Skip to content

Commit

Permalink
Fix owner only updates
Browse files Browse the repository at this point in the history
  • Loading branch information
carlesarnal committed Dec 19, 2024
1 parent bd4e6b5 commit 121b3ed
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 18 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1371,7 +1371,8 @@ private ArtifactMetaData handleIfExistsReturnOrUpdate(String groupId, String art
content, contentType, references);
}

private ArtifactMetaData updateArtifactInternal(String groupId, String artifactId, String version,
@Authorized(style = AuthorizedStyle.GroupAndArtifact, level = AuthorizedLevel.Write)
protected ArtifactMetaData updateArtifactInternal(String groupId, String artifactId, String version,
String name, String description, ContentHandle content, String contentType,
List<ArtifactReference> references) {

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1280,7 +1280,8 @@ private CreateArtifactResponse handleIfExistsReturnOrUpdate(String groupId, Stri
return updateArtifactInternal(groupId, artifactId, theVersion);
}

private CreateArtifactResponse updateArtifactInternal(String groupId, String artifactId,
@Authorized(style = AuthorizedStyle.GroupAndArtifact, level = AuthorizedLevel.Write)
protected CreateArtifactResponse updateArtifactInternal(String groupId, String artifactId,
CreateVersion theVersion) {
String version = theVersion.getVersion();
String name = theVersion.getName();
Expand Down
22 changes: 13 additions & 9 deletions app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,7 @@
import io.apicurio.registry.AbstractResourceTestBase;
import io.apicurio.registry.client.auth.VertXAuthFactory;
import io.apicurio.registry.rest.client.RegistryClient;
import io.apicurio.registry.rest.client.models.ArtifactMetaData;
import io.apicurio.registry.rest.client.models.CreateArtifact;
import io.apicurio.registry.rest.client.models.CreateRule;
import io.apicurio.registry.rest.client.models.CreateVersion;
import io.apicurio.registry.rest.client.models.EditableArtifactMetaData;
import io.apicurio.registry.rest.client.models.RuleType;
import io.apicurio.registry.rest.client.models.UserInfo;
import io.apicurio.registry.rest.client.models.VersionContent;
import io.apicurio.registry.rest.client.models.VersionMetaData;
import io.apicurio.registry.rest.client.models.*;
import io.apicurio.registry.rules.compatibility.CompatibilityLevel;
import io.apicurio.registry.rules.validity.ValidityLevel;
import io.apicurio.registry.types.ArtifactType;
Expand Down Expand Up @@ -310,6 +302,18 @@ public void testOwnerOnlyAuthorization() throws Exception {
createRule.setConfig(CompatibilityLevel.BACKWARD.name());
clientAdmin.groups().byGroupId(groupId).artifacts().byArtifactId(artifactId2).rules()
.post(createRule);

// Admin user will create an artifact
String artifactId1 = TestUtils.generateArtifactId();
createArtifact.setArtifactId(artifactId1);
clientAdmin.groups().byGroupId(groupId).artifacts().post(createArtifact);

// Dev user cannot update with ifExists the same artifact because Dev user is not the owner
Assertions.assertThrows(Exception.class, () -> {
clientDev.groups().byGroupId(groupId).artifacts().post(createArtifact, config -> {
config.queryParameters.ifExists = IfArtifactExists.CREATE_VERSION;
});
});
}

@Test
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,15 +45,15 @@ public class ReadOnlyRegistryStorageTest {
new State(false, s -> s.countActiveArtifactVersions(null, null))),
entry("countTotalArtifactVersions0",
new State(false, RegistryStorage::countTotalArtifactVersions)),
entry("createArtifact10",
entry("createArtifact11",
new State(true,
s -> s.createArtifact(null, null, null, null, null, null, null, null, false,
false, null))),
entry("createArtifactRule4",
new State(true, s -> s.createArtifactRule(null, null, null, null))),
entry("createArtifactVersionComment4",
new State(true, s -> s.createArtifactVersionComment(null, null, null, null))),
entry("createArtifactVersion9",
entry("createArtifactVersion10",
new State(true,
s -> s.createArtifactVersion(null, null, null, null, null, null, null, false,
false, null))),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,8 @@ public static WebClient buildOIDCWebClient(Vertx vertx, String tokenUrl, String
String clientSecret, String scope) {
WebClient webClient = WebClient.create(vertx);

OAuth2Auth oAuth2Options = OAuth2Auth.create(vertx, new OAuth2Options()
.setFlow(OAuth2FlowType.CLIENT)
.setClientId(clientId)
.setClientSecret(clientSecret)
.setTokenPath(tokenUrl));
OAuth2Auth oAuth2Options = OAuth2Auth.create(vertx, new OAuth2Options().setFlow(OAuth2FlowType.CLIENT)
.setClientId(clientId).setClientSecret(clientSecret).setTokenPath(tokenUrl));

Oauth2Credentials oauth2Credentials = new Oauth2Credentials();
oauth2Credentials.addScope(scope);
Expand Down

0 comments on commit 121b3ed

Please sign in to comment.