Allow admins read/write access to all registrar in web console

This CL removes the "READ vs UPDATE" feature completely. Now anyone with access has full read+write access. We still keep track of which role a user has (did they get access "explicitly" because they are an "allowed access" contact? Or do they have access because they are admins?) for the logs and UI, and also so we could in the (very near) future have features only available to admins. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=218169608
2025-08-03 00:12:11 +02:00 · 2018-10-22 08:11:10 -07:00 · 2018-10-22 08:11:10 -07:00 · d2ca67460c
commit d2ca67460c
parent 2020dcb50f
12 changed files with 138 additions and 288 deletions
--- a/javatests/google/registry/ui/server/registrar/ConsoleUiActionTest.java
+++ b/javatests/google/registry/ui/server/registrar/ConsoleUiActionTest.java
@ -17,8 +17,8 @@ package google.registry.ui.server.registrar;
 import static com.google.common.net.HttpHeaders.LOCATION;
 import static com.google.common.truth.Truth.assertThat;
 import static google.registry.testing.DatastoreHelper.loadRegistrar;
-import static google.registry.ui.server.registrar.AuthenticatedRegistrarAccessor.AccessType.READ;
-import static google.registry.ui.server.registrar.AuthenticatedRegistrarAccessor.AccessType.UPDATE;
+import static google.registry.ui.server.registrar.AuthenticatedRegistrarAccessor.Role.ADMIN;
+import static google.registry.ui.server.registrar.AuthenticatedRegistrarAccessor.Role.OWNER;
 import static javax.servlet.http.HttpServletResponse.SC_MOVED_TEMPORARILY;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@ -79,16 +79,15 @@ public class ConsoleUiActionTest {
    action.paramClientId = Optional.empty();
    AuthResult authResult = AuthResult.create(AuthLevel.USER, UserAuthInfo.create(user, false));
    action.authResult = authResult;
-    when(registrarAccessor.getRegistrar("TheRegistrar", READ))
+    when(registrarAccessor.getRegistrar("TheRegistrar"))
        .thenReturn(loadRegistrar("TheRegistrar"));
-    when(registrarAccessor.getAllClientIdWithAccess())
+    when(registrarAccessor.getAllClientIdWithRoles())
        .thenReturn(
            ImmutableSetMultimap.of(
-                UPDATE, "TheRegistrar",
-                READ, "TheRegistrar",
-                UPDATE, "ReadWriteRegistrar",
-                READ, "ReadWriteRegistrar",
-                READ, "ReadOnlyRegistrar"));
+                "TheRegistrar", OWNER,
+                "OtherRegistrar", OWNER,
+                "OtherRegistrar", ADMIN,
+                "AdminRegistrar", ADMIN));
    when(registrarAccessor.guessClientId()).thenCallRealMethod();
    // Used for error message in guessClientId
    registrarAccessor.authResult = authResult;
@ -128,7 +127,7 @@ public class ConsoleUiActionTest {

  @Test
  public void testUserDoesntHaveAccessToAnyRegistrar_showsWhoAreYouPage() {
-    when(registrarAccessor.getAllClientIdWithAccess()).thenReturn(ImmutableSetMultimap.of());
+    when(registrarAccessor.getAllClientIdWithRoles()).thenReturn(ImmutableSetMultimap.of());
    action.run();
    assertThat(response.getPayload()).contains("<h1>You need permission</h1>");
    assertThat(response.getPayload()).contains("not associated with Nomulus.");
@ -155,7 +154,7 @@ public class ConsoleUiActionTest {
  @Test
  public void testSettingClientId_notAllowed_showsNeedPermissionPage() {
    action.paramClientId = Optional.of("OtherClientId");
-    when(registrarAccessor.getRegistrar("OtherClientId", READ))
+    when(registrarAccessor.getRegistrar("OtherClientId"))
        .thenThrow(new ForbiddenException("forbidden"));
    action.run();
    assertThat(response.getPayload()).contains("<h1>You need permission</h1>");
@ -165,7 +164,7 @@ public class ConsoleUiActionTest {
  @Test
  public void testSettingClientId_allowed_showsRegistrarConsole() {
    action.paramClientId = Optional.of("OtherClientId");
-    when(registrarAccessor.getRegistrar("OtherClientId", READ))
+    when(registrarAccessor.getRegistrar("OtherClientId"))
        .thenReturn(loadRegistrar("TheRegistrar"));
    action.run();
    assertThat(response.getPayload()).contains("Registrar Console");
@ -176,7 +175,7 @@ public class ConsoleUiActionTest {
  public void testUserHasAccessAsTheRegistrar_showsClientIdChooser() {
    action.run();
    assertThat(response.getPayload()).contains("<option value=\"TheRegistrar\" selected>");
-    assertThat(response.getPayload()).contains("<option value=\"ReadWriteRegistrar\">");
-    assertThat(response.getPayload()).contains("<option value=\"ReadOnlyRegistrar\">");
+    assertThat(response.getPayload()).contains("<option value=\"OtherRegistrar\">");
+    assertThat(response.getPayload()).contains("<option value=\"AdminRegistrar\">");
  }
 }