1
0
mirror of https://github.com/google/nomulus synced 2026-07-19 22:42:23 +00:00

Make the superuser flag bypass TLD access checks

The --superuser command in the nomulus command-line tool should be
bypassing checks on whether the passed-in registrar client ID has access
to the TLD in question, but currently it is not.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=158974462
This commit is contained in:
Ben McIlwain
2017-06-14 07:14:19 -07:00
parent 3a02e6fb11
commit 580c41f2d6
26 changed files with 223 additions and 38 deletions
@@ -212,14 +212,14 @@ public final class DomainUpdateFlow implements TransactionalFlow {
verifyOptionalAuthInfo(authInfo, existingDomain);
AddRemove add = command.getInnerAdd();
AddRemove remove = command.getInnerRemove();
String tld = existingDomain.getTld();
if (!isSuperuser) {
verifyResourceOwnership(clientId, existingDomain);
verifyClientUpdateNotProhibited(command, existingDomain);
verifyAllStatusesAreClientSettable(union(add.getStatusValues(), remove.getStatusValues()));
checkAllowedAccessToTld(clientId, tld);
}
String tld = existingDomain.getTld();
Registry registry = Registry.get(tld);
checkAllowedAccessToTld(clientId, tld);
FeeTransformCommandExtension feeUpdate =
eppInput.getSingleExtension(FeeUpdateCommandExtension.class);
// If the fee extension is present, validate it (even if the cost is zero, to check for price