Decouple superuser from SessionMetadata

Superuser should only be settable via the tool (see [] which is merged in here but not diffbased, and which removes the implicit superuser for CharlestonRoad). It is a property of the request, not of the session (there are no sessions in the tool). ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=125204707
2025-07-22 18:55:58 +02:00 · 2016-06-17 14:48:46 -07:00 · 2016-06-17 14:48:46 -07:00 · fd6c4888db
commit fd6c4888db
parent e359ab5f52
44 changed files with 80 additions and 136 deletions
--- a/java/google/registry/flows/domain/BaseDomainCreateFlow.java
+++ b/java/google/registry/flows/domain/BaseDomainCreateFlow.java
@ -187,7 +187,7 @@ public abstract class BaseDomainCreateFlow<R extends DomainBase, B extends Build
        domainLabel, tld, command.getAuthInfo().getPw().getValue());
    // Superusers can create reserved domains, force creations on domains that require a claims
    // notice without specifying a claims key, and override blocks on registering premium domains.
-    if (!superuser) {
+    if (!isSuperuser) {
      boolean isSunriseApplication =
          launchCreate != null && !launchCreate.getSignedMarks().isEmpty();
      if (!isAnchorTenantViaReservation) {
@ -254,7 +254,7 @@ public abstract class BaseDomainCreateFlow<R extends DomainBase, B extends Build
    if (launchCreate == null) {
      return;
    }
-    if (!superuser) {  // Superusers can ignore the phase.
+    if (!isSuperuser) {  // Superusers can ignore the phase.
      verifyLaunchPhase(getTld(), launchCreate, now);
    }
    if (launchCreate.hasCodeMarks()) {
@ -269,7 +269,7 @@ public abstract class BaseDomainCreateFlow<R extends DomainBase, B extends Build
      throw new InvalidTrademarkValidatorException();
    }
    // Superuser can force domain creations regardless of the current date.
-    if (!superuser) {
+    if (!isSuperuser) {
      if (notice.getExpirationTime().isBefore(now)) {
        throw new ExpiredClaimException();
      }
--- a/java/google/registry/flows/domain/DomainAllocateFlow.java
+++ b/java/google/registry/flows/domain/DomainAllocateFlow.java
@ -73,7 +73,7 @@ public class DomainAllocateFlow extends DomainCreateOrAllocateFlow {

  @Override
  protected final void verifyDomainCreateIsAllowed() throws EppException {
-    if (!superuser) {
+    if (!isSuperuser) {
      throw new OnlySuperuserCanAllocateException();
    }
    if (allocateCreate == null) {
--- a/java/google/registry/flows/domain/DomainApplicationCreateFlow.java
+++ b/java/google/registry/flows/domain/DomainApplicationCreateFlow.java
@ -140,7 +140,7 @@ public class DomainApplicationCreateFlow extends BaseDomainCreateFlow<DomainAppl
  @Override
  protected void verifyDomainCreateIsAllowed() throws EppException {
    validateFeeChallenge(targetId, getTld(), now, feeCreate, createCost);
-    if (tldState == TldState.LANDRUSH && !superuser) {
+    if (tldState == TldState.LANDRUSH && !isSuperuser) {
      // Prohibit creating a landrush application in LANDRUSH (but not in SUNRUSH) if there is
      // exactly one sunrise application for the same name.
      List<DomainApplication> applications = FluentIterable
--- a/java/google/registry/flows/domain/DomainApplicationDeleteFlow.java
+++ b/java/google/registry/flows/domain/DomainApplicationDeleteFlow.java
@ -66,7 +66,7 @@ public class DomainApplicationDeleteFlow
    // Don't allow deleting a sunrise application during landrush.
    if (existingResource.getPhase().equals(LaunchPhase.SUNRISE)
        && Registry.get(existingResource.getTld()).getTldState(now).equals(TldState.LANDRUSH)
-        && !superuser) {
+        && !isSuperuser) {
      throw new SunriseApplicationCannotBeDeletedInLandrushException();
    }
  }
--- a/java/google/registry/flows/domain/DomainCreateFlow.java
+++ b/java/google/registry/flows/domain/DomainCreateFlow.java
@ -109,7 +109,7 @@ public class DomainCreateFlow extends DomainCreateOrAllocateFlow {
  protected final void verifyDomainCreateIsAllowed() throws EppException {
    String tld = getTld();
    validateFeeChallenge(targetId, tld, now, feeCreate, createCost);
-    if (!superuser) {
+    if (!isSuperuser) {
      // Prohibit creating a domain if there is an open application for the same name.
      for (DomainApplication application : loadActiveApplicationsByDomainName(targetId, now)) {
        if (!application.getApplicationStatus().isFinalStatus()) {
--- a/java/google/registry/flows/domain/DomainRestoreRequestFlow.java
+++ b/java/google/registry/flows/domain/DomainRestoreRequestFlow.java
@ -97,7 +97,7 @@ public class DomainRestoreRequestFlow extends OwnedResourceMutateFlow<DomainReso

    String tld = existingResource.getTld();
    checkAllowedAccessToTld(getAllowedTlds(), tld);
-    if (!superuser) {
+    if (!isSuperuser) {
      verifyNotReserved(InternetDomainName.from(targetId), false);
      verifyPremiumNameIsNotBlocked(targetId, now, getClientId());
    }
--- a/java/google/registry/flows/domain/DomainTransferRequestFlow.java
+++ b/java/google/registry/flows/domain/DomainTransferRequestFlow.java
@ -152,7 +152,7 @@ public class DomainTransferRequestFlow
  @Override
  protected final void verifyTransferRequestIsAllowed() throws EppException {
    verifyUnitIsYears(command.getPeriod());
-    if (!superuser) {
+    if (!isSuperuser) {
      verifyPremiumNameIsNotBlocked(targetId, now, getClientId());
    }
    validateFeeChallenge(