import org.sonar.api.web.UserRole;
import org.sonar.batch.protocol.input.FileData;
import org.sonar.batch.protocol.input.ProjectRepositories;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.MyBatis;
import static com.google.common.collect.Lists.newArrayList;
import static com.google.common.collect.Maps.newHashMap;
+import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
+import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.server.ws.WsUtils.checkFoundWithOptional;
@ServerSide
}
public ProjectRepositories load(ProjectDataQuery query) {
- boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION);
- checkPermission(query.isIssuesMode());
-
DbSession session = dbClient.openSession(false);
try {
ProjectRepositories data = new ProjectRepositories();
ComponentDto module = checkFoundWithOptional(dbClient.componentDao().selectByKey(session, query.getModuleKey()),
"Project or module with key '%s' is not found", query.getModuleKey());
+ boolean hasScanPerm = userSession.hasComponentUuidPermission(SCAN_EXECUTION, module.projectUuid());
+ boolean hasPreviewPerm = userSession.hasPermission(PREVIEW_EXECUTION);
+ checkPermission(query.isIssuesMode(), hasScanPerm, hasPreviewPerm);
+
// Scan permission is enough to analyze all projects but preview permission is limited to projects user can access
if (query.isIssuesMode() && !userSession.hasComponentUuidPermission(UserRole.USER, module.projectUuid())) {
throw new ForbiddenException("You're not authorized to access to project '" + module.name() + "', please contact your SonarQube administrator.");
}
}
- private void checkPermission(boolean preview) {
- boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION);
- boolean hasPreviewPerm = userSession.hasPermission(GlobalPermissions.PREVIEW_EXECUTION);
+ private void checkPermission(boolean preview, boolean hasScanPerm, boolean hasPreviewPerm) {
if (!hasPreviewPerm && !hasScanPerm) {
throw new ForbiddenException(Messages.NO_PERMISSION);
}
import org.sonar.api.resources.Qualifiers;
import org.sonar.api.server.ServerSide;
import org.sonar.core.component.ComponentKeys;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.ce.CeTaskTypes;
import org.sonar.db.component.ComponentDto;
import org.sonar.server.component.ComponentService;
import org.sonar.server.permission.PermissionService;
import org.sonar.server.user.UserSession;
+import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
+
@ServerSide
public class ReportSubmitter {
}
public CeTask submit(String projectKey, @Nullable String projectBranch, @Nullable String projectName, InputStream reportInput) {
- userSession.checkPermission(GlobalPermissions.SCAN_EXECUTION);
-
String effectiveProjectKey = ComponentKeys.createKey(projectKey, projectBranch);
ComponentDto project = componentService.getNullableByKey(effectiveProjectKey);
if (project == null) {
+ // the project does not exist -> require global permission
+ userSession.checkPermission(SCAN_EXECUTION);
+
// the project does not exist -> requires to provision it
NewComponent newProject = new NewComponent(projectKey, StringUtils.defaultIfBlank(projectName, projectKey));
newProject.setBranch(projectBranch);
// no need to verify the permission "provisioning" as it's already handled by componentService
project = componentService.create(newProject);
permissionService.applyDefaultPermissionTemplate(project.getKey());
+ } else {
+ // the project exists -> require global or project permission
+ userSession.checkComponentPermission(SCAN_EXECUTION, projectKey);
}
// the report file must be saved before submitting the task
import org.sonar.api.web.UserRole;
import org.sonar.batch.protocol.input.FileData;
import org.sonar.batch.protocol.input.ProjectRepositories;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.component.ComponentDto;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.Assert.fail;
import static org.sonar.api.utils.DateUtils.formatDateTime;
+import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
+import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
import static org.sonar.server.qualityprofile.QProfileTesting.newQProfileDto;
public class ProjectDataLoaderMediumTest {
}
@Test
- public void return_project_settings() {
+ public void return_project_settings_with_global_scan_permission() {
ComponentDto project = ComponentTesting.newProjectDto();
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+ userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION);
+ tester.get(DbClient.class).componentDao().insert(dbSession, project);
+ addDefaultProfile();
+
+ // Project properties
