SONAR-7242 Remove "Execute Preview Analysis" permission

diff --git a/it/it-tests/src/test/java/it/analysis/IssuesModeTest.java b/it/it-tests/src/test/java/it/analysis/IssuesModeTest.java
index 81d219aa56dfce6885470580277088d978462d52..c2f22d516c65b1de2ae24cbf1cc453425f16fbd0 100644 (file)
--- a/it/it-tests/src/test/java/it/analysis/IssuesModeTest.java
+++ b/it/it-tests/src/test/java/it/analysis/IssuesModeTest.java
@@ -363,7 +363,7 @@ public class IssuesModeTest {
     client.issueClient().assign(issue.key(), "julien");
 
     // Issues
-    runner = configureRunnerIssues("shared/xoo-sample", null);
+    runner = configureRunnerIssues("shared/xoo-sample", null, "sonar.login", "julien", "sonar.password", "password");
     BuildResult result = orchestrator.executeBuild(runner);
 
     JSONObject obj = ItUtils.getJSONReport(result);

diff --git a/it/it-tests/src/test/java/it/authorisation/ExecuteAnalysisPermissionTest.java b/it/it-tests/src/test/java/it/authorisation/ExecuteAnalysisPermissionTest.java
index 4343d806389d5fd652ed6b2e4ecc7ec9df44c861..d92c490f72ec0e831e7404eedb471d41327cdc62 100644 (file)
--- a/it/it-tests/src/test/java/it/authorisation/ExecuteAnalysisPermissionTest.java
+++ b/it/it-tests/src/test/java/it/authorisation/ExecuteAnalysisPermissionTest.java
@@ -42,6 +42,7 @@ public class ExecuteAnalysisPermissionTest {
   public static Orchestrator orchestrator = Category1Suite.ORCHESTRATOR;
 
   private final static String USER_LOGIN = "scanperm";
+  private final static String USER_PASSWORD = "thewhite";
   private final static String PROJECT_KEY = "sample";
 
   private static SonarClient adminClient;
@@ -50,34 +51,33 @@ public class ExecuteAnalysisPermissionTest {
   public void setUp() {
     orchestrator.resetData();
     adminClient = orchestrator.getServer().adminWsClient();
-    adminClient.userClient().create(UserParameters.create().login(USER_LOGIN).name(USER_LOGIN).password("thewhite").passwordConfirmation("thewhite"));
+    adminClient.userClient().create(UserParameters.create().login(USER_LOGIN).name(USER_LOGIN).password(USER_PASSWORD).passwordConfirmation(USER_PASSWORD));
     orchestrator.getServer().provisionProject(PROJECT_KEY, "Sample");
   }
 
   @After
   public void tearDown() {
     addGlobalPermission("anyone", "scan");
-    addGlobalPermission("anyone", "dryRunScan");
     adminClient.userClient().deactivate(USER_LOGIN);
   }
 
   @Test
-  public void should_fail_if_no_scan_permission() throws Exception {
-    runProjectAnalysis(orchestrator, "shared/xoo-sample");
+  public void should_fail_if_logged_but_no_scan_permission() throws Exception {
+    executeLoggedAnalysis();
 
     removeGlobalPermission("anyone", "scan");
     try {
-      runProjectAnalysis(orchestrator, "shared/xoo-sample");
+      // Execute logged analysis, but without the "Execute Anaylsis" permission
+      executeLoggedAnalysis();
       fail();
     } catch (BuildFailureException e) {
       assertThat(e.getResult().getLogs()).contains(
         "You're only authorized to execute a local (preview) SonarQube analysis without pushing the results to the SonarQube server. Please contact your SonarQube administrator.");
     }
 
-    // Remove Anyone from dryrun permission
-    removeGlobalPermission("anyone", "dryRunScan");
     try {
-      runProjectAnalysis(orchestrator, "shared/xoo-sample");
+      // Execute anonymous analysis
+      executeAnonymousAnalysis();;
       fail();
     } catch (BuildFailureException e) {
       assertThat(e.getResult().getLogs()).contains(
@@ -88,22 +88,21 @@ public class ExecuteAnalysisPermissionTest {
   @Test
   public void no_need_for_browse_permission_to_scan() throws Exception {
     // Do a first analysis, no error
-    runProjectAnalysis(orchestrator, "shared/xoo-sample");
+    executeAnonymousAnalysis();
 
