public DefaultIssueFilter save(DefaultIssueFilter issueFilter, UserSession userSession) {
String user = getLoggedLogin(userSession);
issueFilter.setUser(user);
- validateFilter(issueFilter, userSession);
+ validateFilter(issueFilter);
return insertIssueFilter(issueFilter, user);
}
public DefaultIssueFilter update(DefaultIssueFilter issueFilter, UserSession userSession) {
String login = getLoggedLogin(userSession);
IssueFilterDto existingFilterDto = findIssueFilterDto(issueFilter.id(), login);
- verifyCurrentUserCanModifyFilter(existingFilterDto.toIssueFilter(), userSession);
+ verifyCurrentUserCanModifyFilter(existingFilterDto.toIssueFilter(), login);
verifyCurrentUserCanChangeFilterSharingFilter(issueFilter, existingFilterDto, login);
if (!existingFilterDto.getUserLogin().equals(issueFilter.user())) {
- verifyCurrentUserCanChangeFilterOwnership(userSession);
+ verifyCurrentUserCanChangeFilterOwnership(login);
}
- validateFilter(issueFilter, userSession);
+ validateFilter(issueFilter);
deleteOtherFavoriteFiltersIfFilterBecomeUnshared(existingFilterDto, issueFilter);
filterDao.update(IssueFilterDto.toIssueFilter(issueFilter));
return issueFilter;
public DefaultIssueFilter updateFilterQuery(Long issueFilterId, Map<String, Object> filterQuery, UserSession userSession) {
String login = getLoggedLogin(userSession);
IssueFilterDto issueFilterDto = findIssueFilterDto(issueFilterId, login);
- verifyCurrentUserCanModifyFilter(issueFilterDto.toIssueFilter(), userSession);
+ verifyCurrentUserCanModifyFilter(issueFilterDto.toIssueFilter(), login);
DefaultIssueFilter issueFilter = issueFilterDto.toIssueFilter();
issueFilter.setData(serializeFilterQuery(filterQuery));
public void delete(Long issueFilterId, UserSession userSession) {
String login = getLoggedLogin(userSession);
IssueFilterDto issueFilterDto = findIssueFilterDto(issueFilterId, login);
- verifyCurrentUserCanModifyFilter(issueFilterDto.toIssueFilter(), userSession);
+ verifyCurrentUserCanModifyFilter(issueFilterDto.toIssueFilter(), login);
deleteFavouriteIssueFilters(issueFilterDto);
filterDao.delete(issueFilterId);
issueFilterDtoToCopy.setShared(false);
issueFilter.setUser(login);
issueFilter.setData(issueFilterDtoToCopy.getData());
- validateFilter(issueFilter, userSession);
+ validateFilter(issueFilter);
return insertIssueFilter(issueFilter, login);
}
return issueFilterDto;
}
- public boolean canShareFilter(UserSession userSession){
- return userSession.hasGlobalPermission(Permission.DASHBOARD_SHARING);
+ public boolean canShareFilter(String user){
+ return authorizationDao.selectGlobalPermissions(user).contains(Permission.DASHBOARD_SHARING.key());
}
String getLoggedLogin(UserSession userSession) {
}
}
- private void verifyCurrentUserCanModifyFilter(DefaultIssueFilter issueFilter, UserSession userSession) {
- if (!issueFilter.user().equals(userSession.login()) && !isAdmin(userSession)) {
+ private void verifyCurrentUserCanModifyFilter(DefaultIssueFilter issueFilter, String user) {
+ if (!issueFilter.user().equals(user) && !isAdmin(user)) {
throw new ForbiddenException("User is not authorized to modify this filter");
}
}
}
}
- private void verifyCurrentUserCanChangeFilterOwnership(UserSession userSession) {
- if (!isAdmin(userSession)) {
+ private void verifyCurrentUserCanChangeFilterOwnership(String user) {
+ if (!isAdmin(user)) {
throw new ForbiddenException("User is not authorized to change the owner of this filter");
}
}
- private void verifyCurrentUserCanShareFilter(DefaultIssueFilter issueFilter, UserSession userSession) {
- if (issueFilter.shared() && !canShareFilter(userSession)) {
- throw new ForbiddenException("User is not authorized to share this filter");
+ private void verifyCurrentUserCanShareFilter(DefaultIssueFilter issueFilter, String user) {
+ if (issueFilter.shared() && !canShareFilter(user)) {
+ throw new ForbiddenException("User cannot own this filter because of insufficient rights");
}
}
- private void validateFilter(final DefaultIssueFilter issueFilter, UserSession userSession) {
+ private void validateFilter(final DefaultIssueFilter issueFilter) {
List<IssueFilterDto> userFilters = selectUserIssueFilters(issueFilter.user());
IssueFilterDto userFilterSameName = findFilterWithSameName(userFilters, issueFilter.name());
if (userFilterSameName != null && !userFilterSameName.getId().equals(issueFilter.id())) {
if (sharedFilterWithSameName != null && !sharedFilterWithSameName.getId().equals(issueFilter.id())) {
throw new BadRequestException("Other users already share filters with the same name");
}
- verifyCurrentUserCanShareFilter(issueFilter, userSession);
+ verifyCurrentUserCanShareFilter(issueFilter, issueFilter.user());
}
}
}));
}
- private boolean isAdmin(UserSession userSession) {
- return userSession.hasGlobalPermission(Permission.SYSTEM_ADMIN);
+ private boolean isAdmin(String user) {
+ return authorizationDao.selectGlobalPermissions(user).contains(Permission.SYSTEM_ADMIN.key());
}
private IssueFilterResult createIssueFilterResult(IssueQueryResult issueQueryResult, IssueQuery issueQuery) {
