Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fail on Role update/create/sync if embedded Users do not exist. [HHQ-…

…3132]
  • Loading branch information...
commit b32b96150c30d212957a414f05ca8b98e518791c 1 parent 4331c32
Ryan Morgan authored
View
82 hqu/hqapi1/app/RoleController.groovy
@@ -68,7 +68,7 @@ class RoleController extends ApiController {
}
def create(params) {
- def failureXml
+ def failureXml = null
def createdRole
try {
def createRequest = new XmlParser().parseText(getPostData())
@@ -102,16 +102,23 @@ class RoleController extends ApiController {
def u = getUser(subj.'@id'?.toInteger(), subj.'@name')
if (u) {
users << u
+ } else {
+ failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
+ "User with id=" + subj.'@id' +
+ ", name=" + subj.'@name' +
+ " not found")
}
}
- createdRole = roleHelper.createRole(xmlIn.'@name',
- xmlIn.'@description',
- operations as String[],
- users*.id as Integer[],
- [] as Integer[])
- // TODO: Setting subjects via createRole broken?
- createdRole.setSubjects(user, users)
+ if (!failureXml) {
+ createdRole = roleHelper.createRole(xmlIn.'@name',
+ xmlIn.'@description',
+ operations as String[],
+ users*.id as Integer[],
+ [] as Integer[])
+ // TODO: Setting subjects via createRole broken?
+ createdRole.setSubjects(user, users)
+ }
}
} catch (PermissionException e) {
log.debug("Permission denied [${user.name}]", e)
@@ -134,7 +141,7 @@ class RoleController extends ApiController {
}
def update(params) {
- def failureXml
+ def failureXml = null
try {
def updateRequest = new XmlParser().parseText(getPostData())
def xmlRole = updateRequest['Role']
@@ -170,14 +177,21 @@ class RoleController extends ApiController {
def u = getUser(subj.'@id'?.toInteger(), subj.'@name')
if (u) {
users << u
+ } else {
+ failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
+ "User with id=" + subj.'@id' +
+ ", name=" + subj.'@name' +
+ " not found")
}
}
- existing.update(user,
- xmlIn.'@name',
- xmlIn.'@description')
- existing.setOperations(user, operations)
- existing.setSubjects(user, users)
+ if (!failureXml) {
+ existing.update(user,
+ xmlIn.'@name',
+ xmlIn.'@description')
+ existing.setOperations(user, operations)
+ existing.setSubjects(user, users)
+ }
}
} catch (AuthzDuplicateNameException e) {
log.debug("Duplicate object", e)
@@ -202,7 +216,7 @@ class RoleController extends ApiController {
}
def sync(params) {
- def failureXml
+ def failureXml = null
try {
def syncRequest = new XmlParser().parseText(getPostData())
for (xmlRole in syncRequest['Role']) {
@@ -230,14 +244,21 @@ class RoleController extends ApiController {
def u = getUser(subj.'@id'?.toInteger(), subj.'@name')
if (u) {
users << u
+ } else {
+ failureXml= getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
+ "User with id=" + subj.'@id' +
+ ", name=" + subj.'@name' +
+ " not found")
}
}
- existing.update(user,
- xmlRole.'@name',
- xmlRole.'@description')
- existing.setOperations(user, operations)
- existing.setSubjects(user, users)
+ if (!failureXml) {
+ existing.update(user,
+ xmlRole.'@name',
+ xmlRole.'@description')
+ existing.setOperations(user, operations)
+ existing.setSubjects(user, users)
+ }
} else {
def operations = []
def ops = xmlRole['Operation']
@@ -251,17 +272,24 @@ class RoleController extends ApiController {
def u = getUser(subj.'@id'?.toInteger(), subj.'@name')
if (u) {
users << u
+ } else {
+ failureXml = getFailureXML(ErrorCode.OBJECT_NOT_FOUND,
+ "User with id=" + subj.'@id' +
+ ", name=" + subj.'@name' +
+ " not found")
}
}
- def createdRole = roleHelper.createRole(xmlRole.'@name',
- xmlRole.'@description',
- operations as String[],
- [] as Integer[],
- [] as Integer[])
+ if (!failureXml) {
+ def createdRole = roleHelper.createRole(xmlRole.'@name',
+ xmlRole.'@description',
+ operations as String[],
+ [] as Integer[],
+ [] as Integer[])
- // TODO: Setting subjects via createRole broken?
- createdRole.setSubjects(user, users)
+ // TODO: Setting subjects via createRole broken?
+ createdRole.setSubjects(user, users)
+ }
}
}
} catch (PermissionException e) {
View
11 src/org/hyperic/hq/hqapi1/test/RoleCreate_test.java
@@ -153,15 +153,6 @@ public void testRoleCreateWithInvalidUsers() throws Exception {
r.getUser().addAll(users);
RoleResponse response = api.createRole(r);
- hqAssertSuccess(response);
-
- Role role = response.getRole();
- for (Operation o : VIEW_OPS) {
- assertTrue("Created role does not contain operation " + o.value(),
- role.getOperation().contains(o));
- }
-
- // Should return 0 users since Role creation will not create new users.
- assertTrue(role.getUser().size() == 0);
+ hqAssertFailureObjectNotFound(response);
}
}
View
17 src/org/hyperic/hq/hqapi1/test/RoleSyncRoles_test.java
@@ -208,4 +208,21 @@ public void testSyncSystemRole() throws Exception {
StatusResponse response = api.syncRoles(roles);
hqAssertFailureNotSupported(response);
}
+
+ public void testSyncRolesInvalidUsers() throws Exception {
+ RoleApi api = getRoleApi();
+
+ Role r = new Role();
+ r.setName("New Role with invalid users");
+
+ User u = new User();
+ u.setName("Invalid User");
+ r.getUser().add(u);
+
+ List<Role> roles = new ArrayList<Role>();
+ roles.add(r);
+
+ StatusResponse response = api.syncRoles(roles);
+ hqAssertFailureObjectNotFound(response);
+ }
}
View
9 src/org/hyperic/hq/hqapi1/test/RoleUpdate_test.java
@@ -254,7 +254,7 @@ public void testUpdateInvalidUsers() throws Exception {
RoleResponse createResponse = roleApi.createRole(r);
hqAssertSuccess(createResponse);
- // Add all users.
+ // Add invalid users.
List<User> users = new ArrayList<User>();
for (int i = 0; i < 5; i++) {
users.add(generateTestUser());
@@ -263,11 +263,6 @@ public void testUpdateInvalidUsers() throws Exception {
Role role = createResponse.getRole();
role.getUser().addAll(users);
StatusResponse updateResponse = roleApi.updateRole(role);
- hqAssertSuccess(updateResponse);
-
- RoleResponse getResponse = roleApi.getRole(r.getName());
- hqAssertSuccess(getResponse);
- assertTrue("Updated role contained users, should be 0",
- getResponse.getRole().getUser().size() == 0);
+ hqAssertFailureObjectNotFound(updateResponse);
}
}
Please sign in to comment.
Something went wrong with that request. Please try again.