     // Remove browse permission for groups Anyone on the project
     removeProjectPermission("anyone", "sample", "user");
 
     // still no error
-    runProjectAnalysis(orchestrator, "shared/xoo-sample");
+    executeAnonymousAnalysis();
   }
 
   @Test
-  public void execute_analysis_permission_only_on_project() throws Exception {
+  public void execute_analysis_with_scan_permission_only_on_project() throws Exception {
     removeGlobalPermission("anyone", "scan");
     addProjectPermission("anyone", PROJECT_KEY, "scan");
-    addGlobalPermission("anyone", "dryRunScan");
 
-    runProjectAnalysis(orchestrator, "shared/xoo-sample");
+    executeLoggedAnalysis();
   }
 
   private static void addProjectPermission(String groupName, String projectKey, String permission) {
@@ -131,4 +130,12 @@ public class ExecuteAnalysisPermissionTest {
       "groupName", groupName,
       "permission", permission);
   }
+
+  private static void executeLoggedAnalysis(){
+    runProjectAnalysis(orchestrator, "shared/xoo-sample", "sonar.login", USER_LOGIN, "sonar.password", USER_PASSWORD);
+  }
+
+  private static void executeAnonymousAnalysis(){
+    runProjectAnalysis(orchestrator, "shared/xoo-sample");
+  }
 }

diff --git a/it/it-tests/src/test/java/it/authorisation/LocalAuthenticationTest.java b/it/it-tests/src/test/java/it/authorisation/LocalAuthenticationTest.java
index 6b0f239db324bfbcbd7fad75503f85af624c124c..9cf016e7f37da2701434bf436def62b87d6ba75d 100644 (file)
--- a/it/it-tests/src/test/java/it/authorisation/LocalAuthenticationTest.java
+++ b/it/it-tests/src/test/java/it/authorisation/LocalAuthenticationTest.java
@@ -70,7 +70,6 @@ public class LocalAuthenticationTest {
 
     adminWsClient = newAdminWsClient(ORCHESTRATOR);
     userTokensWsClient = adminWsClient.userTokens();
-    removeGroupPermission("anyone", "dryRunScan");
     removeGroupPermission("anyone", "scan");
 
     createUser(LOGIN, "123456");
@@ -81,7 +80,6 @@ public class LocalAuthenticationTest {
   @AfterClass
   public static void deleteData() {
     deactivateUser(LOGIN);
-    addGroupPermission("anyone", "dryRunScan");
     addGroupPermission("anyone", "scan");
   }
 

diff --git a/server/sonar-server/src/main/java/org/sonar/server/batch/GlobalAction.java b/server/sonar-server/src/main/java/org/sonar/server/batch/GlobalAction.java
index beb42c16eda267708618a6b7f3c1d386dfe5e56c..863edf332fe7bbf69c3965ed562c8f871f4c0c73 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/batch/GlobalAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/batch/GlobalAction.java
@@ -24,7 +24,6 @@ import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
 import org.sonar.batch.protocol.input.GlobalRepositories;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.MyBatis;
@@ -35,6 +34,8 @@ import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.user.UserSession;
 import org.sonarqube.ws.MediaTypes;
 
+import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
+
 public class GlobalAction implements BatchWsAction {
 
   private final DbClient dbClient;
@@ -59,9 +60,9 @@ public class GlobalAction implements BatchWsAction {
 
   @Override
   public void handle(Request request, Response response) throws Exception {
-    boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION);
-    boolean hasPreviewPerm = userSession.hasPermission(GlobalPermissions.PREVIEW_EXECUTION);
-    if (!hasPreviewPerm && !hasScanPerm) {
+    boolean hasScanPerm = userSession.hasPermission(SCAN_EXECUTION);
+    boolean isLogged = userSession.isLoggedIn();
+    if (!isLogged && !hasScanPerm) {
       throw new ForbiddenException(Messages.NO_PERMISSION);
     }
 
@@ -69,7 +70,7 @@ public class GlobalAction implements BatchWsAction {
     try {
       GlobalRepositories ref = new GlobalRepositories();
       addMetrics(ref, session);
-      addSettings(ref, hasScanPerm, hasPreviewPerm, session);
+      addSettings(ref, hasScanPerm, isLogged, session);
 
       response.stream().setMediaType(MediaTypes.JSON);
       IOUtils.write(ref.toJson(), response.stream().output());
@@ -94,19 +95,19 @@ public class GlobalAction implements BatchWsAction {
     }
   }
 