@Test
public void should_have_permission_to_share_filter() {
- UserSession userSession = MockUserSession.create().setLogin("john").setPermissions(Permission.DASHBOARD_SHARING);
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.DASHBOARD_SHARING.key()));
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Filter").setShared(false).setUserLogin("john"));
DefaultIssueFilter result = service.update(new DefaultIssueFilter().setId(1L).setName("My Filter").setShared(true).setUser("john"), userSession);
@Test
public void should_not_share_filter_if_no_permission() {
- UserSession userSession = MockUserSession.create().setLogin("john").setPermissions();
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(Collections.<String>emptyList());
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Filter").setShared(false).setUserLogin("john"));
try {
service.update(new DefaultIssueFilter().setId(1L).setName("My Filter").setShared(true).setUser("john"), userSession);
fail();
} catch (Exception e) {
- assertThat(e).isInstanceOf(ForbiddenException.class).hasMessage("User is not authorized to share this filter");
+ assertThat(e).isInstanceOf(ForbiddenException.class).hasMessage("User cannot own this filter because of insufficient rights");
}
verify(issueFilterDao, never()).update(any(IssueFilterDto.class));
}
@Test
public void should_not_update_sharing_if_not_owner() {
// John is admin and want to change arthur filter sharing
- UserSession userSession = MockUserSession.create().setLogin("john").setPermissions(Permission.SYSTEM_ADMIN);
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("Arthur Filter").setShared(true).setUserLogin("arthur"));
try {
}
@Test
- public void should_update_other_shared_filter_if_admin() {
- UserSession userSession = MockUserSession.create().setLogin("john").setPermissions(Permission.SYSTEM_ADMIN, Permission.DASHBOARD_SHARING);
+ public void should_update_other_shared_filter_if_admin_and_if_filter_owner_has_sharing_permission() {
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
+ when(authorizationDao.selectGlobalPermissions("arthur")).thenReturn(newArrayList(Permission.DASHBOARD_SHARING.key()));
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Old Filter").setDescription("Old description").setUserLogin("arthur").setShared(true));
- DefaultIssueFilter result = service.update(new DefaultIssueFilter().setId(1L).setName("My New Filter").setDescription("New description").setShared(true), userSession);
+ DefaultIssueFilter result = service.update(new DefaultIssueFilter().setId(1L).setName("My New Filter").setDescription("New description").setShared(true).setUser("arthur"), userSession);
assertThat(result.name()).isEqualTo("My New Filter");
assertThat(result.description()).isEqualTo("New description");
verify(issueFilterDao).update(any(IssueFilterDto.class));
}
+ @Test
+ public void should_not_update_other_shared_filter_if_admin_and_if_filter_owner_has_no_sharing_permission() {
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
+ when(authorizationDao.selectGlobalPermissions("arthur")).thenReturn(Collections.<String>emptyList());
+ when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Old Filter").setDescription("Old description").setUserLogin("arthur").setShared(true));
+
+ try {
+ service.update(new DefaultIssueFilter().setId(1L).setName("My New Filter").setDescription("New description").setShared(true).setUser("arthur"), userSession);
+ fail();
+ } catch (Exception e) {
+ assertThat(e).isInstanceOf(ForbiddenException.class).hasMessage("User cannot own this filter because of insufficient rights");
+ }
+ verify(issueFilterDao, never()).update(any(IssueFilterDto.class));
+ }
+
@Test
public void should_not_update_if_filter_not_found() {
when(issueFilterDao.selectById(1L)).thenReturn(null);
@Test
public void should_change_shared_filter_ownership_when_admin() throws Exception {
- String currentUser = "dave.loper";
IssueFilterDto sharedFilter = new IssueFilterDto().setId(1L).setName("My filter").setUserLogin("former.owner").setShared(true);
IssueFilterDto expectedDto = new IssueFilterDto().setName("My filter").setUserLogin("new.owner").setShared(true);
- UserSession userSession = MockUserSession.create().setLogin(currentUser).setPermissions(Permission.SYSTEM_ADMIN, Permission.DASHBOARD_SHARING);
+ // New owner should have sharing perm in order to own the filter
+ when(authorizationDao.selectGlobalPermissions("new.owner")).thenReturn(newArrayList(Permission.DASHBOARD_SHARING.key()));
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
when(issueFilterDao.selectById(1L)).thenReturn(sharedFilter);
when(issueFilterDao.selectSharedFilters()).thenReturn(Lists.newArrayList(sharedFilter));
@Test
public void should_delete_shared_filter_if_user_is_admin() {
- UserSession userSession = MockUserSession.create().setLogin("john").setPermissions(Permission.SYSTEM_ADMIN);
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Issues").setUserLogin("arthur").setShared(true));
service.delete(1L, userSession);
projects / sonarqube.git / commitdiff