/** * Gets specified Version for the Script taking into account both scope and authentication token * * @param string $scriptId Numeric identifier of the Script * @param int $versionNumber Script version number * * @param bool $modify optional Flag checking write permissions * * @return ScriptVersion Returns the Script Entity on success * * @throws ApiErrorException */ public function getVersion($scriptId, $versionNumber, $modify = false) { $version = ScriptVersion::findPk($scriptId, $versionNumber); if (!$version) { throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, "Requested Version either does not exist or is not owned by your environment."); } if (!$this->hasPermissions($version, $modify)) { //Checks entity level write access permissions throw new ApiErrorException(403, ErrorMessage::ERR_PERMISSION_VIOLATION, "Insufficient permissions"); } return $version; }
/** * @test * * @throws \Scalr\Exception\ModelException */ public function testComplex() { $user = $this->getUser(); $environment = $this->getEnvironment(); $fictionController = new ApiController(); /* @var $script Script */ $script = static::createEntity(new Script(), ['name' => "{$this->uuid}-script", 'description' => "{$this->uuid}-description", 'envId' => $environment->id, 'createdById' => $user->getId()]); //post script version $data = ['body' => '#!cmd']; $response = $this->postVersion($script->id, $data); $this->assertEquals(201, $response->status, $this->printResponseError($response)); $versionNumber = $response->getBody()->data->version; /* @var $version ScriptVersion */ $version = ScriptVersion::findPk($script->id, $versionNumber); $this->assertNotEmpty($version); $this->assertObjectEqualsEntity($data, $version); //post script version already existing $data = ['version' => $version->version, 'body' => '#!/bin/sh']; $response = $this->postVersion($script->id, $data); $this->assertEquals(201, $response->status, $this->printResponseError($response)); $versionNumber = $response->getBody()->data->version; $this->assertNotEquals($data['version'], $versionNumber); //post script with properties that not existing $data = ['foo' => 'bar']; $response = $this->postVersion($script->id, $data); $this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_STRUCTURE); //post version to scalr-scoped script /* @var $scalrScript Script */ $scalrScript = static::createEntity(new Script(), ['name' => "{$this->uuid}-script-scalr-scoped", 'description' => "{$this->uuid}-description-scalr-scoped", 'createdById' => $user->getId()]); $data = ['body' => '#!/bin/sh']; $response = $this->postVersion($scalrScript->id, $data); $this->assertErrorMessageContains($response, 403, ErrorMessage::ERR_PERMISSION_VIOLATION); //test script fetch $response = $this->getVersion($script->id, $version->version); $this->assertEquals(200, $response->status, $this->printResponseError($response)); $this->assertObjectEqualsEntity($response->getBody()->data, $version); //test fetch script that doe not exists $response = $this->getVersion($script->id, $script->getLatestVersion()->version + 1); $this->assertErrorMessageContains($response, 404, ErrorMessage::ERR_OBJECT_NOT_FOUND); //modify script version $data = ['body' => '#!/bin/bash']; $response = $this->modifyVersion($script->id, $version->version, $data); $this->assertEquals(200, $response->status, $this->printResponseError($response)); $this->assertObjectEqualsEntity($response->getBody()->data, ScriptVersion::findPk($script->id, $version->version)); //modify property that does not exists $data = ['foo' => 'bar']; $response = $this->modifyVersion($script->id, $version->version, $data); $this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_STRUCTURE); //modify properties that not alterable $scriptVersionAdapter = new ScriptVersionAdapter($fictionController); $adapterRules = $scriptVersionAdapter->getRules(); $publicProperties = $adapterRules[BaseAdapter::RULE_TYPE_TO_DATA]; $alterableProperties = $adapterRules[ApiEntityAdapter::RULE_TYPE_ALTERABLE]; $nonAlterableProperties = array_diff(array_values($publicProperties), $alterableProperties); foreach ($nonAlterableProperties as $property) { if (in_array($property, ['id', 'version'])) { continue; } $data = [$property => 'foo']; $response = $this->modifyVersion($script->id, $version->version, $data); $this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_STRUCTURE); } //modify script that does not exists $data = ['body' => '#!powershell']; $response = $this->modifyVersion($script->id, $script->getLatestVersion()->version + 1, $data); $this->assertErrorMessageContains($response, 404, ErrorMessage::ERR_OBJECT_NOT_FOUND); //modify Scalr-scoped script version /* @var $scalrVersion ScriptVersion */ $scalrVersion = static::createEntity(new ScriptVersion(), ['scriptId' => $scalrScript->id, 'version' => 2, 'content' => '#!