diff --git a/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java b/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java index 90d2dbe47..b49c676ec 100644 --- a/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java +++ b/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java @@ -29,6 +29,7 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import com.google.common.collect.Multimap; +import com.google.common.collect.Sets; import com.google.common.collect.Streams; import com.google.common.flogger.FluentLogger; import google.registry.config.RegistryConfig.Config; @@ -298,11 +299,19 @@ public class RegistrarSettingsAction implements Runnable, JsonActionRunner.JsonA RegistrarFormFields.ALLOWED_TLDS_FIELD.extractUntyped(args).orElse(ImmutableSet.of()); if (!updatedAllowedTlds.equals(existingRegistrarObj.getAllowedTlds())) { // Only admin is allowed to update allowed TLDs - if (roles.contains(Role.ADMIN)) { - builder.setAllowedTlds(updatedAllowedTlds); - } else { + if (!roles.contains(Role.ADMIN)) { throw new ForbiddenException("Only admin can update allowed TLDs."); } + // Temporarily block anyone from removing an allowed TLD. + // This is so we can start having Support users use the console in production before we finish + // implementing configurable access control. + // TODO(b/119549884): remove this code once configurable access control is implemented. + Set removedTlds = + Sets.difference(existingRegistrarObj.getAllowedTlds(), updatedAllowedTlds); + if (!removedTlds.isEmpty()) { + throw new ForbiddenException("Can't remove allowed TLDs using the console."); + } + builder.setAllowedTlds(updatedAllowedTlds); } } diff --git a/javatests/google/registry/ui/server/registrar/RegistrarSettingsActionTest.java b/javatests/google/registry/ui/server/registrar/RegistrarSettingsActionTest.java index e2d37fdcf..8a9aca361 100644 --- a/javatests/google/registry/ui/server/registrar/RegistrarSettingsActionTest.java +++ b/javatests/google/registry/ui/server/registrar/RegistrarSettingsActionTest.java @@ -302,7 +302,7 @@ public class RegistrarSettingsActionTest extends RegistrarSettingsActionTestCase setUserAdmin(); doTestUpdate( Registrar::getAllowedTlds, - ImmutableSet.of("newtld"), + ImmutableSet.of("newtld", "currenttld"), (builder, s) -> builder.setAllowedTlds(s)); assertMetric(CLIENT_ID, "update", "[ADMIN]", "SUCCESS"); } @@ -340,7 +340,7 @@ public class RegistrarSettingsActionTest extends RegistrarSettingsActionTestCase ImmutableMap.of( "lastUpdateTime", getLastUpdateTime(), "emailAddress", "abc@def.com", - "allowedTlds", ImmutableList.of("invalidtld")))); + "allowedTlds", ImmutableList.of("invalidtld", "currenttld")))); assertThat(response) .containsExactly( "status", "ERROR", @@ -350,6 +350,28 @@ public class RegistrarSettingsActionTest extends RegistrarSettingsActionTestCase assertNoTasksEnqueued("sheet"); } + @Test + public void testUpdate_allowedTlds_failedWhenRemovingTld() { + setUserAdmin(); + Map response = + action.handleJsonRequest( + ImmutableMap.of( + "op", "update", + "id", CLIENT_ID, + "args", + ImmutableMap.of( + "lastUpdateTime", getLastUpdateTime(), + "emailAddress", "abc@def.com", + "allowedTlds", ImmutableList.of("newTld")))); + assertThat(response) + .containsExactly( + "status", "ERROR", + "results", ImmutableList.of(), + "message", "Can't remove allowed TLDs using the console."); + assertMetric(CLIENT_ID, "update", "[ADMIN]", "ERROR: ForbiddenException"); + assertNoTasksEnqueued("sheet"); + } + @Test public void testUpdate_allowedTlds_noChange_successWhenUserIsNotAdmin() { Map response =