diff --git a/console-webapp/src/app/shared/directives/userLevelVisiblity.directive.ts b/console-webapp/src/app/shared/directives/userLevelVisiblity.directive.ts index 17ed60583..255099e27 100644 --- a/console-webapp/src/app/shared/directives/userLevelVisiblity.directive.ts +++ b/console-webapp/src/app/shared/directives/userLevelVisiblity.directive.ts @@ -27,12 +27,10 @@ export const DISABLED_ELEMENTS_PER_ROLE = { NONE: [ RESTRICTED_ELEMENTS.REGISTRAR_ELEMENT, RESTRICTED_ELEMENTS.OTE, - RESTRICTED_ELEMENTS.USERS, - RESTRICTED_ELEMENTS.BULK_DELETE, RESTRICTED_ELEMENTS.SUSPEND, ], - SUPPORT_LEAD: [RESTRICTED_ELEMENTS.USERS], - SUPPORT_AGENT: [RESTRICTED_ELEMENTS.USERS], + SUPPORT_LEAD: [], + SUPPORT_AGENT: [], }; @Directive({ diff --git a/core/src/main/java/google/registry/ui/server/console/ConsoleUsersAction.java b/core/src/main/java/google/registry/ui/server/console/ConsoleUsersAction.java index 1e345ef12..edf33b198 100644 --- a/core/src/main/java/google/registry/ui/server/console/ConsoleUsersAction.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleUsersAction.java @@ -31,12 +31,14 @@ import com.google.api.services.directory.Directory; import com.google.api.services.directory.model.UserName; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; import com.google.gson.annotations.Expose; import google.registry.config.RegistryConfig.Config; import google.registry.model.console.ConsolePermission; import google.registry.model.console.RegistrarRole; import google.registry.model.console.User; import google.registry.model.console.UserRoles; +import google.registry.model.registrar.Registrar; import google.registry.persistence.VKey; import google.registry.request.Action; import google.registry.request.Action.GkeService; @@ -44,6 +46,7 @@ import google.registry.request.HttpException.BadRequestException; import google.registry.request.Parameter; import google.registry.request.auth.Auth; import google.registry.tools.IamClient; +import google.registry.util.DiffUtils; import google.registry.util.StringGenerator; import java.io.IOException; import java.util.List; @@ -96,24 +99,14 @@ public class ConsoleUsersAction extends ConsoleApiAction { @Override protected void postHandler(User user) { - // Temporary flag while testing - if (user.getUserRoles().isAdmin()) { - checkPermission(user, registrarId, ConsolePermission.MANAGE_USERS); - tm().transact(this::runPostInTransaction); - } else { - consoleApiParams.response().setStatus(SC_FORBIDDEN); - } + checkPermission(user, registrarId, ConsolePermission.MANAGE_USERS); + tm().transact(this::runPostInTransaction); } @Override protected void putHandler(User user) { - // Temporary flag while testing - if (user.getUserRoles().isAdmin()) { - checkPermission(user, registrarId, ConsolePermission.MANAGE_USERS); - tm().transact(this::runUpdateInTransaction); - } else { - consoleApiParams.response().setStatus(SC_FORBIDDEN); - } + checkPermission(user, registrarId, ConsolePermission.MANAGE_USERS); + tm().transact(this::runUpdateInTransaction); } @Override @@ -135,13 +128,8 @@ public class ConsoleUsersAction extends ConsoleApiAction { @Override protected void deleteHandler(User user) { - // Temporary flag while testing - if (user.getUserRoles().isAdmin()) { - checkPermission(user, registrarId, ConsolePermission.MANAGE_USERS); - tm().transact(this::runDeleteInTransaction); - } else { - consoleApiParams.response().setStatus(SC_FORBIDDEN); - } + checkPermission(user, registrarId, ConsolePermission.MANAGE_USERS); + tm().transact(this::runDeleteInTransaction); } private void runPostInTransaction() throws IOException { @@ -163,6 +151,8 @@ public class ConsoleUsersAction extends ConsoleApiAction { this.userData.get().emailAddress, registrarId, RegistrarRole.valueOf(this.userData.get().role)); + + sendConfirmationEmail(registrarId, this.userData.get().emailAddress, "Added existing user"); consoleApiParams.response().setStatus(SC_OK); } @@ -186,6 +176,7 @@ public class ConsoleUsersAction extends ConsoleApiAction { VKey key = VKey.create(User.class, email); tm().delete(key); User.revokeIapPermission(email, maybeGroupEmailAddress, cloudTasksUtils, null, iamClient); + sendConfirmationEmail(registrarId, email, "Deleted user"); } consoleApiParams.response().setStatus(SC_OK); @@ -232,7 +223,7 @@ public class ConsoleUsersAction extends ConsoleApiAction { User.Builder builder = new User.Builder().setUserRoles(userRoles).setEmailAddress(newEmail); tm().put(builder.build()); User.grantIapPermission(newEmail, maybeGroupEmailAddress, cloudTasksUtils, null, iamClient); - + sendConfirmationEmail(registrarId, newEmail, "Created user"); consoleApiParams.response().setStatus(SC_CREATED); consoleApiParams .response() @@ -251,6 +242,8 @@ public class ConsoleUsersAction extends ConsoleApiAction { this.userData.get().emailAddress, registrarId, RegistrarRole.valueOf(this.userData.get().role)); + + sendConfirmationEmail(registrarId, this.userData.get().emailAddress, "Updated user"); consoleApiParams.response().setStatus(SC_OK); } @@ -315,6 +308,20 @@ public class ConsoleUsersAction extends ConsoleApiAction { .collect(toImmutableList())); } + private boolean sendConfirmationEmail(String registrarId, String emailAddress, String operation) { + Optional registrar = Registrar.loadByRegistrarId(registrarId); + if (registrar.isEmpty()) { // Shouldn't happen, but worth checking + setFailedResponse( + "Failed to send an email to registrar " + registrarId, SC_INTERNAL_SERVER_ERROR); + return false; + } + sendExternalUpdates( + ImmutableMap.of("Console users updated", new DiffUtils.DiffPair(operation, emailAddress)), + registrar.get(), + ImmutableSet.of()); + return true; + } + public record UserData( @Expose String emailAddress, @Expose String role, @Expose @Nullable String password) {} } diff --git a/core/src/main/java/google/registry/ui/server/console/domains/ConsoleBulkDomainAction.java b/core/src/main/java/google/registry/ui/server/console/domains/ConsoleBulkDomainAction.java index 3d9a05ecc..2b755888d 100644 --- a/core/src/main/java/google/registry/ui/server/console/domains/ConsoleBulkDomainAction.java +++ b/core/src/main/java/google/registry/ui/server/console/domains/ConsoleBulkDomainAction.java @@ -15,7 +15,6 @@ package google.registry.ui.server.console.domains; import static com.google.common.collect.ImmutableMap.toImmutableMap; -import static jakarta.servlet.http.HttpServletResponse.SC_FORBIDDEN; import static jakarta.servlet.http.HttpServletResponse.SC_OK; import static java.nio.charset.StandardCharsets.UTF_8; @@ -81,11 +80,6 @@ public class ConsoleBulkDomainAction extends ConsoleApiAction { @Override protected void postHandler(User user) { - // Temporary flag while testing - if (!user.getUserRoles().isAdmin()) { - consoleApiParams.response().setStatus(SC_FORBIDDEN); - return; - } JsonElement jsonPayload = optionalJsonPayload.orElseThrow( () -> new IllegalArgumentException("Bulk action payload must be present")); diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_billingInfo_noRegistrarSelected.