Wiring up allow-clients-to-create-secrets permission check (#1119)

square · Aug 10, 2022 · 098cec6 · 098cec6
1 parent aa71dd6
commit 098cec6
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 3 deletions.
diff --git a/server/src/main/java/keywhiz/service/permissions/PermissionCheckModule.java b/server/src/main/java/keywhiz/service/permissions/PermissionCheckModule.java
@@ -8,13 +8,31 @@
 public class PermissionCheckModule extends AbstractModule {
 
   @Override
-  protected void configure() {}
+  protected void configure() {
+    bindToDefaultConstructor(AllowClientSecretCreationPermissionCheck.class);
+  }
 
   @Provides
   public PermissionCheck createPermissionCheck(MetricRegistry metricRegistry,
       AutomationClientPermissionCheck automationClientCheck,
-      OwnershipPermissionCheck ownershipCheck) {
-    PermissionCheck anyPermissionCheck = new AnyPermissionCheck(metricRegistry, List.of(ownershipCheck, automationClientCheck));
+      OwnershipPermissionCheck ownershipCheck,
+      AllowClientSecretCreationPermissionCheck clientSecretCreationCheck) {
+
+    List<PermissionCheck> permissionChecks = List.of(
+        ownershipCheck,
+        clientSecretCreationCheck,
+        automationClientCheck
+    );
+
+    PermissionCheck anyPermissionCheck = new AnyPermissionCheck(metricRegistry, permissionChecks);
     return anyPermissionCheck;
   }
+
+  private <T> void bindToDefaultConstructor(Class<T> clazz) {
+    try {
+      bind(clazz).toConstructor(clazz.getConstructor());
+    } catch (NoSuchMethodException e) {
+      throw new RuntimeException(e);
+    }
+  }
 }
diff --git a/server/src/test/java/keywhiz/service/permissions/PermissionCheckModuleTest.java b/server/src/test/java/keywhiz/service/permissions/PermissionCheckModuleTest.java
@@ -1,10 +1,13 @@
 package keywhiz.service.permissions;
 
 import javax.inject.Inject;
+import keywhiz.api.model.Client;
+import keywhiz.api.model.Secret;
 import org.junit.Test;
 
 import static keywhiz.test.KeywhizTests.createInjector;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
 
 public class PermissionCheckModuleTest {
   @Test
@@ -21,4 +24,27 @@ class Holder {
     createInjector().injectMembers(holder);
     assertNotNull(holder.permissionCheck);
   }
+
+  @Test
+  public void injectedPermissionCheckAllowsClientSecretCreation() {
+    PermissionCheck permissionCheck = createInjector().getInstance(PermissionCheck.class);
+    assertTrue(permissionCheck.isAllowedForTargetType(newClient(), Action.CREATE, Secret.class));
+  }
+
+  private static Client newClient() {
+    return new Client(
+        0L,
+        "name",
+        null,
+        null,
+        null,
+        null,
+        null,
+        null,
+        null,
+        null,
+        false,
+        false);
+  }
+
 }