-  private void addSettings(GlobalRepositories ref, boolean hasScanPerm, boolean hasPreviewPerm, DbSession session) {
+  private void addSettings(GlobalRepositories ref, boolean hasScanPerm, boolean isLogged, DbSession session) {
     for (PropertyDto propertyDto : propertiesDao.selectGlobalProperties(session)) {
       String key = propertyDto.getKey();
       String value = propertyDto.getValue();
 
-      if (isPropertyAllowed(key, hasScanPerm, hasPreviewPerm)) {
+      if (isPropertyAllowed(key, hasScanPerm, isLogged)) {
         ref.addGlobalSetting(key, value);
       }
     }
   }
 
-  private static boolean isPropertyAllowed(String key, boolean hasScanPerm, boolean hasPreviewPerm) {
-    return !key.contains(".secured") || hasScanPerm || (key.contains(".license") && hasPreviewPerm);
+  private static boolean isPropertyAllowed(String key, boolean hasScanPerm, boolean isLogged) {
+    return !key.contains(".secured") || hasScanPerm || (key.contains(".license") && isLogged);
   }
 
 }

diff --git a/server/sonar-server/src/main/java/org/sonar/server/batch/IssuesAction.java b/server/sonar-server/src/main/java/org/sonar/server/batch/IssuesAction.java
index 12cc4018c458b0b05528cb5fbf0d21b8fa1a933b..b30364e719e5e9c10768e6a8ff505328aab4572e 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/batch/IssuesAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/batch/IssuesAction.java
@@ -29,7 +29,6 @@ import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
 import org.sonar.batch.protocol.input.BatchInput;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.MyBatis;
@@ -41,6 +40,7 @@ import org.sonar.server.user.UserSession;
 import org.sonarqube.ws.MediaTypes;
 
 import static com.google.common.collect.Maps.newHashMap;
+import static org.sonar.api.web.UserRole.USER;
 import static org.sonar.server.ws.KeyExamples.KEY_PROJECT_EXAMPLE_001;
 
 public class IssuesAction implements BatchWsAction {
@@ -77,13 +77,13 @@ public class IssuesAction implements BatchWsAction {
 
   @Override
   public void handle(Request request, Response response) throws Exception {
-    userSession.checkPermission(GlobalPermissions.PREVIEW_EXECUTION);
-    final String moduleKey = request.mandatoryParam(PARAM_KEY);
+    String componentKey = request.mandatoryParam(PARAM_KEY);
+    userSession.checkComponentPermission(USER, componentKey);
 
     response.stream().setMediaType(MediaTypes.PROTOBUF);
     DbSession session = dbClient.openSession(false);
     try {
-      ComponentDto component = componentFinder.getByKey(session, moduleKey);
+      ComponentDto component = componentFinder.getByKey(session, componentKey);
       Map<String, String> keysByUUid = keysByUUid(session, component);
 
       BatchInput.ServerIssue.Builder issueBuilder = BatchInput.ServerIssue.newBuilder();

diff --git a/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java b/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java
index 6e3558cb0b71aac84feb891af71ed0d2baf3c666..6cd82019487c7366e3f4865d71bec33e6b551c6f 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/batch/ProjectDataLoader.java
@@ -27,7 +27,6 @@ import java.util.Date;
 import java.util.List;
 import java.util.Map;
 import org.sonar.api.server.ServerSide;
-import org.sonar.api.web.UserRole;
 import org.sonar.batch.protocol.input.FileData;
 import org.sonar.batch.protocol.input.ProjectRepositories;
 import org.sonar.db.DbClient;
@@ -41,7 +40,7 @@ import org.sonar.server.user.UserSession;
 
 import static com.google.common.collect.Lists.newArrayList;
 import static com.google.common.collect.Maps.newHashMap;
-import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
+import static org.sonar.api.web.UserRole.USER;
 import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 import static org.sonar.server.ws.WsUtils.checkFoundWithOptional;
 
