" + } +] +} + +| + +**GET /api/1.2/api_capabilities/:id** + + Get an API-capability mapping by id. + + Authentication Required: Yes + + Role(s) Required: None + + **Request Route Parameters** + + +-+--+-+ + |Name | Required |Description | + +=+==+=+ + | ``id``| yes| Mapping id. | + +-+--+-+ + + **Response Properties** + + +---++--+ + |Parameter | Type | Description | + +===++==+ + | ``id``| int| Mapping id. | + +---++--+ + | ``httpMethod``| enum | One of: 'GET', 'POST', 'PUT', 'PATCH', 'DELETE'. | + +---++--+ + | ``route`` | string | API route. | + +---++--+ + | ``capName`` | string | Capability name. | + +---++--+ + | ``lastUpdated`