Example 1 with InvalidPermissionOperationException
use of org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException in project credhub by cloudfoundry-incubator.
the class PermissionedCredentialServiceTest method save_whenThereIsANewCredentialAndSelfUpdatingAcls_throwsException.
@Test
public void save_whenThereIsANewCredentialAndSelfUpdatingAcls_throwsException() {
when(request.getType()).thenReturn("password");
when(request.getOverwriteMode()).thenReturn(CredentialWriteMode.OVERWRITE.mode);
when(credentialVersionDataService.findMostRecent(CREDENTIAL_NAME)).thenReturn(null);
when(credentialVersionDataService.save(any(CredentialVersion.class))).thenReturn(new PasswordCredentialVersion().setEncryptor(encryptor));
when(permissionCheckingService.userAllowedToOperateOnActor("test-user")).thenReturn(true);
when(permissionCheckingService.hasPermission(userContext.getActor(), CREDENTIAL_NAME, WRITE_ACL)).thenReturn(true);
accessControlEntries.add(new PermissionEntry("test-user", Arrays.asList(WRITE, WRITE_ACL)));
try {
subject.save(existingCredentialVersion, credentialValue, request, auditRecordParameters);
} catch (InvalidPermissionOperationException e) {
assertThat(e.getMessage(), equalTo("error.permission.invalid_update_operation"));
}
}
Also used :
PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry)
PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion)
InvalidPermissionOperationException(org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException)
PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion)
CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion)
Test(org.junit.Test)
Example 2 with InvalidPermissionOperationException
use of org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException in project credhub by cloudfoundry-incubator.
the class PermissionService method savePermissions.
public void savePermissions(CredentialVersion credentialVersion, List<PermissionEntry> permissionEntryList, List<EventAuditRecordParameters> auditRecordParameters, boolean isNewCredential, String credentialName) {
auditRecordParameters.addAll(EventAuditRecordParametersFactory.createPermissionsEventAuditParameters(ACL_UPDATE, credentialName, permissionEntryList));
if (credentialVersion == null) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
for (PermissionEntry permissionEntry : permissionEntryList) {
if (!permissionCheckingService.userAllowedToOperateOnActor(permissionEntry.getActor())) {
throw new InvalidPermissionOperationException("error.permission.invalid_update_operation");
}
}
if (isNewCredential) {
final PermissionEntry permissionEntry = new PermissionEntry(userContextHolder.getUserContext().getActor(), asList(READ, WRITE, DELETE, WRITE_ACL, READ_ACL));
permissionEntryList.add(permissionEntry);
auditRecordParameters.addAll(EventAuditRecordParametersFactory.createPermissionsEventAuditParameters(ACL_UPDATE, credentialName, asList(permissionEntry)));
}
if (permissionEntryList.size() == 0) {
return;
}
if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), credentialVersion.getName(), WRITE_ACL)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
permissionDataService.savePermissions(credentialVersion.getCredential(), permissionEntryList);
}
Also used :
EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException)
PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry)
InvalidPermissionOperationException(org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException)
Example 3 with InvalidPermissionOperationException
use of org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException in project credhub by cloudfoundry-incubator.
the class PermissionsHandlerTest method setPermissions_whenUserUpdatesOwnPermission_throwsException.
@Test
public void setPermissions_whenUserUpdatesOwnPermission_throwsException() {
when(permissionCheckingService.hasPermission(any(String.class), eq(CREDENTIAL_NAME), eq(PermissionOperation.WRITE_ACL))).thenReturn(true);
when(permissionCheckingService.userAllowedToOperateOnActor(ACTOR_NAME)).thenReturn(false);
List<PermissionEntry> accessControlList = Arrays.asList(new PermissionEntry(ACTOR_NAME, Arrays.asList(PermissionOperation.READ)));
when(permissionsRequest.getCredentialName()).thenReturn(CREDENTIAL_NAME);
when(permissionsRequest.getPermissions()).thenReturn(accessControlList);
try {
subject.setPermissions(permissionsRequest, auditRecordParameters);
} catch (InvalidPermissionOperationException e) {
assertThat(e.getMessage(), equalTo("error.permission.invalid_update_operation"));
verify(permissionService, times(0)).savePermissions(any(), any(), eq(auditRecordParameters), eq(false), eq(CREDENTIAL_NAME));
}
}
Also used :
PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry)
InvalidPermissionOperationException(org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException)
Test(org.junit.Test)
Aggregations
InvalidPermissionOperationException (org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException)3
PermissionEntry (org.cloudfoundry.credhub.request.PermissionEntry)3
Test (org.junit.Test)2
CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)1
PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)1
EntryNotFoundException (org.cloudfoundry.credhub.exceptions.EntryNotFoundException)1
