Make the superuser flag bypass TLD access checks

The --superuser command in the nomulus command-line tool should be bypassing checks on whether the passed-in registrar client ID has access to the TLD in question, but currently it is not. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=158974462
2025-05-14 00:17:20 +02:00 · 2017-06-14 07:14:19 -07:00 · 2017-06-14 07:14:19 -07:00 · 580c41f2d6
commit 580c41f2d6
parent 3a02e6fb11
26 changed files with 223 additions and 38 deletions
--- a/java/google/registry/flows/domain/DomainTransferApproveFlow.java
+++ b/java/google/registry/flows/domain/DomainTransferApproveFlow.java
@ -36,6 +36,7 @@ import com.googlecode.objectify.Key;
 import google.registry.flows.EppException;
 import google.registry.flows.ExtensionManager;
 import google.registry.flows.FlowModule.ClientId;
+import google.registry.flows.FlowModule.Superuser;
 import google.registry.flows.FlowModule.TargetId;
 import google.registry.flows.TransactionalFlow;
 import google.registry.flows.annotations.ReportingSpec;
@ -83,6 +84,7 @@ public final class DomainTransferApproveFlow implements TransactionalFlow {
  @Inject Optional<AuthInfo> authInfo;
  @Inject @ClientId String clientId;
  @Inject @TargetId String targetId;
+  @Inject @Superuser boolean isSuperuser;
  @Inject HistoryEntry.Builder historyBuilder;
  @Inject EppResponse.Builder responseBuilder;
  @Inject DomainTransferApproveFlow() {}
@ -102,7 +104,9 @@ public final class DomainTransferApproveFlow implements TransactionalFlow {
    verifyHasPendingTransfer(existingDomain);
    verifyResourceOwnership(clientId, existingDomain);
    String tld = existingDomain.getTld();
-    checkAllowedAccessToTld(clientId, tld);
+    if (!isSuperuser) {
+      checkAllowedAccessToTld(clientId, tld);
+    }
    TransferData transferData = existingDomain.getTransferData();
    String gainingClientId = transferData.getGainingClientId();
    HistoryEntry historyEntry = historyBuilder