import org.slf4j.LoggerFactory;
import org.sonar.api.ServerComponent;
import org.sonar.api.security.DefaultGroups;
-import org.sonar.core.user.GroupRoleDto;
-import org.sonar.core.user.Permission;
-import org.sonar.core.user.RoleDao;
-import org.sonar.core.user.UserDao;
-import org.sonar.core.user.UserRoleDto;
+import org.sonar.core.user.*;
+import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.user.UserSession;
import java.util.List;
this.userDao = userDao;
}
- public void addPermission(Map<String, Object> params) {
+ public void addPermission(final Map<String, Object> params) {
changePermission(ADD, params);
}
}
private void changePermission(String permissionChange, Map<String, Object> params) {
+ UserSession.get().checkLoggedIn();
UserSession.get().checkGlobalPermission(Permission.SYSTEM_ADMIN);
PermissionChangeQuery permissionChangeQuery = PermissionChangeQuery.buildFromParams(params);
permissionChangeQuery.validate();
}
private Long getTargetedUser(String userLogin) {
- return userDao.selectActiveUserByLogin(userLogin).getId();
+ UserDto user = userDao.selectActiveUserByLogin(userLogin);
+ if(user == null) {
+ throw new BadRequestException("User " + userLogin + " does not exist");
+ }
+ return user.getId();
}
private Long getTargetedGroup(String group) {
if (DefaultGroups.isAnyone(group)) {
return null;
+ } else {
+ GroupDto groupDto = userDao.selectGroupByName(group);
+ if(groupDto == null) {
+ throw new BadRequestException("Group " + group + " does not exist");
+ }
+ return groupDto.getId();
}
- return userDao.selectGroupByName(group).getId();
}
private boolean shouldSkipPermissionChange(String operation, List<String> existingPermissions, String role) {
import org.apache.commons.lang.StringUtils;
import org.sonar.core.user.Permission;
+import org.sonar.server.exceptions.BadRequestException;
import java.util.Map;
public void validate() {
if (StringUtils.isBlank(role)) {
- throw new IllegalArgumentException("Missing role parameter");
+ throw new BadRequestException("Missing role parameter");
}
if (StringUtils.isBlank(user) && StringUtils.isBlank(group)) {
- throw new IllegalArgumentException("Missing user or group parameter");
+ throw new BadRequestException("Missing user or group parameter");
}
if (StringUtils.isNotBlank(user) && StringUtils.isNotBlank(group)) {
- throw new IllegalArgumentException("Only one of user or group parameter should be provided");
+ throw new BadRequestException("Only one of user or group parameter should be provided");
}
if (!Permission.allGlobal().keySet().contains(role)) {
- throw new IllegalArgumentException("Invalid role key " + role);
+ throw new BadRequestException("Invalid role key " + role);
}
}
public UserSession checkLoggedIn() {
if (login == null) {
- throw new UnauthorizedException();
+ throw new UnauthorizedException("Authentication is required");
}
return this;
}
*/
public UserSession checkGlobalPermission(Permission permission) {
if (!hasGlobalPermission(permission)) {
- throw new ForbiddenException();
+ throw new ForbiddenException("Insufficient privileges");
}
return this;
}
for (String permissionKey : permissionKeys) {
Permission perm = Permission.allGlobal().get(permissionKey);
if (perm == null) {
- LOG.warn("Ignoring unknow permission {} for user {}", permissionKey, login);
+ LOG.warn("Ignoring unknown permission {} for user {}", permissionKey, login);
}
else {
permissions.add(perm);
def render_error(exception, status=500)
message = exception.respond_to?('message') ? Api::Utils.exception_message(exception, :backtrace => true) : exception.to_s
java_facade.logError("Fail to render: #{request.url}\n#{message}") if status==500
- respond_to do |format|
- format.json { render :json => error_to_json(status, message), :status => status }
- format.xml { render :xml => error_to_xml(status, message), :status => status }
- format.text { render :text => message, :status => status }
- end
+ render_response(status, message)
end
def render_not_found(exception)
render_error(message, 200)
end
+ def render_server_exception(exception)
+ render_response(exception.httpCode, exception.getMessage)
+ end
+
+ def render_response(status, message)
+ respond_to do |format|
+ format.json { render :json => error_to_json(status, message), :status => status }
+ format.xml { render :xml => error_to_xml(status, message), :status => status }
+ format.text { render :text => message, :status => status }
+ end
+ end
+
def error_to_json(status, message=nil)
hash={:err_code => status}
hash[:err_msg]=message if message
#
def add
verify_post_request
- require_parameters :permission, (params[:user].nil? ? :group : :user)
+ require_parameters :permission
+ require_one_of :group, :user
Internal.permissions.addPermission(params)
hash = {:user => params[:user], :group => params[:group], :permission => params[:permission]}
respond_to do |format|
end
end
+ # since 3.7
+ def require_one_of(*keys)
+ if keys.count {|key| !params[key].blank?} == 0
+ bad_request("One of the following parameters should be provided: #{keys.join(',')}")
+ end
+ end
+
# since 3.3
def verify_post_request
bad_request('Not a POST request') unless request.post?
render :text => message, :status => 400
end
+ def render_server_exception(exception)
+ render :text => exception.getMessage, :status => exception.httpCode
+ end
+
def render_native_exception(error)
if error.cause.java_kind_of? Java::JavaLang::IllegalArgumentException
render_bad_request(error.cause.getMessage)
+ elsif error.cause.java_kind_of? Java::OrgSonarServerExceptions::HttpException
+ render_server_exception(error.cause)
else
render_error(error)
end