/bin/sh']); //modify Scalr-scoped script version $data = ['body' => '#!cmd']; $response = $this->modifyVersion($scalrScript->id, $scalrVersion->version, $data); $this->assertErrorMessageContains($response, 403, ErrorMessage::ERR_PERMISSION_VIOLATION, 'Insufficient permissions'); /* @var $version ScriptVersion */ $version = static::createEntity(new ScriptVersion(), ['scriptId' => $script->id, 'version' => $script->getLatestVersion()->version + 1, 'content' => '#!foobar']); //test have access to all listed scripts versions $versions = $this->listVersions($script->id); foreach ($versions as $version) { $this->assertTrue(ScriptVersion::findPk($script->id, $version->version)->hasAccessPermissions($user)); } $listUri = static::getUserApiUrl("/scripts/{$script->id}/script-versions/"); //test list script versions filters $filterable = $scriptVersionAdapter->getRules()[ApiEntityAdapter::RULE_TYPE_FILTERABLE]; /* @var $version ScriptVersion */ foreach ($versions as $version) { foreach ($filterable as $property) { $filterValue = $version->{$property}; $listResult = $this->listVersions($script->id, [$property => $filterValue]); if (!static::isRecursivelyEmpty($filterValue)) { foreach ($listResult as $filtered) { $this->assertEquals($filterValue, $filtered->{$property}, "Property '{$property}' mismatch"); } } } $response = $this->getVersion($script->id, $version->version); $this->assertEquals(200, $response->status, $this->printResponseError($response)); $dbScriptVersions = ScriptVersion::findPk($script->id, $version->version); $this->assertObjectEqualsEntity($response->getBody()->data, $dbScriptVersions, $scriptVersionAdapter); } //test invalid filters $response = $this->request($listUri, Request::METHOD_GET, ['foo' => 'bar']); $this->assertErrorMessageContains($response, 400, ErrorMessage::ERR_INVALID_STRUCTURE); //delete script version /* @var $version ScriptVersion */ $version = static::createEntity(new ScriptVersion(), ['scriptId' => $script->id, 'version' => $script->getLatestVersion()->version + 1, 'content' => '#!/bin/sh foobar']); $response = $this->deleteVersion($script->id, $version->version); $this->assertEquals(200, $response->status, $this->printResponseError($response)); //delete scalr-scoped script version $response = $this->deleteVersion($scalrVersion->scriptId, $scalrVersion->version); $this->assertErrorMessageContains($response, 403, ErrorMessage::ERR_PERMISSION_VIOLATION); //delete script version that does not exists $response = $this->deleteVersion($script->id, $script->getLatestVersion()->version + 1); $this->assertErrorMessageContains($response, 404, ErrorMessage::ERR_OBJECT_NOT_FOUND); $scripts = Script::find([['$or' => [['accountId' => $user->accountId], ['accountId' => null]]], ['$or' => [['envId' => $environment->id], ['envId' => null]]]]); foreach ($scripts as $script) { //test have access to all listed scripts versions $versions = $this->listVersions($script->id); foreach ($versions as $version) { $version = ScriptVersion::findPk($script->id, $version->version); $this->assertTrue($version->hasAccessPermissions($user)); } if ($version->getScope() !== ScopeInterface::SCOPE_ENVIRONMENT) { $response = $this->postVersion($version->scriptId, ['body' => '#!/bin/sh' . $this->getTestName()]); $this->assertErrorMessageContains($response, 403, ErrorMessage::ERR_PERMISSION_VIOLATION); } } }
