Make the superuser flag bypass TLD access checks

The --superuser command in the nomulus command-line tool should be bypassing checks on whether the passed-in registrar client ID has access to the TLD in question, but currently it is not. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=158974462
2025-05-14 08:27:14 +02:00 · 2017-06-14 07:14:19 -07:00 · 2017-06-14 07:14:19 -07:00 · 580c41f2d6
commit 580c41f2d6
parent 3a02e6fb11
26 changed files with 223 additions and 38 deletions
--- a/javatests/google/registry/flows/domain/DomainRestoreRequestFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainRestoreRequestFlowTest.java
@ -494,6 +494,14 @@ public class DomainRestoreRequestFlowTest extends
    runFlow();
  }

+  @Test
+  public void testSuccess_superuserUnauthorizedClient() throws Exception {
+    sessionMetadata.setClientId("NewRegistrar");
+    persistPendingDeleteDomain();
+    thrown.expect(ResourceNotOwnedException.class);
+    runFlowAssertResponse(readFile("domain_update_response.xml"));
+  }
+
  @Test
  public void testFailure_notAuthorizedForTld() throws Exception {
    persistResource(
@ -507,11 +515,17 @@ public class DomainRestoreRequestFlowTest extends
  }

  @Test
-  public void testSuccess_superuserUnauthorizedClient() throws Exception {
-    sessionMetadata.setClientId("NewRegistrar");
+  public void testSuccess_superuserNotAuthorizedForTld() throws Exception {
+    persistResource(
+        Registrar.loadByClientId("TheRegistrar")
+            .asBuilder()
+            .setAllowedTlds(ImmutableSet.<String>of())
+            .build());
    persistPendingDeleteDomain();
-    thrown.expect(ResourceNotOwnedException.class);
-    runFlowAssertResponse(readFile("domain_update_response.xml"));
+    runFlowAssertResponse(
+        CommitMode.LIVE,
+        UserPrivileges.SUPERUSER,
+        readFile("domain_update_response.xml"));
  }

  @Test