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_billingInfo_noRegistrarSelected.png index 91f4cbffc..2af1a532e 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_billingInfo_noRegistrarSelected.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_billingInfo_noRegistrarSelected.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_billingInfo_registrarSelected.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_billingInfo_registrarSelected.png index f2b0d971f..fb3c7497a 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_billingInfo_registrarSelected.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_billingInfo_registrarSelected.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_billingInfo_selectorOpen.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_billingInfo_selectorOpen.png index 832d9555b..429e0629e 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_billingInfo_selectorOpen.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_billingInfo_selectorOpen.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_actionsButtonClicked.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_actionsButtonClicked.png index 659db91e7..62ea8a5f3 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_actionsButtonClicked.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_actionsButtonClicked.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_noRegistrarSelected.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_noRegistrarSelected.png index 173ef1082..30f682cda 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_noRegistrarSelected.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_noRegistrarSelected.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_registrarSelected.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_registrarSelected.png index 97cf3ad82..f71bb755b 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_registrarSelected.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_registrarSelected.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_selectorOpen.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_selectorOpen.png index 33882d878..6403b0136 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_selectorOpen.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_dums_mainPage_selectorOpen.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_globalRole_registrars_homePage.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_globalRole_registrars_homePage.png index a0931905b..3887d6bd5 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_globalRole_registrars_homePage.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_globalRole_registrars_homePage.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_globalRole_registrars_registrarsPage.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_globalRole_registrars_registrarsPage.png index 6e50e0387..7a51e139d 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_globalRole_registrars_registrarsPage.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_globalRole_registrars_registrarsPage.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_index_page.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_index_page.png index 954651ffe..15c4dfb25 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_index_page.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_index_page.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_index_registrarSelectDropdown_selectedRegistrar.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_index_registrarSelectDropdown_selectedRegistrar.png index c22859175..49a266e93 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_index_registrarSelectDropdown_selectedRegistrar.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_index_registrarSelectDropdown_selectedRegistrar.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_index_registrarSelectDropdown_selectorOpen.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_index_registrarSelectDropdown_selectorOpen.png index 6ffd5aca8..853f39d40 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_index_registrarSelectDropdown_selectorOpen.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_index_registrarSelectDropdown_selectorOpen.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_resources_page.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_resources_page.png index 44423040b..7401ca16b 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_resources_page.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_resources_page.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_noRegistrarSelected.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_noRegistrarSelected.png index 378483f7b..6c2689d80 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_noRegistrarSelected.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_noRegistrarSelected.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_registrarSelected_contacts.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_registrarSelected_contacts.png index 51990b69e..95cc00783 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_registrarSelected_contacts.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_registrarSelected_contacts.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_registrarSelected_security.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_registrarSelected_security.png index d83cfb873..b28f76a32 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_registrarSelected_security.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_registrarSelected_security.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_registrarSelected_whois.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_registrarSelected_whois.png index 81a745f92..0a6615395 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_registrarSelected_whois.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_registrarSelected_whois.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_selectorOpen.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_selectorOpen.png index 890a7b581..79c42ac7c 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_selectorOpen.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_settingsPage_selectorOpen.png differ diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_support_page.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_support_page.png index 4a77406d6..be8618a48 100644 Binary files a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_support_page.png and b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/ConsoleScreenshotTest_support_page.png differ