Make the superuser flag bypass TLD access checks

The --superuser command in the nomulus command-line tool should be
bypassing checks on whether the passed-in registrar client ID has access
to the TLD in question, but currently it is not.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=158974462

java/google/registry/flows/domain/ClaimsCheckFlow.java

@@ -89,9 +89,9 @@ public final class ClaimsCheckFlow implements Flow {
       String tld = domainName.parent().toString();
       // Only validate access to a TLD the first time it is encountered.
       if (seenTlds.add(tld)) {
-        checkAllowedAccessToTld(clientId, tld);
-        Registry registry = Registry.get(tld);
         if (!isSuperuser) {
+          checkAllowedAccessToTld(clientId, tld);
+          Registry registry = Registry.get(tld);
           DateTime now = clock.nowUtc();
           verifyNotInPredelegation(registry, now);
           if (registry.getTldState(now) == TldState.SUNRISE) {

java/google/registry/flows/domain/DomainApplicationCreateFlow.java

@@ -203,7 +203,10 @@ public final class DomainApplicationCreateFlow implements TransactionalFlow {
     InternetDomainName domainName = validateDomainName(targetId);
     String idnTableName = validateDomainNameWithIdnTables(domainName);
     String tld = domainName.parent().toString();
-    checkAllowedAccessToTld(clientId, tld);
+    if (!isSuperuser) {
+      // Access to the TLD should be checked before the subsequent checks as it is a greater concern
+      checkAllowedAccessToTld(clientId, tld);
+    }
     Registry registry = Registry.get(tld);
     FeesAndCredits feesAndCredits =
         pricingLogic.getCreatePrice(registry, targetId, now, command.getPeriod().getValue());

java/google/registry/flows/domain/DomainApplicationDeleteFlow.java

@@ -88,8 +88,8 @@ public final class DomainApplicationDeleteFlow implements TransactionalFlow {
     verifyApplicationDomainMatchesTargetId(existingApplication, targetId);
     verifyOptionalAuthInfo(authInfo, existingApplication);
     String tld = existingApplication.getTld();
-    checkAllowedAccessToTld(clientId, tld);
     if (!isSuperuser) {
+      checkAllowedAccessToTld(clientId, tld);
       Registry registry = Registry.get(tld);
       verifyRegistryStateAllowsLaunchFlows(registry, now);
       verifyLaunchPhaseMatchesRegistryPhase(

java/google/registry/flows/domain/DomainApplicationUpdateFlow.java

@@ -174,13 +174,13 @@ public class DomainApplicationUpdateFlow implements TransactionalFlow {
       DomainApplication existingApplication, Update command, DateTime now) throws EppException {
     AddRemove add = command.getInnerAdd();
     AddRemove remove = command.getInnerRemove();
+    String tld = existingApplication.getTld();
     if (!isSuperuser) {
       verifyResourceOwnership(clientId, existingApplication);
       verifyClientUpdateNotProhibited(command, existingApplication);
       verifyAllStatusesAreClientSettable(union(add.getStatusValues(), remove.getStatusValues()));
+      checkAllowedAccessToTld(clientId, tld);
     }
-    String tld = existingApplication.getTld();
-    checkAllowedAccessToTld(clientId, tld);
     if (UPDATE_DISALLOWED_APPLICATION_STATUSES
         .contains(existingApplication.getApplicationStatus())) {
       throw new ApplicationStatusProhibitsUpdateException(

java/google/registry/flows/domain/DomainCheckFlow.java

@@ -136,11 +136,10 @@ public final class DomainCheckFlow implements Flow {
       // This validation is moderately expensive, so cache the results.
       domains.put(targetId, domainName);
       String tld = domainName.parent().toString();
-      if (seenTlds.add(tld)) {
+      boolean tldFirstTimeSeen = seenTlds.add(tld);
+      if (tldFirstTimeSeen && !isSuperuser) {
         checkAllowedAccessToTld(clientId, tld);
-        if (!isSuperuser) {
-          verifyNotInPredelegation(Registry.get(tld), now);
-        }
+        verifyNotInPredelegation(Registry.get(tld), now);
       }
     }
     ImmutableMap<String, InternetDomainName> domainNames = domains.build();

