Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fail on Role update/create/sync if embedded Users do not exist. [HHQ-…
…3132]
  • Loading branch information
Ryan Morgan committed Jul 1, 2009
1 parent 4331c32 commit b32b961
Show file tree
Hide file tree
Showing 4 changed files with 75 additions and 44 deletions.
82 changes: 55 additions & 27 deletions hqu/hqapi1/app/RoleController.groovy
Expand Up @@ -68,7 +68,7 @@ class RoleController extends ApiController {
}

def create(params) {
def failureXml
def failureXml = null
def createdRole
try {
def createRequest = new XmlParser().parseText(getPostData())
Expand Down Expand Up @@ -102,16 +102,23 @@ class RoleController extends ApiController {
def u = getUser(subj.'@id'?.toInteger(), subj.'@name')
if (u) {
users << u
} else {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"User with id=" + subj.'@id' +
", name=" + subj.'@name' +
" not found")
}
}

createdRole = roleHelper.createRole(xmlIn.'@name',
xmlIn.'@description',
operations as String[],
users*.id as Integer[],
[] as Integer[])
// TODO: Setting subjects via createRole broken?
createdRole.setSubjects(user, users)
if (!failureXml) {
createdRole = roleHelper.createRole(xmlIn.'@name',
xmlIn.'@description',
operations as String[],
users*.id as Integer[],
[] as Integer[])
// TODO: Setting subjects via createRole broken?
createdRole.setSubjects(user, users)
}
}
} catch (PermissionException e) {
log.debug("Permission denied [${user.name}]", e)
Expand All @@ -134,7 +141,7 @@ class RoleController extends ApiController {
}

def update(params) {
def failureXml
def failureXml = null
try {
def updateRequest = new XmlParser().parseText(getPostData())
def xmlRole = updateRequest['Role']
Expand Down Expand Up @@ -170,14 +177,21 @@ class RoleController extends ApiController {
def u = getUser(subj.'@id'?.toInteger(), subj.'@name')
if (u) {
users << u
} else {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"User with id=" + subj.'@id' +
", name=" + subj.'@name' +
" not found")
}
}

existing.update(user,
xmlIn.'@name',
xmlIn.'@description')
existing.setOperations(user, operations)
existing.setSubjects(user, users)
if (!failureXml) {
existing.update(user,
xmlIn.'@name',
xmlIn.'@description')
existing.setOperations(user, operations)
existing.setSubjects(user, users)
}
}
} catch (AuthzDuplicateNameException e) {
log.debug("Duplicate object", e)
Expand All @@ -202,7 +216,7 @@ class RoleController extends ApiController {
}

def sync(params) {
def failureXml
def failureXml = null
try {
def syncRequest = new XmlParser().parseText(getPostData())
for (xmlRole in syncRequest['Role']) {
Expand Down Expand Up @@ -230,14 +244,21 @@ class RoleController extends ApiController {
def u = getUser(subj.'@id'?.toInteger(), subj.'@name')
if (u) {
users << u
} else {
failureXml= getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"User with id=" + subj.'@id' +
", name=" + subj.'@name' +
" not found")
}
}

existing.update(user,
xmlRole.'@name',
xmlRole.'@description')
existing.setOperations(user, operations)
existing.setSubjects(user, users)
if (!failureXml) {
existing.update(user,
xmlRole.'@name',
xmlRole.'@description')
existing.setOperations(user, operations)
existing.setSubjects(user, users)
}
} else {
def operations = []
def ops = xmlRole['Operation']
Expand All @@ -251,17 +272,24 @@ class RoleController extends ApiController {
def u = getUser(subj.'@id'?.toInteger(), subj.'@name')
if (u) {
users << u
} else {
failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
"User with id=" + subj.'@id' +
", name=" + subj.'@name' +
" not found")
}
}

def createdRole = roleHelper.createRole(xmlRole.'@name',
xmlRole.'@description',
operations as String[],
[] as Integer[],
[] as Integer[])
if (!failureXml) {
def createdRole = roleHelper.createRole(xmlRole.'@name',
xmlRole.'@description',
operations as String[],
[] as Integer[],
[] as Integer[])

// TODO: Setting subjects via createRole broken?
createdRole.setSubjects(user, users)
// TODO: Setting subjects via createRole broken?
createdRole.setSubjects(user, users)
}
}
}
} catch (PermissionException e) {
Expand Down
11 changes: 1 addition & 10 deletions src/org/hyperic/hq/hqapi1/test/RoleCreate_test.java
Expand Up @@ -153,15 +153,6 @@ public void testRoleCreateWithInvalidUsers() throws Exception {
r.getUser().addAll(users);

RoleResponse response = api.createRole(r);
hqAssertSuccess(response);

Role role = response.getRole();
for (Operation o : VIEW_OPS) {
assertTrue("Created role does not contain operation " + o.value(),
role.getOperation().contains(o));
}

// Should return 0 users since Role creation will not create new users.
assertTrue(role.getUser().size() == 0);
hqAssertFailureObjectNotFound(response);
}
}
17 changes: 17 additions & 0 deletions src/org/hyperic/hq/hqapi1/test/RoleSyncRoles_test.java
Expand Up @@ -208,4 +208,21 @@ public void testSyncSystemRole() throws Exception {
StatusResponse response = api.syncRoles(roles);
hqAssertFailureNotSupported(response);
}

public void testSyncRolesInvalidUsers() throws Exception {
RoleApi api = getRoleApi();

Role r = new Role();
r.setName("New Role with invalid users");

User u = new User();
u.setName("Invalid User");
r.getUser().add(u);

List<Role> roles = new ArrayList<Role>();
roles.add(r);

StatusResponse response = api.syncRoles(roles);
hqAssertFailureObjectNotFound(response);
}
}
9 changes: 2 additions & 7 deletions src/org/hyperic/hq/hqapi1/test/RoleUpdate_test.java
Expand Up @@ -254,7 +254,7 @@ public void testUpdateInvalidUsers() throws Exception {
RoleResponse createResponse = roleApi.createRole(r);
hqAssertSuccess(createResponse);

// Add all users.
// Add invalid users.
List<User> users = new ArrayList<User>();
for (int i = 0; i < 5; i++) {
users.add(generateTestUser());
Expand All @@ -263,11 +263,6 @@ public void testUpdateInvalidUsers() throws Exception {
Role role = createResponse.getRole();
role.getUser().addAll(users);
StatusResponse updateResponse = roleApi.updateRole(role);
hqAssertSuccess(updateResponse);

RoleResponse getResponse = roleApi.getRole(r.getName());
hqAssertSuccess(getResponse);
assertTrue("Updated role contained users, should be 0",
getResponse.getRole().getUser().size() == 0);
hqAssertFailureObjectNotFound(updateResponse);
}
}

0 comments on commit b32b961

Please sign in to comment.