mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2026-01-03 11:45:39 +00:00
Code Issues Releases Wiki Activity

Allow new-console use for users with perm to the admin registrar ID (#2506)

Browse Source 
For instance, on sandbox this will allow us to remove our global roles
but keep roles to the CharlestonRoad admin registrar. Then, when we view
the console, it will be as if we were a registrar user.
This commit is contained in:
gbrodman
2024-07-25 16:25:55 -04:00
committed by GitHub
parent af5adcb0ba
commit d5445dd049
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
core/src/main/java/google/registry/ui/server/console/ConsoleApiAction.java
View File

@@ -29,10 +29,12 @@ import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import com.google.common.flogger.FluentLogger;
import google.registry.batch.CloudTasksUtils;
import google.registry.config.RegistryConfig;
import google.registry.export.sheet.SyncRegistrarsSheetAction;
import google.registry.model.console.ConsolePermission;
import google.registry.model.console.GlobalRole;
import google.registry.model.console.User;
import google.registry.model.console.UserRoles;
import google.registry.model.registrar.Registrar;
import google.registry.model.registrar.RegistrarPoc;
import google.registry.model.registrar.RegistrarPocBase;
@@ -62,6 +64,10 @@ public abstract class ConsoleApiAction implements Runnable {
@Inject CloudTasksUtils cloudTasksUtils;
@Inject
@RegistryConfig.Config("registryAdminClientId")
String registryAdminClientId;
public ConsoleApiAction(ConsoleApiParams consoleApiParams) {
this.consoleApiParams = consoleApiParams;
}
@@ -77,8 +83,12 @@ public abstract class ConsoleApiAction implements Runnable {
// This allows us to enable console to a selected cohort of users with release
// We can ignore it in tests
if (RegistryEnvironment.get() != RegistryEnvironment.UNITTEST
&& GlobalRole.NONE.equals(user.getUserRoles().getGlobalRole())) {
UserRoles userRoles = user.getUserRoles();
boolean hasGlobalOrTestingRole =
!GlobalRole.NONE.equals(userRoles.getGlobalRole())
|| userRoles.hasPermission(
registryAdminClientId, ConsolePermission.VIEW_REGISTRAR_DETAILS);
if (RegistryEnvironment.get() != RegistryEnvironment.UNITTEST && !hasGlobalOrTestingRole) {
try {
consoleApiParams.response().sendRedirect(ConsoleUiAction.PATH);
return;