Change @Auth to an AutoValue, and created a set of predefined Auths

We want to be safer and more explicit about the authentication needed by the many actions that exist. As such, we make the 'auth' parameter required in @Action (so it's always clear who can run a specific action) and we replace the @Auth with an enum so that only pre-approved configurations that are aptly named and documented can be used. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=162210306
2025-05-13 07:57:13 +02:00 · 2017-07-17 07:34:17 -07:00 · 2017-07-17 07:34:17 -07:00 · e224a67eda
commit e224a67eda
parent 5966d8077b
94 changed files with 614 additions and 511 deletions
--- a/java/google/registry/tools/server/GenerateZoneFilesAction.java
+++ b/java/google/registry/tools/server/GenerateZoneFilesAction.java
@ -48,7 +48,6 @@ import google.registry.request.Action;
 import google.registry.request.HttpException.BadRequestException;
 import google.registry.request.JsonActionRunner;
 import google.registry.request.auth.Auth;
-import google.registry.request.auth.AuthLevel;
 import google.registry.util.Clock;
 import java.io.IOException;
 import java.io.OutputStream;
@ -72,14 +71,9 @@ import org.joda.time.Duration;
 * 29 days in the past, and must be at midnight UTC.
 */
@Action(
-    path = GenerateZoneFilesAction.PATH,
-    method = POST,
-    auth =
-    @Auth(
-      methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
-      minimumLevel = AuthLevel.APP,
-      userPolicy = Auth.UserPolicy.ADMIN
-    )
+  path = GenerateZoneFilesAction.PATH,
+  method = POST,
+  auth = Auth.AUTH_INTERNAL_OR_ADMIN
 )
 public class GenerateZoneFilesAction implements Runnable, JsonActionRunner.JsonAction {