Support "user" and "client" permissions without a zone ID.

This commit is contained in:
Scott Frederick
2017-10-04 16:54:32 -05:00
parent 32d659a831
commit 86ba84f419
3 changed files with 64 additions and 2 deletions

View File

@@ -58,6 +58,18 @@ public class Actor {
return new Actor(APP, appId);
}
/**
* Create a user identifier. A user is identified by a GUID generated by UAA when
* a user account is created.
*
* @param userId the UAA user GUID
* @return the created {@literal Actor}
*/
public static Actor user(String userId) {
Assert.notNull(userId, "userId must not be null");
return new Actor(USER, userId);
}
/**
* Create a user identifier. A user is identified by a GUID generated by UAA when
* a user account is created and the ID of the identity zone the user was created in.
@@ -72,6 +84,17 @@ public class Actor {
return new Actor(USER, zoneId + "/" + userId);
}
/**
* Create an OAuth2 client identifier. A client identified by user-provided identifier.
*
* @param clientId the UAA client ID
* @return the created {@literal Actor}
*/
public static Actor client(String clientId) {
Assert.notNull(clientId, "clientId must not be null");
return new Actor(OAUTH_CLIENT, clientId);
}
/**
* Create an OAuth2 client identifier. A client identified by user-provided identifier
* and the ID of the identity zone the client was created in.

View File

@@ -167,6 +167,20 @@ public class CredentialPermission {
return this;
}
/**
* Set the ID of a user that will be assigned permissions on a credential.
* This is typically a GUID generated by UAA when a user account is created.
*
* @param userId user ID; must not be {@literal null}
* @return the builder
*/
public CredentialPermissionBuilder user(String userId) {
Assert.notNull(userId, "userId must not be null");
Assert.isNull(actor, "only one actor can be specified");
this.actor = Actor.user(userId);
return this;
}
/**
* Set the ID of a user that will be assigned permissions on a credential.
* This is typically a GUID generated by UAA when a user account is created.
@@ -183,6 +197,19 @@ public class CredentialPermission {
return this;
}
/**
* Set the ID of an OAuth2 client that will be assigned permissions on a credential.
*
* @param clientId OAuth2 client ID; must not be {@literal null}
* @return the builder
*/
public CredentialPermissionBuilder client(String clientId) {
Assert.notNull(clientId, "clientId must not be null");
Assert.isNull(actor, "only one actor can be specified");
this.actor = Actor.client(clientId);
return this;
}
/**
* Set the ID of an OAuth2 client that will be assigned permissions on a credential.
*

View File

@@ -64,7 +64,7 @@ public abstract class CredHubRequestUnitTestsBase {
}
@Test
public void serializationWithTwoPermissions() throws Exception {
public void serializationWithThreePermissions() throws Exception {
requestBuilder
.permission(CredentialPermission.builder()
.app("app-id")
@@ -73,6 +73,10 @@ public abstract class CredHubRequestUnitTestsBase {
.permission(CredentialPermission.builder()
.user("zone1", "user-id")
.operations(READ_ACL, WRITE_ACL)
.build())
.permission(CredentialPermission.builder()
.client("client-id")
.operations(READ, WRITE, READ_ACL, WRITE_ACL)
.build());
String jsonValue = serializeToJson(requestBuilder);
@@ -82,10 +86,18 @@ public abstract class CredHubRequestUnitTestsBase {
equalTo(Actor.app("app-id").getIdentity())),
hasJsonPath("$.additional_permissions[0].operations[0]", equalTo("read")),
hasJsonPath("$.additional_permissions[0].operations[1]", equalTo("write")),
hasJsonPath("$.additional_permissions[1].actor",
equalTo(Actor.user("zone1", "user-id").getIdentity())),
hasJsonPath("$.additional_permissions[1].operations[0]", equalTo("read_acl")),
hasJsonPath("$.additional_permissions[1].operations[1]", equalTo("write_acl"))
hasJsonPath("$.additional_permissions[1].operations[1]", equalTo("write_acl")),
hasJsonPath("$.additional_permissions[2].actor",
equalTo(Actor.client("client-id").getIdentity())),
hasJsonPath("$.additional_permissions[2].operations[0]", equalTo("read")),
hasJsonPath("$.additional_permissions[2].operations[1]", equalTo("write")),
hasJsonPath("$.additional_permissions[2].operations[2]", equalTo("read_acl")),
hasJsonPath("$.additional_permissions[2].operations[3]", equalTo("write_acl"))
)
);
}