SONAR-10323 Fix WS not checking SCAN global permission

author Eric Hartmann <hartmann.eric@gmail.com>

Thu, 22 Feb 2018 10:36:20 +0000 (11:36 +0100)

committer Eric Hartmann <hartmann.eric@gmail.Com>

Thu, 22 Feb 2018 15:06:22 +0000 (16:06 +0100)
author Eric Hartmann <hartmann.eric@gmail.com>
Thu, 22 Feb 2018 10:36:20 +0000 (11:36 +0100)
committer Eric Hartmann <hartmann.eric@gmail.Com>
Thu, 22 Feb 2018 15:06:22 +0000 (16:06 +0100)
diff --git a/server/sonar-server/src/main/java/org/sonar/server/projectbranch/ws/ListAction.java b/server/sonar-server/src/main/java/org/sonar/server/projectbranch/ws/ListAction.java

index 53a3199b34175cd5fd7e0403d3f80546205fc1cb..cc1023cbfc786ee164802a8696c953a430db018a 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/projectbranch/ws/ListAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/projectbranch/ws/ListAction.java
@@ -39,6 +39,7 @@ import org.sonar.db.component.ComponentDto;
  import org.sonar.db.component.SnapshotDto;
  import org.sonar.db.measure.MeasureDto;
  import org.sonar.db.metric.MetricDto;
+import org.sonar.db.permission.OrganizationPermission;
  import org.sonar.server.component.ComponentFinder;
  import org.sonar.server.issue.index.BranchStatistics;
  import org.sonar.server.issue.index.IssueIndex;
@@ -164,7 +165,8 @@ public class ListAction implements BranchWsAction {
  
    private void checkPermission(ComponentDto component) {
      if (!userSession.hasComponentPermission(UserRole.USER, component) &&
-      !userSession.hasComponentPermission(SCAN_EXECUTION, component)) {
+      !userSession.hasComponentPermission(SCAN_EXECUTION, component) &&
+      !userSession.hasPermission(OrganizationPermission.SCAN, component.getOrganizationUuid())) {
        throw insufficientPrivilegesException();
      }
    }
diff --git a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java

index 2225743c0a44f0fd100403dab4727d167027605a..863ddd274106aad2bf4d6548fd02fb96aff10fe8 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java
@@ -38,6 +38,7 @@ import org.sonar.api.server.ws.WebService;
  import org.sonar.db.DbClient;
  import org.sonar.db.DbSession;
  import org.sonar.db.component.ComponentDto;
+import org.sonar.db.permission.OrganizationPermission;
  import org.sonar.server.component.ComponentFinder;
  import org.sonar.server.user.UserSession;
  import org.sonarqube.ws.Settings;
@@ -152,7 +153,9 @@ public class ValuesAction implements SettingsWsAction {
        return Optional.empty();
      }
      ComponentDto component = componentFinder.getByKeyAndOptionalBranch(dbSession, componentKey, valuesRequest.getBranch());
-    if (!userSession.hasComponentPermission(USER, component) && !userSession.hasComponentPermission(SCAN_EXECUTION, component)) {
+    if (!userSession.hasComponentPermission(USER, component) &&
+      !userSession.hasComponentPermission(SCAN_EXECUTION, component) &&
+      !userSession.hasPermission(OrganizationPermission.SCAN, component.getOrganizationUuid())) {
        throw insufficientPrivilegesException();
      }
      return Optional.of(component);
author	Eric Hartmann <hartmann.eric@gmail.com>
	Thu, 22 Feb 2018 10:36:20 +0000 (11:36 +0100)
committer	Eric Hartmann <hartmann.eric@gmail.Com>
	Thu, 22 Feb 2018 15:06:22 +0000 (16:06 +0100)
server/sonar-server/src/main/java/org/sonar/server/projectbranch/ws/ListAction.java		patch \| blob \| history
server/sonar-server/src/main/java/org/sonar/server/setting/ws/ValuesAction.java		patch \| blob \| history