use of org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException in project credhub by cloudfoundry-incubator.
the class PermissionedCredentialServiceTest method save_whenThereIsANewCredentialAndSelfUpdatingAcls_throwsException.
@Test
public void save_whenThereIsANewCredentialAndSelfUpdatingAcls_throwsException() {
when(request.getType()).thenReturn("password");
when(request.getOverwriteMode()).thenReturn(CredentialWriteMode.OVERWRITE.mode);
when(credentialVersionDataService.findMostRecent(CREDENTIAL_NAME)).thenReturn(null);
when(credentialVersionDataService.save(any(CredentialVersion.class))).thenReturn(new PasswordCredentialVersion().setEncryptor(encryptor));
when(permissionCheckingService.userAllowedToOperateOnActor("test-user")).thenReturn(true);
when(permissionCheckingService.hasPermission(userContext.getActor(), CREDENTIAL_NAME, WRITE_ACL)).thenReturn(true);
accessControlEntries.add(new PermissionEntry("test-user", Arrays.asList(WRITE, WRITE_ACL)));
try {
subject.save(existingCredentialVersion, credentialValue, request, auditRecordParameters);
} catch (InvalidPermissionOperationException e) {
assertThat(e.getMessage(), equalTo("error.permission.invalid_update_operation"));
}
}
use of org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException in project credhub by cloudfoundry-incubator.
the class PermissionService method savePermissions.
public void savePermissions(CredentialVersion credentialVersion, List<PermissionEntry> permissionEntryList, List<EventAuditRecordParameters> auditRecordParameters, boolean isNewCredential, String credentialName) {
auditRecordParameters.addAll(EventAuditRecordParametersFactory.createPermissionsEventAuditParameters(ACL_UPDATE, credentialName, permissionEntryList));
if (credentialVersion == null) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
for (PermissionEntry permissionEntry : permissionEntryList) {
if (!permissionCheckingService.userAllowedToOperateOnActor(permissionEntry.getActor())) {
throw new InvalidPermissionOperationException("error.permission.invalid_update_operation");
}
}
if (isNewCredential) {
final PermissionEntry permissionEntry = new PermissionEntry(userContextHolder.getUserContext().getActor(), asList(READ, WRITE, DELETE, WRITE_ACL, READ_ACL));
permissionEntryList.add(permissionEntry);
auditRecordParameters.addAll(EventAuditRecordParametersFactory.createPermissionsEventAuditParameters(ACL_UPDATE, credentialName, asList(permissionEntry)));
}
if (permissionEntryList.size() == 0) {
return;
}
if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), credentialVersion.getName(), WRITE_ACL)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
permissionDataService.savePermissions(credentialVersion.getCredential(), permissionEntryList);
}
use of org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException in project credhub by cloudfoundry-incubator.
the class PermissionsHandlerTest method setPermissions_whenUserUpdatesOwnPermission_throwsException.
@Test
public void setPermissions_whenUserUpdatesOwnPermission_throwsException() {
when(permissionCheckingService.hasPermission(any(String.class), eq(CREDENTIAL_NAME), eq(PermissionOperation.WRITE_ACL))).thenReturn(true);
when(permissionCheckingService.userAllowedToOperateOnActor(ACTOR_NAME)).thenReturn(false);
List<PermissionEntry> accessControlList = Arrays.asList(new PermissionEntry(ACTOR_NAME, Arrays.asList(PermissionOperation.READ)));
when(permissionsRequest.getCredentialName()).thenReturn(CREDENTIAL_NAME);
when(permissionsRequest.getPermissions()).thenReturn(accessControlList);
try {
subject.setPermissions(permissionsRequest, auditRecordParameters);
} catch (InvalidPermissionOperationException e) {
assertThat(e.getMessage(), equalTo("error.permission.invalid_update_operation"));
verify(permissionService, times(0)).savePermissions(any(), any(), eq(auditRecordParameters), eq(false), eq(CREDENTIAL_NAME));
}
}
Aggregations