import org.sonar.server.user.UserSession;
import javax.annotation.CheckForNull;
+
import java.util.List;
import java.util.Map;
String login = getLoggedLogin(userSession);
IssueFilterDto existingFilterDto = findIssueFilterDto(issueFilter.id(), login);
verifyCurrentUserCanModifyFilter(existingFilterDto.toIssueFilter(), login);
+ verifyCurrentUserCanChangeFilterSharingFilter(issueFilter, existingFilterDto, login);
if (!existingFilterDto.getUserLogin().equals(issueFilter.user())) {
verifyCurrentUserCanChangeFilterOwnership(login);
}
}
}
+ private void verifyCurrentUserCanChangeFilterSharingFilter(DefaultIssueFilter issueFilter, IssueFilterDto existingFilterDto, String login) {
+ if (existingFilterDto.isShared() != issueFilter.shared() && !existingFilterDto.getUserLogin().equals(login)) {
+ throw new ForbiddenException("Only owner of a filter can change sharing");
+ }
+ }
+
private void verifyCurrentUserCanChangeFilterOwnership(String user) {
if (!isAdmin(user)) {
throw new ForbiddenException("User is not authorized to change the owner of this filter");
<input id="user" name="user" type="hidden" value="<%= h(@filter.user) if @filter -%>"/>
<% end %>
<div class="modal-field">
- <label for="shared"><%= message('issue_filter.form.share') -%></label>
- <input id="shared" name="shared" type="checkbox" value="true" <%= 'checked' if (@filter && @filter.shared) -%>/>
+ <% if !@filter || @filter.user == current_user.login %>
+ <label for="shared"><%= message('issue_filter.form.share') -%></label>
+ <input id="shared" name="shared" type="checkbox" value="true" <%= 'checked' if (@filter && @filter.shared) -%>/>
+ <% else %>
+ <input id="shared" name="shared" type="hidden" value="<%= @filter.shared if @filter -%>"/>
+ <% end %>
</div>
</div>
\ No newline at end of file
verify(issueFilterDao).update(any(IssueFilterDto.class));
}
+ @Test
+ public void should_update_sharing() {
+ when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Filter").setShared(true).setUserLogin("john"));
+
+ DefaultIssueFilter result = service.update(new DefaultIssueFilter().setId(1L).setName("My Filter").setShared(false).setUser("john"), userSession);
+ assertThat(result.shared()).isFalse();
+
+ verify(issueFilterDao).update(any(IssueFilterDto.class));
+ }
+
+ @Test
+ public void should_not_update_sharing_if_not_owner() {
+ // John is admin and want to change arthur filter sharing
+ when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("Arthur Filter").setShared(true).setUserLogin("arthur"));
+ when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
+
+ try {
+ service.update(new DefaultIssueFilter().setId(1L).setName("Arthur Filter").setShared(false).setUser("john"), userSession);
+ fail();
+ } catch (Exception e) {
+ assertThat(e).isInstanceOf(ForbiddenException.class).hasMessage("Only owner of a filter can change sharing");
+ }
+ verify(issueFilterDao, never()).update(any(IssueFilterDto.class));
+ }
+
@Test
public void should_update_own_user_filter_without_changing_anything() {
IssueFilterDto dto = new IssueFilterDto().setId(1L).setName("My Filter").setUserLogin("john");
@Test
public void should_update_other_shared_filter_if_admin() {
when(authorizationDao.selectGlobalPermissions("john")).thenReturn(newArrayList(Permission.SYSTEM_ADMIN.key()));
- when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Old Filter").setUserLogin("arthur").setShared(true));
+ when(issueFilterDao.selectById(1L)).thenReturn(new IssueFilterDto().setId(1L).setName("My Old Filter").setDescription("Old description").setUserLogin("arthur").setShared(true));
- DefaultIssueFilter result = service.update(new DefaultIssueFilter().setId(1L).setName("My New Filter"), userSession);
+ DefaultIssueFilter result = service.update(new DefaultIssueFilter().setId(1L).setName("My New Filter").setDescription("New description").setShared(true), userSession);
assertThat(result.name()).isEqualTo("My New Filter");
- assertThat(result.shared()).isFalse();
+ assertThat(result.description()).isEqualTo("New description");
verify(issueFilterDao).update(any(IssueFilterDto.class));
}
projects / sonarqube.git / commitdiff