Fix permission handling for alert acknowledgement.

hyperic · Oct 1, 2009 · 209a20e · 209a20e
1 parent b0fbce3
commit 209a20e
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/hqu/hqapi1/app/AlertController.groovy b/hqu/hqapi1/app/AlertController.groovy
@@ -7,6 +7,7 @@ import org.hyperic.hq.events.server.session.AlertSortField
 import org.hyperic.hq.events.server.session.AlertManagerEJBImpl as AlertMan
 import org.hyperic.hq.escalation.server.session.EscalationManagerEJBImpl as EscMan
 import org.hyperic.hq.events.server.session.ClassicEscalationAlertType
+import org.hyperic.hq.authz.shared.PermissionException
 
 public class AlertController extends ApiController {
 
@@ -214,6 +215,8 @@ public class AlertController extends ApiController {
                                      "acknowledgable state")
                         }
                     }
+                } catch (PermissionException e) {
+                    failureXml = getFailureXML(ErrorCode.PERMISSION_DENIED)
                 } catch (Throwable t) {
                     failureXml = getFailureXML(ErrorCode.UNEXPECTED_ERROR,
                                                t.getMessage())

diff --git a/src/org/hyperic/hq/hqapi1/test/AlertAck_test.java b/src/org/hyperic/hq/hqapi1/test/AlertAck_test.java
@@ -4,8 +4,11 @@
 import org.hyperic.hq.hqapi1.types.StatusResponse;
 import org.hyperic.hq.hqapi1.types.Resource;
 import org.hyperic.hq.hqapi1.types.Escalation;
+import org.hyperic.hq.hqapi1.types.User;
 import org.hyperic.hq.hqapi1.AlertApi;
 
+import java.util.List;
+
 public class AlertAck_test extends AlertTestBase {
 
     public AlertAck_test(String name) {
@@ -16,7 +19,7 @@ public void testAckAlert() throws Exception {
         AlertApi api = getAlertApi();
         Resource platform = getLocalPlatformResource(false, false);
         Escalation e = createEscalation();
-        Alert a = generateAlerts(platform);
+        Alert a = generateAlerts(platform, e);
 
         validateAlert(a);
 
@@ -31,6 +34,26 @@ public void testAckAlert() throws Exception {
         deleteEscalation(e);
     }
 
+    public void testAckAlertNoPermission() throws Exception {
+        Resource platform = getLocalPlatformResource(false, false);
+        Escalation e = createEscalation();
+        Alert a = generateAlerts(platform, e);
+        validateAlert(a);
+
+        List<User> users = createTestUsers(1);
+        User unprivUser = users.get(0);
+        AlertApi apiUnpriv = getApi(unprivUser.getName(), TESTUSER_PASSWORD).getAlertApi();
+
+        // Test ack - alert will be in Escalation
+        StatusResponse ackResponse = apiUnpriv.ackAlert(a.getId(), "Test ACK", 60000l);
+        hqAssertFailurePermissionDenied(ackResponse);
+
+        // Cleanup
+        deleteAlertDefinitionByAlert(a);
+        deleteEscalation(e);
+        deleteTestUsers(users);
+    }
+
     public void testAckUnacknowledableAlert() throws Exception {
         Resource platform = getLocalPlatformResource(false, false);
         AlertApi api = getAlertApi();