zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-15 17:07:15 +02:00
Code Issues Projects Releases Packages Wiki Activity

Narrowly scope privileges for API service objects

Browse source 
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=129099520
This commit is contained in:
Justine Tunney 2016-08-02 08:16:03 -07:00
parent 9de287378b
commit 37d30591ed
9 changed files with 65 additions and 158 deletions
Download patch file Download diff file Expand all files Collapse all files

31
java/google/registry/groups/DirectoryModule.java
View file

@ -20,39 +20,24 @@ import com.google.api.services.admin.directory.DirectoryScopes;
import com.google.common.collect.ImmutableSet;
import dagger.Module;
import dagger.Provides;
import dagger.multibindings.ElementsIntoSet;
import google.registry.config.ConfigModule.Config;
import google.registry.request.DelegatedOAuthScopes;
import java.util.Set;
import javax.inject.Named;
/**
* Dagger module for the Google {@link Directory} service.
*
* @see google.registry.config.ConfigModule
* @see google.registry.request.Modules.UrlFetchTransportModule
* @see google.registry.request.Modules.Jackson2Module
* @see google.registry.request.Modules.AppIdentityCredentialModule
* @see google.registry.request.Modules.UseAppIdentityCredentialForGoogleApisModule
*/
/** Dagger module for the Google {@link Directory} service. */
@Module
public final class DirectoryModule {
/** Provides OAuth2 scopes for the Directory service needed by Domain Registry. */
@Provides
@ElementsIntoSet
@DelegatedOAuthScopes
static Set<String> provideDirectoryOAuthScopes() {
return ImmutableSet.of(
DirectoryScopes.ADMIN_DIRECTORY_GROUP_MEMBER,
DirectoryScopes.ADMIN_DIRECTORY_GROUP);
}
@Provides
static Directory provideDirectory(
@Named("delegatedAdmin") GoogleCredential credential,
@Config("projectId") String projectId) {
return new Directory.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
return new Directory.Builder(
credential.getTransport(),
credential.getJsonFactory(),
credential.createScoped(
ImmutableSet.of(
DirectoryScopes.ADMIN_DIRECTORY_GROUP_MEMBER,
DirectoryScopes.ADMIN_DIRECTORY_GROUP)))
.setApplicationName(projectId)
.build();
}