Decouple superuser from SessionMetadata

Superuser should only be settable via the tool (see [] which is merged in here but not diffbased, and which removes the implicit superuser for CharlestonRoad). It is a property of the request, not of the session (there are no sessions in the tool). ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=125204707
2025-05-12 22:38:16 +02:00 · 2016-06-17 14:48:46 -07:00 · 2016-06-17 14:48:46 -07:00 · fd6c4888db
commit fd6c4888db
parent e359ab5f52
44 changed files with 80 additions and 136 deletions
--- a/java/google/registry/flows/ResourceUpdateFlow.java
+++ b/java/google/registry/flows/ResourceUpdateFlow.java
@ -61,7 +61,7 @@ public abstract class ResourceUpdateFlow
    for (StatusValue statusValue : Sets.union(
        command.getInnerAdd().getStatusValues(),
        command.getInnerRemove().getStatusValues())) {
-      if (!superuser && !statusValue.isClientSettable()) {  // The superuser can set any status.
+      if (!isSuperuser && !statusValue.isClientSettable()) {  // The superuser can set any status.
        throw new StatusNotClientSettableException(statusValue.getXmlName());
      }
    }
@ -85,7 +85,7 @@ public abstract class ResourceUpdateFlow
  protected final void verifyNewStateIsAllowed() throws EppException {
    // If the resource is marked with clientUpdateProhibited, and this update did not clear that
    // status, then the update must be disallowed (unless a superuser is requesting the change).
-    if (!superuser
+    if (!isSuperuser
        && existingResource.getStatusValues().contains(StatusValue.CLIENT_UPDATE_PROHIBITED)
        && newResource.getStatusValues().contains(StatusValue.CLIENT_UPDATE_PROHIBITED)) {
      throw new ResourceHasClientUpdateProhibitedException();