Search in sources :

Example 1 with InvalidPermissionOperationException

use of org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException in project credhub by cloudfoundry-incubator.

the class PermissionedCredentialServiceTest method save_whenThereIsANewCredentialAndSelfUpdatingAcls_throwsException.

@Test
public void save_whenThereIsANewCredentialAndSelfUpdatingAcls_throwsException() {
    when(request.getType()).thenReturn("password");
    when(request.getOverwriteMode()).thenReturn(CredentialWriteMode.OVERWRITE.mode);
    when(credentialVersionDataService.findMostRecent(CREDENTIAL_NAME)).thenReturn(null);
    when(credentialVersionDataService.save(any(CredentialVersion.class))).thenReturn(new PasswordCredentialVersion().setEncryptor(encryptor));
    when(permissionCheckingService.userAllowedToOperateOnActor("test-user")).thenReturn(true);
    when(permissionCheckingService.hasPermission(userContext.getActor(), CREDENTIAL_NAME, WRITE_ACL)).thenReturn(true);
    accessControlEntries.add(new PermissionEntry("test-user", Arrays.asList(WRITE, WRITE_ACL)));
    try {
        subject.save(existingCredentialVersion, credentialValue, request, auditRecordParameters);
    } catch (InvalidPermissionOperationException e) {
        assertThat(e.getMessage(), equalTo("error.permission.invalid_update_operation"));
    }
}
Also used : PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) InvalidPermissionOperationException(org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) Test(org.junit.Test)

Example 2 with InvalidPermissionOperationException

use of org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException in project credhub by cloudfoundry-incubator.

the class PermissionService method savePermissions.

public void savePermissions(CredentialVersion credentialVersion, List<PermissionEntry> permissionEntryList, List<EventAuditRecordParameters> auditRecordParameters, boolean isNewCredential, String credentialName) {
    auditRecordParameters.addAll(EventAuditRecordParametersFactory.createPermissionsEventAuditParameters(ACL_UPDATE, credentialName, permissionEntryList));
    if (credentialVersion == null) {
        throw new EntryNotFoundException("error.credential.invalid_access");
    }
    for (PermissionEntry permissionEntry : permissionEntryList) {
        if (!permissionCheckingService.userAllowedToOperateOnActor(permissionEntry.getActor())) {
            throw new InvalidPermissionOperationException("error.permission.invalid_update_operation");
        }
    }
    if (isNewCredential) {
        final PermissionEntry permissionEntry = new PermissionEntry(userContextHolder.getUserContext().getActor(), asList(READ, WRITE, DELETE, WRITE_ACL, READ_ACL));
        permissionEntryList.add(permissionEntry);
        auditRecordParameters.addAll(EventAuditRecordParametersFactory.createPermissionsEventAuditParameters(ACL_UPDATE, credentialName, asList(permissionEntry)));
    }
    if (permissionEntryList.size() == 0) {
        return;
    }
    if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), credentialVersion.getName(), WRITE_ACL)) {
        throw new EntryNotFoundException("error.credential.invalid_access");
    }
    permissionDataService.savePermissions(credentialVersion.getCredential(), permissionEntryList);
}
Also used : EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException) PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) InvalidPermissionOperationException(org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException)

Example 3 with InvalidPermissionOperationException

use of org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException in project credhub by cloudfoundry-incubator.

the class PermissionsHandlerTest method setPermissions_whenUserUpdatesOwnPermission_throwsException.

@Test
public void setPermissions_whenUserUpdatesOwnPermission_throwsException() {
    when(permissionCheckingService.hasPermission(any(String.class), eq(CREDENTIAL_NAME), eq(PermissionOperation.WRITE_ACL))).thenReturn(true);
    when(permissionCheckingService.userAllowedToOperateOnActor(ACTOR_NAME)).thenReturn(false);
    List<PermissionEntry> accessControlList = Arrays.asList(new PermissionEntry(ACTOR_NAME, Arrays.asList(PermissionOperation.READ)));
    when(permissionsRequest.getCredentialName()).thenReturn(CREDENTIAL_NAME);
    when(permissionsRequest.getPermissions()).thenReturn(accessControlList);
    try {
        subject.setPermissions(permissionsRequest, auditRecordParameters);
    } catch (InvalidPermissionOperationException e) {
        assertThat(e.getMessage(), equalTo("error.permission.invalid_update_operation"));
        verify(permissionService, times(0)).savePermissions(any(), any(), eq(auditRecordParameters), eq(false), eq(CREDENTIAL_NAME));
    }
}
Also used : PermissionEntry(org.cloudfoundry.credhub.request.PermissionEntry) InvalidPermissionOperationException(org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException) Test(org.junit.Test)

Aggregations

InvalidPermissionOperationException (org.cloudfoundry.credhub.exceptions.InvalidPermissionOperationException)3 PermissionEntry (org.cloudfoundry.credhub.request.PermissionEntry)3 Test (org.junit.Test)2 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)1 PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)1 EntryNotFoundException (org.cloudfoundry.credhub.exceptions.EntryNotFoundException)1