Set correct auth settings for all actions

A test has been added to RequestHandlerTest, making sure that, while we merely log errors for the time being, the correct dummy AuthResult is being created. Most actions use the default settings, which have been changed to INTERNAL / APP / IGNORED. Actions with non-default settings are: INTERNAL/NONE/PUBLIC (non-auth public endpoints) CheckApiAction WhoisHttpServer Rdap*Action INTERNAL,API/APP/ADMIN (things currently protected by web.xml) EppTlsAction EppToolAction CreateGroupsAction CreatePremiumListAction DeleteEntityAction List*sAction UpdatePremiumListAction VerifyOteAction WhoisServer INTERNAL,API,LEGACY/USER/PUBLIC (registrar console) RegistrarPaymentAction RegistrarPaymentSetupAction RegistrarSettingsAction EppConsoleAction INTERNAL,API,LEGACY/NONE/PUBLIC (registrar console main page) ConsoleUiAction ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=149761652
2026-05-23 16:21:55 +00:00 · 2017-03-10 08:47:52 -08:00
parent f5e76868f0
commit 1f000b94e6
38 changed files with 450 additions and 133 deletions
--- a/java/google/registry/tools/server/DeleteEntityAction.java
+++ b/java/google/registry/tools/server/DeleteEntityAction.java
@@ -31,13 +31,15 @@ import google.registry.request.Action;
 import google.registry.request.HttpException.BadRequestException;
 import google.registry.request.Parameter;
 import google.registry.request.Response;
+import google.registry.request.auth.Auth;
+import google.registry.request.auth.AuthLevel;
 import google.registry.util.FormattingLogger;
 import javax.inject.Inject;

 /**
 * An action to delete entities in Datastore specified by raw key ids, which can be found in
- * Datastore Viewer in the AppEngine console - it's the really long alphanumeric key that is
- * labeled "Entity key" on the page for an individual entity.
+ * Datastore Viewer in the AppEngine console - it's the really long alphanumeric key that is labeled
+ * "Entity key" on the page for an individual entity.
 *
 * <p>rawKeys is the only required parameter. It is a comma-delimited list of Strings.
 *
@@ -47,7 +49,15 @@ import javax.inject.Inject;
 * malformed data that cannot be properly deleted using existing tools. Generally, if there already
 * exists an entity-specific deletion command, then use that one instead.
 */
-@Action(path = DeleteEntityAction.PATH)
+@Action(
+  path = DeleteEntityAction.PATH,
+  auth =
+      @Auth(
+        methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
+        minimumLevel = AuthLevel.APP,
+        userPolicy = Auth.UserPolicy.ADMIN
+      )
+)
 public class DeleteEntityAction implements Runnable {

  private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();