java/google/registry/flows/domain/DomainDeleteFlow.java

@@ -211,8 +211,8 @@ public final class DomainDeleteFlow implements TransactionalFlow {
     if (!isSuperuser) {
       verifyResourceOwnership(clientId, existingDomain);
       verifyNotInPredelegation(registry, now);
+      checkAllowedAccessToTld(clientId, registry.getTld().toString());
     }
-    checkAllowedAccessToTld(clientId, registry.getTld().toString());
     if (!existingDomain.getSubordinateHosts().isEmpty()) {
       throw new DomainToDeleteHasHostsException();
     }

java/google/registry/flows/domain/DomainRenewFlow.java

@@ -219,8 +219,8 @@ public final class DomainRenewFlow implements TransactionalFlow {
     verifyNoDisallowedStatuses(existingDomain, RENEW_DISALLOWED_STATUSES);
     if (!isSuperuser) {
       verifyResourceOwnership(clientId, existingDomain);
+      checkAllowedAccessToTld(clientId, existingDomain.getTld());
     }
-    checkAllowedAccessToTld(clientId, existingDomain.getTld());
     verifyUnitIsYears(command.getPeriod());
     // If the date they specify doesn't match the expiration, fail. (This is an idempotence check).
     if (!command.getCurrentExpirationDate().equals(

java/google/registry/flows/domain/DomainRestoreRequestFlow.java

@@ -188,6 +188,7 @@ public final class DomainRestoreRequestFlow implements TransactionalFlow  {
       verifyResourceOwnership(clientId, existingDomain);
       verifyNotReserved(InternetDomainName.from(targetId), false);
       verifyPremiumNameIsNotBlocked(targetId, now, clientId);
+      checkAllowedAccessToTld(clientId, existingDomain.getTld());
     }
     // No other changes can be specified on a restore request.
     if (!command.noChangesPresent()) {
@@ -197,7 +198,6 @@ public final class DomainRestoreRequestFlow implements TransactionalFlow  {
     if (!existingDomain.getGracePeriodStatuses().contains(GracePeriodStatus.REDEMPTION)) {
       throw new DomainNotEligibleForRestoreException();
     }
-    checkAllowedAccessToTld(clientId, existingDomain.getTld());
     validateFeeChallenge(targetId, existingDomain.getTld(), now, feeUpdate, feesAndCredits);
   }
 

java/google/registry/flows/domain/DomainTransferApproveFlow.java

@@ -36,6 +36,7 @@ import com.googlecode.objectify.Key;
 import google.registry.flows.EppException;
 import google.registry.flows.ExtensionManager;
 import google.registry.flows.FlowModule.ClientId;
+import google.registry.flows.FlowModule.Superuser;
 import google.registry.flows.FlowModule.TargetId;
 import google.registry.flows.TransactionalFlow;
 import google.registry.flows.annotations.ReportingSpec;
@@ -83,6 +84,7 @@ public final class DomainTransferApproveFlow implements TransactionalFlow {
   @Inject Optional<AuthInfo> authInfo;
   @Inject @ClientId String clientId;
   @Inject @TargetId String targetId;
+  @Inject @Superuser boolean isSuperuser;
   @Inject HistoryEntry.Builder historyBuilder;
   @Inject EppResponse.Builder responseBuilder;
   @Inject DomainTransferApproveFlow() {}
@@ -102,7 +104,9 @@ public final class DomainTransferApproveFlow implements TransactionalFlow {
     verifyHasPendingTransfer(existingDomain);
     verifyResourceOwnership(clientId, existingDomain);
     String tld = existingDomain.getTld();
-    checkAllowedAccessToTld(clientId, tld);
+    if (!isSuperuser) {
+      checkAllowedAccessToTld(clientId, tld);
+    }
     TransferData transferData = existingDomain.getTransferData();
     String gainingClientId = transferData.getGainingClientId();
     HistoryEntry historyEntry = historyBuilder