@@ -64,11 +63,11 @@ public class ProjectDataLoader {
         "Project or module with key '%s' is not found", query.getModuleKey());
 
       boolean hasScanPerm = userSession.hasComponentUuidPermission(SCAN_EXECUTION, module.projectUuid());
-      boolean hasPreviewPerm = userSession.hasPermission(PREVIEW_EXECUTION);
-      checkPermission(query.isIssuesMode(), hasScanPerm, hasPreviewPerm);
+      boolean hasBrowsePerm = userSession.hasComponentUuidPermission(USER, module.projectUuid());
+      checkPermission(query.isIssuesMode(), hasScanPerm, hasBrowsePerm);
 
-      // Scan permission is enough to analyze all projects but preview permission is limited to projects user can access
-      if (query.isIssuesMode() && !userSession.hasComponentUuidPermission(UserRole.USER, module.projectUuid())) {
+      // Scan permission is enough to analyze all projects but browse permission is limited to projects user can access
+      if (query.isIssuesMode() && !userSession.hasComponentUuidPermission(USER, module.projectUuid())) {
         throw new ForbiddenException("You're not authorized to access to project '" + module.name() + "', please contact your SonarQube administrator.");
       }
 
@@ -182,15 +181,15 @@ public class ProjectDataLoader {
     }
   }
 
-  private static void checkPermission(boolean preview, boolean hasScanPerm, boolean hasPreviewPerm) {
-    if (!hasPreviewPerm && !hasScanPerm) {
+  private static void checkPermission(boolean preview, boolean hasScanPerm, boolean hasBrowsePerm) {
+    if (!hasBrowsePerm && !hasScanPerm) {
       throw new ForbiddenException(Messages.NO_PERMISSION);
     }
     if (!preview && !hasScanPerm) {
       throw new ForbiddenException("You're only authorized to execute a local (preview) SonarQube analysis without pushing the results to the SonarQube server. " +
         "Please contact your SonarQube administrator.");
     }
-    if (preview && !hasPreviewPerm) {
+    if (preview && !hasBrowsePerm) {
       throw new ForbiddenException("You're not authorized to execute a preview analysis. Please contact your SonarQube administrator.");
     }
   }

diff --git a/server/sonar-server/src/main/java/org/sonar/server/batch/UsersAction.java b/server/sonar-server/src/main/java/org/sonar/server/batch/UsersAction.java
index 43811197555a15ede3559385c4f3e76d21e5be06..fea1f994fcb6646e347049cb23ff98a7ebf1edac 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/batch/UsersAction.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/batch/UsersAction.java
@@ -27,7 +27,6 @@ import org.sonar.api.server.ws.Request;
 import org.sonar.api.server.ws.Response;
 import org.sonar.api.server.ws.WebService;
 import org.sonar.batch.protocol.input.BatchInput;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.server.user.UserSession;
 import org.sonar.server.user.index.UserDoc;
 import org.sonar.server.user.index.UserIndex;
@@ -63,7 +62,7 @@ public class UsersAction implements BatchWsAction {
 
   @Override
   public void handle(Request request, Response response) throws Exception {
-    userSession.checkPermission(GlobalPermissions.PREVIEW_EXECUTION);
+    userSession.checkLoggedIn();
     List<String> logins = request.mandatoryParamAsStrings(PARAM_LOGINS);
 
     response.stream().setMediaType(MediaTypes.PROTOBUF);

diff --git a/server/sonar-server/src/main/resources/org/sonar/server/permission/ws/search_global_permissions-example.json b/server/sonar-server/src/main/resources/org/sonar/server/permission/ws/search_global_permissions-example.json
index 3a2a854cbf71d6c5925462810ec60ed298eaae4a..25a11466f025f40ca116ec6626d3312afab46028 100644 (file)
--- a/server/sonar-server/src/main/resources/org/sonar/server/permission/ws/search_global_permissions-example.json
+++ b/server/sonar-server/src/main/resources/org/sonar/server/permission/ws/search_global_permissions-example.json
@@ -35,13 +35,6 @@
       "usersCount": 0,
       "groupsCount": 2
     },
-    {
-      "key": "dryRunScan",
-      "name": "Execute Preview Analysis",
-      "description": "Ability to execute preview analysis (results are not pushed to the server). This permission does not include the ability to access secured settings such as the scm account password, the jira account password, and so on. This permission is required to execute preview analysis in Eclipse or via the Issues Report plugin.",
-      "usersCount": 2,
-      "groupsCount": 0
-    },
     {
       "key": "provisioning",
       "name": "Provision Projects",

