mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2026-01-10 07:57:58 +00:00
Code Issues Releases Wiki Activity

Add administrator privileges to RDAP

Browse Source 
RDAP filters some contact data when the request is not authenticated as coming from a user associated with the registrar owning the contact. This CL adds an exception for admin users, which for the App Engine Users API are defined as App Engine project viewers. This means that the registry team will always get all information when logged in. This will also be useful when building tools that use RDAP output.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=168293820
This commit is contained in:
mountford
2017-09-11 15:18:43 -07:00
committed by jianglai
parent 211d89695a
commit 5b444d93fb
12 changed files with 152 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
java/google/registry/rdap/RdapActionBase.java
View File

@@ -150,20 +150,23 @@ public abstract class RdapActionBase implements Runnable {
}
}
Optional<String> getLoggedInClientId() {
RdapAuthorization getAuthorization() {
if (!authResult.userAuthInfo().isPresent()) {
return Optional.<String>absent();
return RdapAuthorization.PUBLIC_AUTHORIZATION;
}
UserAuthInfo userAuthInfo = authResult.userAuthInfo().get();
if (userAuthInfo.isUserAdmin()) {
return RdapAuthorization.ADMINISTRATOR_AUTHORIZATION;
}
if (!sessionUtils.checkRegistrarConsoleLogin(request, userAuthInfo)) {
return Optional.<String>absent();
return RdapAuthorization.PUBLIC_AUTHORIZATION;
}
String clientId = sessionUtils.getRegistrarClientId(request);
Optional<Registrar> registrar = Registrar.loadByClientIdCached(clientId);
if (!registrar.isPresent()) {
return Optional.<String>absent();
return RdapAuthorization.PUBLIC_AUTHORIZATION;
}
return Optional.of(clientId);
return RdapAuthorization.create(RdapAuthorization.Role.REGISTRAR, clientId);
}
void validateDomainName(String name) {