+ tester.get(DbClient.class).propertiesDao().insertProperty(
+ dbSession, new PropertyDto().setKey("sonar.jira.project.key").setValue("SONAR").setResourceId(project.getId()));
+ tester.get(DbClient.class).propertiesDao().insertProperty(
+ dbSession, new PropertyDto().setKey("sonar.jira.login.secured").setValue("john").setResourceId(project.getId()));
+ dbSession.commit();
+
+ ProjectRepositories ref = underTest.load(ProjectDataQuery.create().setModuleKey(project.key()));
+
+ Map<String, String> projectSettings = ref.settings(project.key());
+ assertThat(projectSettings).isEqualTo(ImmutableMap.of(
+ "sonar.jira.project.key", "SONAR",
+ "sonar.jira.login.secured", "john"));
+ }
+
+ @Test
+ public void return_project_settings_with_project_scan_permission() {
+ ComponentDto project = ComponentTesting.newProjectDto();
+ userSessionRule.login("john").addProjectUuidPermissions(SCAN_EXECUTION, project.projectUuid());
tester.get(DbClient.class).componentDao().insert(dbSession, project);
addDefaultProfile();
@Test
public void not_returned_secured_settings_with_only_preview_permission() {
ComponentDto project = ComponentTesting.newProjectDto();
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION).addProjectUuidPermissions(UserRole.USER, project.uuid());
+ userSessionRule.login("john").setGlobalPermissions(PREVIEW_EXECUTION).addProjectUuidPermissions(UserRole.USER, project.uuid());
tester.get(DbClient.class).componentDao().insert(dbSession, project);
addDefaultProfile();
@Test
public void return_project_with_module_settings() {
ComponentDto project = ComponentTesting.newProjectDto();
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+ userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION);
tester.get(DbClient.class).componentDao().insert(dbSession, project);
addDefaultProfile();
@Test
public void return_project_with_module_settings_inherited_from_project() {
ComponentDto project = ComponentTesting.newProjectDto();
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+ userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION);
tester.get(DbClient.class).componentDao().insert(dbSession, project);
addDefaultProfile();
@Test
public void return_project_with_module_with_sub_module() {
ComponentDto project = ComponentTesting.newProjectDto();
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+ userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION);
tester.get(DbClient.class).componentDao().insert(dbSession, project);
addDefaultProfile();
@Test
public void return_project_with_two_modules() {
ComponentDto project = ComponentTesting.newProjectDto();
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+ userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION);
tester.get(DbClient.class).componentDao().insert(dbSession, project);
addDefaultProfile();
public void return_provisioned_project_settings() {
// No snapshot attached on the project -> provisioned project
ComponentDto project = ComponentTesting.newProjectDto();
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+ userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION);
tester.get(DbClient.class).componentDao().insert(dbSession, project);
addDefaultProfile();
@Test
public void return_sub_module_settings() {
-
ComponentDto project = ComponentTesting.newProjectDto();
tester.get(DbClient.class).componentDao().insert(dbSession, project);
addDefaultProfile();
// No module properties
ComponentDto subModule = ComponentTesting.newModuleDto(module);
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+ userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION);
tester.get(DbClient.class).componentDao().insert(dbSession, subModule);
// Sub module properties
tester.get(DbClient.class).propertiesDao().insertProperty(dbSession, new PropertyDto().setKey("sonar.jira.login.secured").setValue("john").setResourceId(module.getId()));
ComponentDto subModule = ComponentTesting.newModuleDto(module);
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+ userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION);
tester.get(DbClient.class).componentDao().insert(dbSession, subModule);
// Sub module properties
// No module property
ComponentDto subModule = ComponentTesting.newModuleDto(module);
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+ userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION);
tester.get(DbClient.class).componentDao().insert(dbSession, subModule);
// No sub module property
tester.get(DbClient.class).propertiesDao().insertProperty(dbSession, new PropertyDto().setKey("sonar.jira.project.key").setValue("SONAR-SERVER").setResourceId(module.getId()));