java/google/registry/flows/domain/DomainTransferCancelFlow.java

@@ -32,6 +32,7 @@ import com.googlecode.objectify.Key;
 import google.registry.flows.EppException;
 import google.registry.flows.ExtensionManager;
 import google.registry.flows.FlowModule.ClientId;
+import google.registry.flows.FlowModule.Superuser;
 import google.registry.flows.FlowModule.TargetId;
 import google.registry.flows.TransactionalFlow;
 import google.registry.flows.annotations.ReportingSpec;
@@ -71,6 +72,7 @@ public final class DomainTransferCancelFlow implements TransactionalFlow {
   @Inject Optional<AuthInfo> authInfo;
   @Inject @ClientId String clientId;
   @Inject @TargetId String targetId;
+  @Inject @Superuser boolean isSuperuser;
   @Inject HistoryEntry.Builder historyBuilder;
   @Inject EppResponse.Builder responseBuilder;
   @Inject DomainTransferCancelFlow() {}
@@ -85,7 +87,9 @@ public final class DomainTransferCancelFlow implements TransactionalFlow {
     verifyOptionalAuthInfo(authInfo, existingDomain);
     verifyHasPendingTransfer(existingDomain);
     verifyTransferInitiator(clientId, existingDomain);
-    checkAllowedAccessToTld(clientId, existingDomain.getTld());
+    if (!isSuperuser) {
+      checkAllowedAccessToTld(clientId, existingDomain.getTld());
+    }
     HistoryEntry historyEntry = historyBuilder
         .setType(HistoryEntry.Type.DOMAIN_TRANSFER_CANCEL)
         .setOtherClientId(existingDomain.getTransferData().getLosingClientId())

java/google/registry/flows/domain/DomainTransferRejectFlow.java

@@ -32,6 +32,7 @@ import com.googlecode.objectify.Key;
 import google.registry.flows.EppException;
 import google.registry.flows.ExtensionManager;
 import google.registry.flows.FlowModule.ClientId;
+import google.registry.flows.FlowModule.Superuser;
 import google.registry.flows.FlowModule.TargetId;
 import google.registry.flows.TransactionalFlow;
 import google.registry.flows.annotations.ReportingSpec;
@@ -71,6 +72,7 @@ public final class DomainTransferRejectFlow implements TransactionalFlow {
   @Inject Optional<AuthInfo> authInfo;
   @Inject @ClientId String clientId;
   @Inject @TargetId String targetId;
+  @Inject @Superuser boolean isSuperuser;
   @Inject HistoryEntry.Builder historyBuilder;
   @Inject EppResponse.Builder responseBuilder;
   @Inject DomainTransferRejectFlow() {}
@@ -91,7 +93,9 @@ public final class DomainTransferRejectFlow implements TransactionalFlow {
     verifyOptionalAuthInfo(authInfo, existingDomain);
     verifyHasPendingTransfer(existingDomain);
     verifyResourceOwnership(clientId, existingDomain);
-    checkAllowedAccessToTld(clientId, existingDomain.getTld());
+    if (!isSuperuser) {
+      checkAllowedAccessToTld(clientId, existingDomain.getTld());
+    }
     DomainResource newDomain =
         denyPendingTransfer(existingDomain, TransferStatus.CLIENT_REJECTED, now);
     ofy().save().<ImmutableObject>entities(

java/google/registry/flows/domain/DomainTransferRequestFlow.java

@@ -217,9 +217,9 @@ public final class DomainTransferRequestFlow implements TransactionalFlow {
     if (gainingClientId.equals(existingDomain.getCurrentSponsorClientId())) {
       throw new ObjectAlreadySponsoredException();
     }
-    checkAllowedAccessToTld(gainingClientId, existingDomain.getTld());
     verifyTransferPeriodIsOneYear(period);
     if (!isSuperuser) {
+      checkAllowedAccessToTld(gainingClientId, existingDomain.getTld());
       verifyPremiumNameIsNotBlocked(targetId, now, gainingClientId);
     }
   }

java/google/registry/flows/domain/DomainUpdateFlow.java

@@ -212,14 +212,14 @@ public final class DomainUpdateFlow implements TransactionalFlow {
     verifyOptionalAuthInfo(authInfo, existingDomain);
     AddRemove add = command.getInnerAdd();
     AddRemove remove = command.getInnerRemove();
+    String tld = existingDomain.getTld();
     if (!isSuperuser) {
       verifyResourceOwnership(clientId, existingDomain);
       verifyClientUpdateNotProhibited(command, existingDomain);
       verifyAllStatusesAreClientSettable(union(add.getStatusValues(), remove.getStatusValues()));
+      checkAllowedAccessToTld(clientId, tld);
     }
-    String tld = existingDomain.getTld();
     Registry registry = Registry.get(tld);
-    checkAllowedAccessToTld(clientId, tld);
     FeeTransformCommandExtension feeUpdate =
         eppInput.getSingleExtension(FeeUpdateCommandExtension.class);
     // If the fee extension is present, validate it (even if the cost is zero, to check for price