diff --git a/server/sonar-server/src/main/resources/org/sonar/server/user/ws/current-example.json b/server/sonar-server/src/main/resources/org/sonar/server/user/ws/current-example.json
index b68e4c6ea300c8f68850d9e1a6409684b24be8ca..76183bfb50e200e01095ea546088d6b7bd8b0e51 100644 (file)
--- a/server/sonar-server/src/main/resources/org/sonar/server/user/ws/current-example.json
+++ b/server/sonar-server/src/main/resources/org/sonar/server/user/ws/current-example.json
@@ -17,7 +17,6 @@
       "gateadmin",
       "shareDashboard",
       "scan",
-      "dryRunScan",
       "provisioning"
     ]
   }

diff --git a/server/sonar-server/src/test/java/org/sonar/server/batch/GlobalActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/batch/GlobalActionTest.java
index a359751816c8aaf9810a6c5f57fc47e27f73a679..b1d9f12b44e08f8267a06bcd30e5c3a36f1ee8e2 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/batch/GlobalActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/batch/GlobalActionTest.java
@@ -26,7 +26,6 @@ import org.junit.rules.ExpectedException;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.runners.MockitoJUnitRunner;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.db.DbClient;
 import org.sonar.db.DbSession;
 import org.sonar.db.metric.MetricDao;
@@ -40,6 +39,7 @@ import org.sonar.server.ws.WsTester;
 import static com.google.common.collect.Lists.newArrayList;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
+import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 
 @RunWith(MockitoJUnitRunner.class)
 public class GlobalActionTest {
@@ -70,7 +70,7 @@ public class GlobalActionTest {
 
   @Test
   public void return_metrics() throws Exception {
-    userSessionRule.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.PREVIEW_EXECUTION);
+    userSessionRule.setGlobalPermissions(SCAN_EXECUTION);
 
     when(metricDao.selectEnabled(session)).thenReturn(newArrayList(
       new MetricDto().setId(1).setKey("coverage").setDescription("Coverage by unit tests").setValueType("PERCENT").setQualitative(true)
@@ -83,7 +83,7 @@ public class GlobalActionTest {
 
   @Test
   public void return_global_settings() throws Exception {
-    userSessionRule.setGlobalPermissions(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.PREVIEW_EXECUTION);
+    userSessionRule.setGlobalPermissions(SCAN_EXECUTION);
 
     when(propertiesDao.selectGlobalProperties(session)).thenReturn(newArrayList(
       new PropertyDto().setKey("foo").setValue("bar"),
@@ -96,12 +96,24 @@ public class GlobalActionTest {
   }
 
   @Test
-  public void return_only_license_settings_without_scan_but_with_preview_permission() throws Exception {
-    userSessionRule.setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
+  public void does_not_return_secured_settings_without_scan_permission_but_being_logged() throws Exception {
+    userSessionRule.login("john");
+
+    when(propertiesDao.selectGlobalProperties(session)).thenReturn(newArrayList(
+      new PropertyDto().setKey("foo").setValue("bar"),
+      new PropertyDto().setKey("foo.secured").setValue("1234")
+      ));
+
+    WsTester.TestRequest request = tester.newGetRequest("batch", "global");
+    request.execute().assertJson(getClass(), "not_return_secured_settings_without_scan_but_being_logged.json");
+  }
+
+  @Test
+  public void return_license_settings_without_scan_permission_but_being_logged() throws Exception {
+    userSessionRule.login("john");
 
     when(propertiesDao.selectGlobalProperties(session)).thenReturn(newArrayList(
       new PropertyDto().setKey("foo").setValue("bar"),
-      new PropertyDto().setKey("foo.secured").setValue("1234"),
       new PropertyDto().setKey("foo.license.secured").setValue("5678")
       ));
 
