Make the superuser flag bypass TLD access checks

The --superuser command in the nomulus command-line tool should be bypassing checks on whether the passed-in registrar client ID has access to the TLD in question, but currently it is not. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=158974462
2026-01-11 00:10:36 +00:00 · 2017-06-14 07:14:19 -07:00
parent 3a02e6fb11
commit 580c41f2d6
26 changed files with 223 additions and 38 deletions
--- a/java/google/registry/flows/domain/DomainApplicationCreateFlow.java
+++ b/java/google/registry/flows/domain/DomainApplicationCreateFlow.java
@@ -203,7 +203,10 @@ public final class DomainApplicationCreateFlow implements TransactionalFlow {
    InternetDomainName domainName = validateDomainName(targetId);
    String idnTableName = validateDomainNameWithIdnTables(domainName);
    String tld = domainName.parent().toString();
-    checkAllowedAccessToTld(clientId, tld);
+    if (!isSuperuser) {
+      // Access to the TLD should be checked before the subsequent checks as it is a greater concern
+      checkAllowedAccessToTld(clientId, tld);
+    }
    Registry registry = Registry.get(tld);
    FeesAndCredits feesAndCredits =
        pricingLogic.getCreatePrice(registry, targetId, now, command.getPeriod().getValue());