ComponentDto subModule = ComponentTesting.newModuleDto(module);
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+ userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION);
tester.get(DbClient.class).componentDao().insert(dbSession, subModule);
// No sub module property
@Test
public void fail_when_not_preview_and_only_dry_run_permission() {
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
+ userSessionRule.login("john").setGlobalPermissions(PREVIEW_EXECUTION);
ComponentDto project = ComponentTesting.newProjectDto();
tester.get(DbClient.class).componentDao().insert(dbSession, project);
@Test
public void return_file_data_from_single_project() {
ComponentDto project = ComponentTesting.newProjectDto();
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+ userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION);
tester.get(DbClient.class).componentDao().insert(dbSession, project);
addDefaultProfile();
@Test
public void return_file_data_from_multi_modules() {
ComponentDto project = ComponentTesting.newProjectDto();
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+ userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION);
tester.get(DbClient.class).componentDao().insert(dbSession, project);
addDefaultProfile();
tester.get(FileSourceDao.class).insert(newFileSourceDto(projectFile).setSrcHash("123456").setRevision("987654321"));
ComponentDto module = ComponentTesting.newModuleDto(project);
- userSessionRule.login("john").setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+ userSessionRule.login("john").setGlobalPermissions(SCAN_EXECUTION);
tester.get(DbClient.class).componentDao().insert(dbSession, module);
// File on module
return new FileSourceDto()
.setFileUuid(file.uuid())
.setProjectUuid(file.projectUuid())
- // .setSourceData(",,,,,,,,,,,,,,,unchanged ,,,,,,,,,,,,,,,content ")
.setDataHash("0263047cd758c68c27683625f072f010")
.setLineHashes("8d7b3d6b83c0a517eac07e1aac94b773")
.setCreatedAt(System.currentTimeMillis())
import org.hamcrest.TypeSafeMatcher;
import org.junit.Rule;
import org.junit.Test;
+import org.junit.rules.ExpectedException;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.ce.CeTaskTypes;
import org.sonar.db.component.ComponentDto;
import org.sonar.server.computation.queue.CeQueue;
import org.sonar.server.computation.queue.CeQueueImpl;
import org.sonar.server.computation.queue.CeTaskSubmit;
+import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.permission.PermissionService;
import org.sonar.server.tester.UserSessionRule;
public class ReportSubmitterTest {
+ static final String PROJECT_KEY = "MY_PROJECT";
+ static final String PROJECT_UUID = "P1";
+ static final String PROJECT_NAME = "My Project";
+ static final String TASK_UUID = "TASK_1";
+
+ @Rule
+ public ExpectedException thrown = ExpectedException.none();
+
@Rule
public UserSessionRule userSession = UserSessionRule.standalone();
@Test
public void submit_a_report_on_existing_project() {
- when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder("TASK_1"));
userSession.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
- when(componentService.getNullableByKey("MY_PROJECT")).thenReturn(new ComponentDto().setUuid("P1"));
- underTest.submit("MY_PROJECT", null, "My Project", IOUtils.toInputStream("{binary}"));
+ when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID));
+ when(componentService.getNullableByKey(PROJECT_KEY)).thenReturn(new ComponentDto().setUuid(PROJECT_UUID));
+
+ underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}"));
verifyZeroInteractions(permissionService);
verify(queue).submit(argThat(new TypeSafeMatcher<CeTaskSubmit>() {
@Override
protected boolean matchesSafely(CeTaskSubmit submit) {
- return submit.getType().equals(CeTaskTypes.REPORT) && submit.getComponentUuid().equals("P1") &&
- submit.getUuid().equals("TASK_1");
+ return submit.getType().equals(CeTaskTypes.REPORT) && submit.getComponentUuid().equals(PROJECT_UUID) &&
+ submit.getUuid().equals(TASK_UUID);
}
@Override
@Test
public void provision_project_if_does_not_exist() throws Exception {
- when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder("TASK_1"));
userSession.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.PROVISIONING);
- when(componentService.getNullableByKey("MY_PROJECT")).thenReturn(null);
- when(componentService.create(any(NewComponent.class))).thenReturn(new ComponentDto().setUuid("P1").setKey("MY_PROJECT"));
- underTest.submit("MY_PROJECT", null, "My Project", IOUtils.toInputStream("{binary}"));
+ when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID));