@@ -110,7 +122,7 @@ public class GlobalActionTest {
   }
 
   @Test
-  public void access_forbidden_without_scan_and_preview_permission() throws Exception {
+  public void access_forbidden_without_preview_permission_and_not_logged() throws Exception {
     userSessionRule.setGlobalPermissions();
 
     when(propertiesDao.selectGlobalProperties(session)).thenReturn(newArrayList(

diff --git a/server/sonar-server/src/test/java/org/sonar/server/batch/IssuesActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/batch/IssuesActionTest.java
index b0e70a3f69708a70de5b0844bcd376da5a0654c3..4b89eb124db2d49caf0c39172167f489cbf64099 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/batch/IssuesActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/batch/IssuesActionTest.java
@@ -27,17 +27,18 @@ import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
+import org.junit.rules.ExpectedException;
 import org.sonar.api.config.Settings;
 import org.sonar.api.platform.Server;
 import org.sonar.api.security.DefaultGroups;
 import org.sonar.api.utils.System2;
+import org.sonar.api.web.UserRole;
 import org.sonar.batch.protocol.Constants.Severity;
 import org.sonar.batch.protocol.input.BatchInput.ServerIssue;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.db.DbTester;
 import org.sonar.db.component.ComponentDto;
-import org.sonar.server.component.ComponentFinder;
 import org.sonar.db.component.ComponentTesting;
+import org.sonar.server.component.ComponentFinder;
 import org.sonar.server.es.EsTester;
 import org.sonar.server.exceptions.ForbiddenException;
 import org.sonar.server.issue.IssueTesting;
@@ -58,9 +59,17 @@ import static org.mockito.Mockito.mock;
 @Category(DbTests.class)
 public class IssuesActionTest {
 
-  private final static String PROJECT_KEY = "struts";
-  private final static String MODULE_KEY = "struts-core";
-  private final static String FILE_KEY = "Action.java";
+  final static String PROJECT_KEY = "struts";
+  static final String PROJECT_UUID = "ABCD";
+
+  final static String MODULE_KEY = "struts-core";
+  static final String MODULE_UUID = "BCDE";
+
+  final static String FILE_KEY = "Action.java";
+  static final String FILE_UUID = "CDEF";
+
+  @Rule
+  public ExpectedException thrown = ExpectedException.none();
 
   @Rule
   public DbTester db = DbTester.create(System2.INSTANCE);
@@ -94,9 +103,9 @@ public class IssuesActionTest {
 
   @Test
   public void return_minimal_fields() throws Exception {
-    ComponentDto project = ComponentTesting.newProjectDto("ABCD").setKey(PROJECT_KEY);
-    ComponentDto module = ComponentTesting.newModuleDto("BCDE", project).setKey(MODULE_KEY);
-    ComponentDto file = ComponentTesting.newFileDto(module, "CDEF").setKey(FILE_KEY).setPath(null);
+    ComponentDto project = ComponentTesting.newProjectDto(PROJECT_UUID).setKey(PROJECT_KEY);
+    ComponentDto module = ComponentTesting.newModuleDto(MODULE_UUID, project).setKey(MODULE_KEY);
+    ComponentDto file = ComponentTesting.newFileDto(module, FILE_UUID).setKey(FILE_KEY).setPath(null);
     db.getDbClient().componentDao().insert(db.getSession(), project, module, file);
     db.getSession().commit();
 
@@ -111,8 +120,7 @@ public class IssuesActionTest {
       .setChecksum(null)
       .setAssignee(null));
 
-    userSessionRule.login("henry").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
-
+    addBrowsePermissionOnComponent(PROJECT_KEY);
     WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", PROJECT_KEY);
 
     ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
@@ -133,9 +141,9 @@ public class IssuesActionTest {
 
   @Test
   public void issues_from_project() throws Exception {
-    ComponentDto project = ComponentTesting.newProjectDto("ABCD").setKey(PROJECT_KEY);
-    ComponentDto module = ComponentTesting.newModuleDto("BCDE", project).setKey(MODULE_KEY);
-    ComponentDto file = ComponentTesting.newFileDto(module, "CDEF").setKey(FILE_KEY).setPath("src/org/struts/Action.java");
+    ComponentDto project = ComponentTesting.newProjectDto(PROJECT_UUID).setKey(PROJECT_KEY);
+    ComponentDto module = ComponentTesting.newModuleDto(MODULE_UUID, project).setKey(MODULE_KEY);
+    ComponentDto file = ComponentTesting.newFileDto(module, FILE_UUID).setKey(FILE_KEY).setPath("src/org/struts/Action.java");
     db.getDbClient().componentDao().insert(db.getSession(), project, module, file);
     db.getSession().commit();
 
@@ -150,8 +158,7 @@ public class IssuesActionTest {
       .setChecksum("123456")
       .setAssignee("john"));
 
