*/
package org.sonar.server.permission.ws.template;
+import java.util.Optional;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.server.user.UserSession;
import org.sonarqube.ws.client.permission.RemoveUserFromTemplateWsRequest;
-import static org.sonar.server.permission.PermissionPrivilegeChecker.checkGlobalAdminUser;
+import static org.sonar.server.permission.PermissionPrivilegeChecker.checkProjectAdmin;
import static org.sonar.server.permission.ws.PermissionRequestValidator.validateProjectPermission;
import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createProjectPermissionParameter;
import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createTemplateParameters;
import static org.sonar.server.permission.ws.PermissionsWsParametersBuilder.createUserLoginParameter;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_ORGANIZATION_KEY;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
}
private void doHandle(RemoveUserFromTemplateWsRequest request) {
- checkGlobalAdminUser(userSession);
-
String permission = request.getPermission();
String userLogin = request.getLogin();
try (DbSession dbSession = dbClient.openSession(false)) {
validateProjectPermission(permission);
- PermissionTemplateDto template = wsSupport.findTemplate(dbSession, WsTemplateRef.newTemplateRef(request.getTemplateId(), request.getTemplateName()));
+ PermissionTemplateDto template = wsSupport.findTemplate(dbSession, WsTemplateRef.newTemplateRef(
+ request.getTemplateId(), request.getOrganization(), request.getTemplateName()));
+ checkProjectAdmin(userSession, template.getOrganizationUuid(), Optional.empty());
+
UserId user = wsSupport.findUser(dbSession, userLogin);
dbClient.permissionTemplateDao().deleteUserPermission(dbSession, template.getId(), user.getId(), permission);
.setPermission(request.mandatoryParam(PARAM_PERMISSION))
.setLogin(request.mandatoryParam(PARAM_USER_LOGIN))
.setTemplateId(request.param(PARAM_TEMPLATE_ID))
+ .setOrganization(request.param(PARAM_ORGANIZATION_KEY))
.setTemplateName(request.param(PARAM_TEMPLATE_NAME));
}
}
@Test
public void remove_user_from_template() throws Exception {
- loginAsAdmin();
+ loginAsAdminOnDefaultOrganization();
newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION);
assertThat(getLoginsInTemplateAndPermission(template.getId(), DEFAULT_PERMISSION)).isEmpty();
@Test
public void remove_user_from_template_by_name_case_insensitive() throws Exception {
- loginAsAdmin();
+ loginAsAdminOnDefaultOrganization();
wsTester.newPostRequest(CONTROLLER, ACTION)
.setParam(PARAM_USER_LOGIN, user.getLogin())
.setParam(PARAM_PERMISSION, DEFAULT_PERMISSION)
@Test
public void remove_user_from_template_twice_without_failing() throws Exception {
- loginAsAdmin();
+ loginAsAdminOnDefaultOrganization();
newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION);
newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION);
public void keep_user_permission_not_removed() throws Exception {
addUserToTemplate(user, template, ISSUE_ADMIN);
- loginAsAdmin();
+ loginAsAdminOnDefaultOrganization();
newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION);
assertThat(getLoginsInTemplateAndPermission(template.getId(), DEFAULT_PERMISSION)).isEmpty();
UserDto newUser = db.users().insertUser("new-login");
addUserToTemplate(newUser, template, DEFAULT_PERMISSION);
- loginAsAdmin();
+ loginAsAdminOnDefaultOrganization();
newRequest(user.getLogin(), template.getUuid(), DEFAULT_PERMISSION);
assertThat(getLoginsInTemplateAndPermission(template.getId(), DEFAULT_PERMISSION)).containsExactly("new-login");
public void fail_if_not_a_project_permission() throws Exception {
expectedException.expect(IllegalArgumentException.class);
- loginAsAdmin();
+ loginAsAdminOnDefaultOrganization();
newRequest(user.getLogin(), template.getUuid(), GlobalPermissions.PROVISIONING);
}
public void fail_if_user_missing() throws Exception {
expectedException.expect(IllegalArgumentException.class);
- loginAsAdmin();
+ loginAsAdminOnDefaultOrganization();
newRequest(null, template.getUuid(), DEFAULT_PERMISSION);
}
public void fail_if_permission_missing() throws Exception {
expectedException.expect(IllegalArgumentException.class);
- loginAsAdmin();
+ loginAsAdminOnDefaultOrganization();
newRequest(user.getLogin(), template.getUuid(), null);
}
public void fail_if_template_missing() throws Exception {
expectedException.expect(BadRequestException.class);
- loginAsAdmin();
+ loginAsAdminOnDefaultOrganization();
newRequest(user.getLogin(), null, DEFAULT_PERMISSION);
}
expectedException.expect(NotFoundException.class);
expectedException.expectMessage("User with login 'unknown-login' is not found");
- loginAsAdmin();
+ loginAsAdminOnDefaultOrganization();
newRequest("unknown-login", template.getUuid(), DEFAULT_PERMISSION);
}
expectedException.expect(NotFoundException.class);
expectedException.expectMessage("Permission template with id 'unknown-key' is not found");
- loginAsAdmin();
+ loginAsAdminOnDefaultOrganization();
newRequest(user.getLogin(), "unknown-key", DEFAULT_PERMISSION);
}
db.commit();
}
- private void loginAsAdmin() {
- userSession.login().setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
- }
}
projects / sonarqube.git / commitdiff