private SingularityRequestParent updateAuthorizedGroups(SingularityUser user, String requestId, SingularityUpdateGroupsRequest updateGroupsRequest) { SingularityRequestWithState oldRequestWithState = fetchRequestWithState(requestId, user); authorizationHelper.checkForAuthorization(oldRequestWithState.getRequest(), user, SingularityAuthorizationScope.WRITE); SingularityRequest newRequest = oldRequestWithState.getRequest().toBuilder() .setGroup(updateGroupsRequest.getGroup()) .setReadWriteGroups(Optional.of(updateGroupsRequest.getReadWriteGroups())) .setReadOnlyGroups(Optional.of(updateGroupsRequest.getReadOnlyGroups())) .build(); submitRequest(newRequest, Optional.of(oldRequestWithState), Optional.of(RequestHistoryType.UPDATED), Optional.absent(), updateGroupsRequest.getMessage(), Optional.absent(), user); return fillEntireRequest(fetchRequestWithState(requestId, user)); }
@Test public void itAllowsUserInReadWriteGroupsToUpdateReadWriteGroups() { final SingularityAuthorizationHelper authorizationHelper = buildAuthorizationHelper(buildAuthEnabledConfig()); Set<String> readWriteGroupsOld = new HashSet<>(); readWriteGroupsOld.add("a"); final SingularityRequest oldRequest = new SingularityRequestBuilder("test_c", RequestType.SERVICE) .setGroup(Optional.of("c")) .setReadWriteGroups(Optional.of(readWriteGroupsOld)) .build(); Set<String> readWriteGroupsNew = new HashSet<>(); readWriteGroupsNew.addAll(readWriteGroupsOld); readWriteGroupsNew.add("b"); final SingularityRequest newRequest = new SingularityRequestBuilder("test_c", RequestType.SERVICE) .setGroup(Optional.of("c")) .setReadWriteGroups(Optional.of(readWriteGroupsNew)) .build(); authorizationHelper.checkForAuthorizedChanges(newRequest, oldRequest, USER_GROUP_A); }
.setGroup(updateGroupsRequest.getGroup()) .setReadWriteGroups(Optional.of(updateGroupsRequest.getReadWriteGroups())) .setReadOnlyGroups(Optional.of(updateGroupsRequest.getReadOnlyGroups()))
@Test(expected = WebApplicationException.class) public void itRestrictsAUserFromUpdatingGroupsIfTheyWillNotHaveAccess() { final SingularityAuthorizationHelper authorizationHelper = buildAuthorizationHelper(buildAuthEnabledConfig()); Set<String> readWriteGroupsOld = new HashSet<>(); readWriteGroupsOld.add("a"); final SingularityRequest oldRequest = new SingularityRequestBuilder("test_c", RequestType.SERVICE) .setGroup(Optional.of("c")) .setReadWriteGroups(Optional.of(readWriteGroupsOld)) .build(); Set<String> readWriteGroupsNew = new HashSet<>(); readWriteGroupsNew.add("b"); final SingularityRequest newRequest = new SingularityRequestBuilder("test_c", RequestType.SERVICE) .setGroup(Optional.of("c")) .setReadWriteGroups(Optional.of(readWriteGroupsNew)) .build(); authorizationHelper.checkForAuthorizedChanges(newRequest, oldRequest, USER_GROUP_A); } }
.setScheduledExpectedRuntimeMillis(scheduledExpectedRuntimeMillis) .setRequiredRole(requiredRole) .setGroup(group) .setReadWriteGroups(readWriteGroups) .setReadOnlyGroups(readOnlyGroups)
private SingularityRequestParent updateAuthorizedGroups(SingularityUser user, String requestId, SingularityUpdateGroupsRequest updateGroupsRequest) { SingularityRequestWithState oldRequestWithState = fetchRequestWithState(requestId, user); authorizationHelper.checkForAuthorization(oldRequestWithState.getRequest(), user, SingularityAuthorizationScope.WRITE); SingularityRequest newRequest = oldRequestWithState.getRequest().toBuilder() .setGroup(updateGroupsRequest.getGroup()) .setReadWriteGroups(Optional.of(updateGroupsRequest.getReadWriteGroups())) .setReadOnlyGroups(Optional.of(updateGroupsRequest.getReadOnlyGroups())) .build(); submitRequest(newRequest, Optional.of(oldRequestWithState), Optional.of(RequestHistoryType.UPDATED), Optional.absent(), updateGroupsRequest.getMessage(), Optional.absent(), user); return fillEntireRequest(fetchRequestWithState(requestId, user)); }
.setGroup(updateGroupsRequest.getGroup()) .setReadWriteGroups(Optional.of(updateGroupsRequest.getReadWriteGroups())) .setReadOnlyGroups(Optional.of(updateGroupsRequest.getReadOnlyGroups()))
@Test public void itAllowsUserInReadWriteGroupsToUpdateReadWriteGroups() { final SingularityAuthorizationHelper authorizationHelper = buildAuthorizationHelper(buildAuthEnabledConfig()); Set<String> readWriteGroupsOld = new HashSet<>(); readWriteGroupsOld.add("a"); final SingularityRequest oldRequest = new SingularityRequestBuilder("test_c", RequestType.SERVICE) .setGroup(Optional.of("c")) .setReadWriteGroups(Optional.of(readWriteGroupsOld)) .build(); Set<String> readWriteGroupsNew = new HashSet<>(); readWriteGroupsNew.addAll(readWriteGroupsOld); readWriteGroupsNew.add("b"); final SingularityRequest newRequest = new SingularityRequestBuilder("test_c", RequestType.SERVICE) .setGroup(Optional.of("c")) .setReadWriteGroups(Optional.of(readWriteGroupsNew)) .build(); authorizationHelper.checkForAuthorizedChanges(newRequest, oldRequest, USER_GROUP_A); }
@Test(expected = WebApplicationException.class) public void itRestrictsAUserFromUpdatingGroupsIfTheyWillNotHaveAccess() { final SingularityAuthorizationHelper authorizationHelper = buildAuthorizationHelper(buildAuthEnabledConfig()); Set<String> readWriteGroupsOld = new HashSet<>(); readWriteGroupsOld.add("a"); final SingularityRequest oldRequest = new SingularityRequestBuilder("test_c", RequestType.SERVICE) .setGroup(Optional.of("c")) .setReadWriteGroups(Optional.of(readWriteGroupsOld)) .build(); Set<String> readWriteGroupsNew = new HashSet<>(); readWriteGroupsNew.add("b"); final SingularityRequest newRequest = new SingularityRequestBuilder("test_c", RequestType.SERVICE) .setGroup(Optional.of("c")) .setReadWriteGroups(Optional.of(readWriteGroupsNew)) .build(); authorizationHelper.checkForAuthorizedChanges(newRequest, oldRequest, USER_GROUP_A); } }