-    userSessionRule.login("henry").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
-
+    addBrowsePermissionOnComponent(PROJECT_KEY);
     WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", PROJECT_KEY);
 
     ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
@@ -172,9 +179,9 @@ public class IssuesActionTest {
 
   @Test
   public void issues_from_module() throws Exception {
-    ComponentDto project = ComponentTesting.newProjectDto("ABCD").setKey(PROJECT_KEY);
-    ComponentDto module = ComponentTesting.newModuleDto("BCDE", project).setKey(MODULE_KEY);
-    ComponentDto file = ComponentTesting.newFileDto(module, "CDEF").setKey(FILE_KEY).setPath("src/org/struts/Action.java");
+    ComponentDto project = ComponentTesting.newProjectDto(PROJECT_UUID).setKey(PROJECT_KEY);
+    ComponentDto module = ComponentTesting.newModuleDto(MODULE_UUID, project).setKey(MODULE_KEY);
+    ComponentDto file = ComponentTesting.newFileDto(module, FILE_UUID).setKey(FILE_KEY).setPath("src/org/struts/Action.java");
     db.getDbClient().componentDao().insert(db.getSession(), project, module, file);
     db.getSession().commit();
 
@@ -189,9 +196,9 @@ public class IssuesActionTest {
       .setChecksum("123456")
       .setAssignee("john"));
 
-    userSessionRule.login("henry").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
+    addBrowsePermissionOnComponent(PROJECT_KEY);
+    WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", PROJECT_KEY);
 
-    WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", MODULE_KEY);
     ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
     assertThat(serverIssue.getKey()).isEqualTo("EFGH");
     assertThat(serverIssue.getModuleKey()).isEqualTo(MODULE_KEY);
@@ -210,9 +217,9 @@ public class IssuesActionTest {
 
   @Test
   public void issues_from_file() throws Exception {
-    ComponentDto project = ComponentTesting.newProjectDto("ABCD").setKey(PROJECT_KEY);
-    ComponentDto module = ComponentTesting.newModuleDto("BCDE", project).setKey(MODULE_KEY);
-    ComponentDto file = ComponentTesting.newFileDto(module, "CDEF").setKey(FILE_KEY).setPath("src/org/struts/Action.java");
+    ComponentDto project = ComponentTesting.newProjectDto(PROJECT_UUID).setKey(PROJECT_KEY);
+    ComponentDto module = ComponentTesting.newModuleDto(MODULE_UUID, project).setKey(MODULE_KEY);
+    ComponentDto file = ComponentTesting.newFileDto(module, FILE_UUID).setKey(FILE_KEY).setPath("src/org/struts/Action.java");
     db.getDbClient().componentDao().insert(db.getSession(), project, module, file);
     db.getSession().commit();
 
@@ -227,9 +234,9 @@ public class IssuesActionTest {
       .setChecksum("123456")
       .setAssignee("john"));
 
-    userSessionRule.login("henry").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
-
+    addBrowsePermissionOnComponent(FILE_KEY);
     WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", FILE_KEY);
+
     ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
     assertThat(serverIssue.getKey()).isEqualTo("EFGH");
     assertThat(serverIssue.getModuleKey()).isEqualTo(MODULE_KEY);
@@ -248,8 +255,8 @@ public class IssuesActionTest {
 
   @Test
   public void issues_attached_on_module() throws Exception {
-    ComponentDto project = ComponentTesting.newProjectDto("ABCD").setKey(PROJECT_KEY);
-    ComponentDto module = ComponentTesting.newModuleDto("BCDE", project).setKey(MODULE_KEY);
+    ComponentDto project = ComponentTesting.newProjectDto(PROJECT_UUID).setKey(PROJECT_KEY);
+    ComponentDto module = ComponentTesting.newModuleDto(MODULE_UUID, project).setKey(MODULE_KEY);
     db.getDbClient().componentDao().insert(db.getSession(), project, module);
     db.getSession().commit();
 
@@ -264,9 +271,9 @@ public class IssuesActionTest {
       .setChecksum("123456")
       .setAssignee("john"));
 
