Support "user" and "client" permissions without a zone ID.
This commit is contained in:
@@ -58,6 +58,18 @@ public class Actor {
|
||||
return new Actor(APP, appId);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a user identifier. A user is identified by a GUID generated by UAA when
|
||||
* a user account is created.
|
||||
*
|
||||
* @param userId the UAA user GUID
|
||||
* @return the created {@literal Actor}
|
||||
*/
|
||||
public static Actor user(String userId) {
|
||||
Assert.notNull(userId, "userId must not be null");
|
||||
return new Actor(USER, userId);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a user identifier. A user is identified by a GUID generated by UAA when
|
||||
* a user account is created and the ID of the identity zone the user was created in.
|
||||
@@ -72,6 +84,17 @@ public class Actor {
|
||||
return new Actor(USER, zoneId + "/" + userId);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create an OAuth2 client identifier. A client identified by user-provided identifier.
|
||||
*
|
||||
* @param clientId the UAA client ID
|
||||
* @return the created {@literal Actor}
|
||||
*/
|
||||
public static Actor client(String clientId) {
|
||||
Assert.notNull(clientId, "clientId must not be null");
|
||||
return new Actor(OAUTH_CLIENT, clientId);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create an OAuth2 client identifier. A client identified by user-provided identifier
|
||||
* and the ID of the identity zone the client was created in.
|
||||
|
||||
@@ -167,6 +167,20 @@ public class CredentialPermission {
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the ID of a user that will be assigned permissions on a credential.
|
||||
* This is typically a GUID generated by UAA when a user account is created.
|
||||
*
|
||||
* @param userId user ID; must not be {@literal null}
|
||||
* @return the builder
|
||||
*/
|
||||
public CredentialPermissionBuilder user(String userId) {
|
||||
Assert.notNull(userId, "userId must not be null");
|
||||
Assert.isNull(actor, "only one actor can be specified");
|
||||
this.actor = Actor.user(userId);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the ID of a user that will be assigned permissions on a credential.
|
||||
* This is typically a GUID generated by UAA when a user account is created.
|
||||
@@ -183,6 +197,19 @@ public class CredentialPermission {
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the ID of an OAuth2 client that will be assigned permissions on a credential.
|
||||
*
|
||||
* @param clientId OAuth2 client ID; must not be {@literal null}
|
||||
* @return the builder
|
||||
*/
|
||||
public CredentialPermissionBuilder client(String clientId) {
|
||||
Assert.notNull(clientId, "clientId must not be null");
|
||||
Assert.isNull(actor, "only one actor can be specified");
|
||||
this.actor = Actor.client(clientId);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the ID of an OAuth2 client that will be assigned permissions on a credential.
|
||||
*
|
||||
|
||||
@@ -64,7 +64,7 @@ public abstract class CredHubRequestUnitTestsBase {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void serializationWithTwoPermissions() throws Exception {
|
||||
public void serializationWithThreePermissions() throws Exception {
|
||||
requestBuilder
|
||||
.permission(CredentialPermission.builder()
|
||||
.app("app-id")
|
||||
@@ -73,6 +73,10 @@ public abstract class CredHubRequestUnitTestsBase {
|
||||
.permission(CredentialPermission.builder()
|
||||
.user("zone1", "user-id")
|
||||
.operations(READ_ACL, WRITE_ACL)
|
||||
.build())
|
||||
.permission(CredentialPermission.builder()
|
||||
.client("client-id")
|
||||
.operations(READ, WRITE, READ_ACL, WRITE_ACL)
|
||||
.build());
|
||||
|
||||
String jsonValue = serializeToJson(requestBuilder);
|
||||
@@ -82,10 +86,18 @@ public abstract class CredHubRequestUnitTestsBase {
|
||||
equalTo(Actor.app("app-id").getIdentity())),
|
||||
hasJsonPath("$.additional_permissions[0].operations[0]", equalTo("read")),
|
||||
hasJsonPath("$.additional_permissions[0].operations[1]", equalTo("write")),
|
||||
|
||||
hasJsonPath("$.additional_permissions[1].actor",
|
||||
equalTo(Actor.user("zone1", "user-id").getIdentity())),
|
||||
hasJsonPath("$.additional_permissions[1].operations[0]", equalTo("read_acl")),
|
||||
hasJsonPath("$.additional_permissions[1].operations[1]", equalTo("write_acl"))
|
||||
hasJsonPath("$.additional_permissions[1].operations[1]", equalTo("write_acl")),
|
||||
|
||||
hasJsonPath("$.additional_permissions[2].actor",
|
||||
equalTo(Actor.client("client-id").getIdentity())),
|
||||
hasJsonPath("$.additional_permissions[2].operations[0]", equalTo("read")),
|
||||
hasJsonPath("$.additional_permissions[2].operations[1]", equalTo("write")),
|
||||
hasJsonPath("$.additional_permissions[2].operations[2]", equalTo("read_acl")),
|
||||
hasJsonPath("$.additional_permissions[2].operations[3]", equalTo("write_acl"))
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user