+ when(componentService.getNullableByKey(PROJECT_KEY)).thenReturn(null);
+ when(componentService.create(any(NewComponent.class))).thenReturn(new ComponentDto().setUuid(PROJECT_UUID).setKey(PROJECT_KEY));
+
+ underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}"));
- verify(permissionService).applyDefaultPermissionTemplate("MY_PROJECT");
+ verify(permissionService).applyDefaultPermissionTemplate(PROJECT_KEY);
verify(queue).submit(argThat(new TypeSafeMatcher<CeTaskSubmit>() {
@Override
protected boolean matchesSafely(CeTaskSubmit submit) {
- return submit.getType().equals(CeTaskTypes.REPORT) && submit.getComponentUuid().equals("P1") &&
- submit.getUuid().equals("TASK_1");
+ return submit.getType().equals(CeTaskTypes.REPORT) && submit.getComponentUuid().equals(PROJECT_UUID) &&
+ submit.getUuid().equals(TASK_UUID);
}
@Override
}
}));
+ }
+
+ @Test
+ public void submit_a_report_on_new_project_with_global_scan_permission() {
+ userSession.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+
+ when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID));
+ when(componentService.getNullableByKey(PROJECT_KEY)).thenReturn(null);
+ when(componentService.create(any(NewComponent.class))).thenReturn(new ComponentDto().setUuid(PROJECT_UUID).setKey(PROJECT_KEY));
+
+ underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}"));
+
+ verify(queue).submit(any(CeTaskSubmit.class));
+ }
+
+ @Test
+ public void submit_a_report_on_existing_project_with_global_scan_permission() {
+ userSession.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION);
+
+ when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID));
+ when(componentService.getNullableByKey(PROJECT_KEY)).thenReturn(new ComponentDto().setUuid(PROJECT_UUID));
+ underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}"));
+
+ verify(queue).submit(any(CeTaskSubmit.class));
}
+
+ @Test
+ public void submit_a_report_on_existing_project_with_project_scan_permission() {
+ userSession.addProjectPermissions(GlobalPermissions.SCAN_EXECUTION, PROJECT_KEY);
+
+ when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID));
+ when(componentService.getNullableByKey(PROJECT_KEY)).thenReturn(new ComponentDto().setUuid(PROJECT_UUID));
+
+ underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}"));
+
+ verify(queue).submit(any(CeTaskSubmit.class));
+ }
+
+ @Test
+ public void fail_with_forbidden_exception_when_no_scan_permission() {
+ userSession.setGlobalPermissions(GlobalPermissions.DASHBOARD_SHARING);
+
+ thrown.expect(ForbiddenException.class);
+ underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}"));
+ }
+
+ @Test
+ public void fail_with_forbidden_exception_on_new_project_when_only_project_scan_permission() {
+ userSession.addProjectPermissions(GlobalPermissions.SCAN_EXECUTION, PROJECT_KEY);
+
+ when(queue.prepareSubmit()).thenReturn(new CeTaskSubmit.Builder(TASK_UUID));
+ when(componentService.getNullableByKey(PROJECT_KEY)).thenReturn(null);
+ when(componentService.create(any(NewComponent.class))).thenReturn(new ComponentDto().setUuid(PROJECT_UUID).setKey(PROJECT_KEY));
+
+ thrown.expect(ForbiddenException.class);
+ underTest.submit(PROJECT_KEY, null, PROJECT_NAME, IOUtils.toInputStream("{binary}"));
+ }
+
}
@Override
public boolean hasComponentPermission(String permission, String componentKey) {
String projectKey = projectKeyByComponentKey.get(componentKey);
- return projectKey != null && hasProjectPermission(permission, projectKey);
+ return hasPermission(permission) || (projectKey != null && hasProjectPermission(permission, projectKey));
}
private boolean hasProjectPermission(String permission, String projectKey) {
- return hasPermission(permission) || (projectPermissionsCheckedByKey.contains(permission) && projectKeyByPermission.get(permission).contains(projectKey));
+ return projectPermissionsCheckedByKey.contains(permission) && projectKeyByPermission.get(permission).contains(projectKey);
}
@Override
public boolean hasComponentUuidPermission(String permission, String componentUuid) {
String projectUuid = projectUuidByComponentUuid.get(componentUuid);
- return projectUuid != null && hasProjectPermissionByUuid(permission, projectUuid);
+ return hasPermission(permission) || (projectUuid != null && hasProjectPermissionByUuid(permission, projectUuid));
}
private boolean hasProjectPermissionByUuid(String permission, String projectUuid) {
- return hasPermission(permission) || (projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid));
+ return projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid);
}
}
projects / sonarqube.git / commitdiff