/** * {@inheritdoc} * @see \Scalr\Api\DataType\ApiEntityAdapter::validateEntity() */ public function validateEntity($entity) { if (!$entity instanceof RoleScript) { throw new InvalidArgumentException(sprintf("First argument must be instance of Scalr\\Model\\Entity\\RoleScript class")); } if ($entity->id !== null) { if (!RoleScript::findPk($entity->id)) { throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, sprintf("Could not find out the rule with ID: %d", $entity->id)); } } //Getting the role initiates check permissions $role = $this->controller->getRole($entity->roleId); if (!empty($entity->scriptId)) { if ($entity->version == ScriptVersion::LATEST_SCRIPT_VERSION) { $found = ScriptVersion::findOne([['scriptId' => $entity->scriptId]], null, ['version' => false]); } else { $found = ScriptVersion::findPk($entity->scriptId, $entity->version); } if (empty($found)) { throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, sprintf("Could not find version %d of the script with ID: %d", $entity->version, $entity->scriptId)); } if (Script::findPk($entity->scriptId)->os == 'windows' && $role->getOs()->family != 'windows') { throw new ApiErrorException(409, ErrorMessage::ERR_OS_MISMATCH, "Script OS family does not match role OS family"); } } if (empty($entity->eventName)) { $entity->eventName = '*'; } else { if ($entity->eventName !== '*') { if (array_key_exists($entity->eventName, array_merge(EVENT_TYPE::getScriptingEventsWithScope(), EventDefinition::getList($this->controller->getUser()->id, $this->controller->getEnvironment()->id))) === false) { throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, "Could not find out the event '{$entity->eventName}'"); } if ($entity->scriptType == OrchestrationRule::ORCHESTRATION_RULE_TYPE_CHEF && in_array($entity->eventName, EVENT_TYPE::getChefRestrictedEvents())) { throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Chef can't be used with {$entity->eventName}"); } } } if (!$this->controller->hasPermissions($entity, true)) { //Checks entity level write access permissions throw new ApiErrorException(403, ErrorMessage::ERR_PERMISSION_VIOLATION, "Insufficient permissions"); } }
/** * {@inheritdoc} * @see ApiEntityAdapter::validateEntity() */ public function validateEntity($entity) { /* @var $entity OrchestrationRule */ $entityClass = $this->entityClass; if (!$entity instanceof $entityClass) { throw new InvalidArgumentException(sprintf("First argument must be instance of {$entityClass} class")); } if ($entity->id !== null) { if (!$entityClass::findPk($entity->id)) { throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, sprintf("Could not find out the rule with ID: %d", $entity->id)); } } if (!empty($entity->scriptId)) { if ($entity->version == ScriptVersion::LATEST_SCRIPT_VERSION) { $found = ScriptVersion::findOne([['scriptId' => $entity->scriptId]], null, ['version' => false]); } else { $found = ScriptVersion::findPk($entity->scriptId, $entity->version); } /* @var $found ScriptVersion */ if (empty($found) || !$found->hasAccessPermissions($this->controller->getUser(), $this->controller->getEnvironment())) { throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, sprintf("Could not find version %d of the script with ID: %d", $entity->version, $entity->scriptId)); } } if (empty($entity->eventName)) { $entity->eventName = '*'; } else { if ($entity->eventName !== '*') { if (array_key_exists($entity->eventName, array_merge(EVENT_TYPE::getScriptingEventsWithScope(), EventDefinition::getList($this->controller->getUser()->id, $this->controller->getScope() === ScopeInterface::SCOPE_ENVIRONMENT ? $this->controller->getEnvironment()->id : null))) === false) { throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, "Could not find out the event '{$entity->eventName}'"); } if ($entity->scriptType == OrchestrationRule::ORCHESTRATION_RULE_TYPE_CHEF && in_array($entity->eventName, EVENT_TYPE::getChefRestrictedEvents())) { throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Chef can't be used with {$entity->eventName}"); } if ($entity->eventName == EVENT_TYPE::BEFORE_INSTANCE_LAUNCH && $entity->target == Script::TARGET_INSTANCE) { throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Event '{$entity->eventName}' will never be handled by the triggering server"); } } } if (!$this->controller->hasPermissions($entity, true)) { //Checks entity level write access permissions throw new ApiErrorException(403, ErrorMessage::ERR_PERMISSION_VIOLATION, "Insufficient permissions"); } }