From 121b3ed2d1a79d4bcfd1894b13dbf5c11810f6d2 Mon Sep 17 00:00:00 2001 From: Carles Arnal Date: Thu, 19 Dec 2024 13:59:08 +0100 Subject: [PATCH] Fix owner only updates --- .../registry/rest/v2/GroupsResourceImpl.java | 3 ++- .../registry/rest/v3/GroupsResourceImpl.java | 3 ++- .../registry/auth/SimpleAuthTest.java | 22 +++++++++++-------- .../readonly/ReadOnlyRegistryStorageTest.java | 4 ++-- .../client/auth/VertXAuthFactory.java | 7 ++---- 5 files changed, 21 insertions(+), 18 deletions(-) diff --git a/app/src/main/java/io/apicurio/registry/rest/v2/GroupsResourceImpl.java b/app/src/main/java/io/apicurio/registry/rest/v2/GroupsResourceImpl.java index 021dbeb4e8..634230f276 100644 --- a/app/src/main/java/io/apicurio/registry/rest/v2/GroupsResourceImpl.java +++ b/app/src/main/java/io/apicurio/registry/rest/v2/GroupsResourceImpl.java @@ -1371,7 +1371,8 @@ private ArtifactMetaData handleIfExistsReturnOrUpdate(String groupId, String art content, contentType, references); } - private ArtifactMetaData updateArtifactInternal(String groupId, String artifactId, String version, + @Authorized(style = AuthorizedStyle.GroupAndArtifact, level = AuthorizedLevel.Write) + protected ArtifactMetaData updateArtifactInternal(String groupId, String artifactId, String version, String name, String description, ContentHandle content, String contentType, List references) { diff --git a/app/src/main/java/io/apicurio/registry/rest/v3/GroupsResourceImpl.java b/app/src/main/java/io/apicurio/registry/rest/v3/GroupsResourceImpl.java index 164c59cda5..efa20cb51f 100644 --- a/app/src/main/java/io/apicurio/registry/rest/v3/GroupsResourceImpl.java +++ b/app/src/main/java/io/apicurio/registry/rest/v3/GroupsResourceImpl.java @@ -1280,7 +1280,8 @@ private CreateArtifactResponse handleIfExistsReturnOrUpdate(String groupId, Stri return updateArtifactInternal(groupId, artifactId, theVersion); } - private CreateArtifactResponse updateArtifactInternal(String groupId, String artifactId, + @Authorized(style = AuthorizedStyle.GroupAndArtifact, level = AuthorizedLevel.Write) + protected CreateArtifactResponse updateArtifactInternal(String groupId, String artifactId, CreateVersion theVersion) { String version = theVersion.getVersion(); String name = theVersion.getName(); diff --git a/app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java b/app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java index 471ad430e6..f20a071926 100644 --- a/app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java +++ b/app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java @@ -4,15 +4,7 @@ import io.apicurio.registry.AbstractResourceTestBase; import io.apicurio.registry.client.auth.VertXAuthFactory; import io.apicurio.registry.rest.client.RegistryClient; -import io.apicurio.registry.rest.client.models.ArtifactMetaData; -import io.apicurio.registry.rest.client.models.CreateArtifact; -import io.apicurio.registry.rest.client.models.CreateRule; -import io.apicurio.registry.rest.client.models.CreateVersion; -import io.apicurio.registry.rest.client.models.EditableArtifactMetaData; -import io.apicurio.registry.rest.client.models.RuleType; -import io.apicurio.registry.rest.client.models.UserInfo; -import io.apicurio.registry.rest.client.models.VersionContent; -import io.apicurio.registry.rest.client.models.VersionMetaData; +import io.apicurio.registry.rest.client.models.*; import io.apicurio.registry.rules.compatibility.CompatibilityLevel; import io.apicurio.registry.rules.validity.ValidityLevel; import io.apicurio.registry.types.ArtifactType; @@ -310,6 +302,18 @@ public void testOwnerOnlyAuthorization() throws Exception { createRule.setConfig(CompatibilityLevel.BACKWARD.name()); clientAdmin.groups().byGroupId(groupId).artifacts().byArtifactId(artifactId2).rules() .post(createRule); + + // Admin user will create an artifact + String artifactId1 = TestUtils.generateArtifactId(); + createArtifact.setArtifactId(artifactId1); + clientAdmin.groups().byGroupId(groupId).artifacts().post(createArtifact); + + // Dev user cannot update with ifExists the same artifact because Dev user is not the owner + Assertions.assertThrows(Exception.class, () -> { + clientDev.groups().byGroupId(groupId).artifacts().post(createArtifact, config -> { + config.queryParameters.ifExists = IfArtifactExists.CREATE_VERSION; + }); + }); } @Test diff --git a/app/src/test/java/io/apicurio/registry/storage/impl/readonly/ReadOnlyRegistryStorageTest.java b/app/src/test/java/io/apicurio/registry/storage/impl/readonly/ReadOnlyRegistryStorageTest.java index 2a10017b13..4153cdcabe 100644 --- a/app/src/test/java/io/apicurio/registry/storage/impl/readonly/ReadOnlyRegistryStorageTest.java +++ b/app/src/test/java/io/apicurio/registry/storage/impl/readonly/ReadOnlyRegistryStorageTest.java @@ -45,7 +45,7 @@ public class ReadOnlyRegistryStorageTest { new State(false, s -> s.countActiveArtifactVersions(null, null))), entry("countTotalArtifactVersions0", new State(false, RegistryStorage::countTotalArtifactVersions)), - entry("createArtifact10", + entry("createArtifact11", new State(true, s -> s.createArtifact(null, null, null, null, null, null, null, null, false, false, null))), @@ -53,7 +53,7 @@ public class ReadOnlyRegistryStorageTest { new State(true, s -> s.createArtifactRule(null, null, null, null))), entry("createArtifactVersionComment4", new State(true, s -> s.createArtifactVersionComment(null, null, null, null))), - entry("createArtifactVersion9", + entry("createArtifactVersion10", new State(true, s -> s.createArtifactVersion(null, null, null, null, null, null, null, false, false, null))), diff --git a/java-sdk/src/main/java/io/apicurio/registry/client/auth/VertXAuthFactory.java b/java-sdk/src/main/java/io/apicurio/registry/client/auth/VertXAuthFactory.java index 95e019524f..ffc604ae1c 100644 --- a/java-sdk/src/main/java/io/apicurio/registry/client/auth/VertXAuthFactory.java +++ b/java-sdk/src/main/java/io/apicurio/registry/client/auth/VertXAuthFactory.java @@ -27,11 +27,8 @@ public static WebClient buildOIDCWebClient(Vertx vertx, String tokenUrl, String String clientSecret, String scope) { WebClient webClient = WebClient.create(vertx); - OAuth2Auth oAuth2Options = OAuth2Auth.create(vertx, new OAuth2Options() - .setFlow(OAuth2FlowType.CLIENT) - .setClientId(clientId) - .setClientSecret(clientSecret) - .setTokenPath(tokenUrl)); + OAuth2Auth oAuth2Options = OAuth2Auth.create(vertx, new OAuth2Options().setFlow(OAuth2FlowType.CLIENT) + .setClientId(clientId).setClientSecret(clientSecret).setTokenPath(tokenUrl)); Oauth2Credentials oauth2Credentials = new Oauth2Credentials(); oauth2Credentials.addScope(scope);