-    userSessionRule.login("henry").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
-
+    addBrowsePermissionOnComponent(MODULE_KEY);
     WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", MODULE_KEY);
+
     ServerIssue previousIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
     assertThat(previousIssue.getKey()).isEqualTo("EFGH");
     assertThat(previousIssue.getModuleKey()).isEqualTo(MODULE_KEY);
@@ -285,10 +292,10 @@ public class IssuesActionTest {
 
   @Test
   public void project_issues_attached_file_on_removed_module() throws Exception {
-    ComponentDto project = ComponentTesting.newProjectDto("ABCD").setKey(PROJECT_KEY);
+    ComponentDto project = ComponentTesting.newProjectDto(PROJECT_UUID).setKey(PROJECT_KEY);
     // File and module are removed
-    ComponentDto module = ComponentTesting.newModuleDto("BCDE", project).setKey(MODULE_KEY).setEnabled(false);
-    ComponentDto file = ComponentTesting.newFileDto(module, "CDEF").setKey(FILE_KEY).setPath("src/org/struts/Action.java").setEnabled(false);
+    ComponentDto module = ComponentTesting.newModuleDto(MODULE_UUID, project).setKey(MODULE_KEY).setEnabled(false);
+    ComponentDto file = ComponentTesting.newFileDto(module, FILE_UUID).setKey(FILE_KEY).setPath("src/org/struts/Action.java").setEnabled(false);
     db.getDbClient().componentDao().insert(db.getSession(), project, module, file);
     db.getSession().commit();
 
@@ -303,21 +310,21 @@ public class IssuesActionTest {
       .setChecksum("123456")
       .setAssignee("john"));
 
-    userSessionRule.login("henry").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
-
+    addBrowsePermissionOnComponent(PROJECT_KEY);
     WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", PROJECT_KEY);
+
     ServerIssue serverIssue = ServerIssue.parseDelimitedFrom(new ByteArrayInputStream(request.execute().output()));
     assertThat(serverIssue.getKey()).isEqualTo("EFGH");
     // Module key of removed file should be returned
     assertThat(serverIssue.getModuleKey()).isEqualTo(MODULE_KEY);
   }
 
-  @Test(expected = ForbiddenException.class)
-  public void fail_without_preview_permission() throws Exception {
-    userSessionRule.login("henry").setGlobalPermissions(GlobalPermissions.PROVISIONING);
+  @Test
+  public void fail_without_browse_permission_on_file() throws Exception {
+    addBrowsePermissionOnComponent(PROJECT_KEY);
 
-    WsTester.TestRequest request = tester.newGetRequest("batch", "issues").setParam("key", PROJECT_KEY);
-    request.execute();
+    thrown.expect(ForbiddenException.class);
+    tester.newGetRequest("batch", "issues").setParam("key", "Other component key").execute();
   }
 
   private void indexIssues(IssueDoc... issues) {
@@ -330,4 +337,8 @@ public class IssuesActionTest {
   private void addIssueAuthorization(String projectUuid, @Nullable String group, @Nullable String user) {
     issueAuthorizationIndexer.index(newArrayList(new IssueAuthorizationDao.Dto(projectUuid, 1).addGroup(group).addUser(user)));
   }
+
+  private void addBrowsePermissionOnComponent(String componentKey){
+    userSessionRule.addComponentPermission(UserRole.USER, PROJECT_KEY, componentKey);
+  }
 }

diff --git a/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderMediumTest.java b/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderMediumTest.java
index 11687bbc53132694f3b85c04e3ef9dd95c6105b7..2597d104c4479a7b0d0da415f372752cd80a2e1a 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderMediumTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/batch/ProjectDataLoaderMediumTest.java
@@ -27,6 +27,7 @@ import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.sonar.api.web.UserRole;
 import org.sonar.batch.protocol.input.FileData;
 import org.sonar.batch.protocol.input.ProjectRepositories;
@@ -47,12 +48,14 @@ import org.sonar.server.tester.UserSessionRule;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.Assert.fail;
 import static org.sonar.api.utils.DateUtils.formatDateTime;
-import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
 import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 import static org.sonar.server.qualityprofile.QProfileTesting.newQProfileDto;
 
 public class ProjectDataLoaderMediumTest {
 
+  @Rule
+  public ExpectedException thrown = ExpectedException.none();
+
   @ClassRule
   public static ServerTester tester = new ServerTester().addXoo();
 
@@ -120,9 +123,9 @@ public class ProjectDataLoaderMediumTest {
   }
 
   @Test
-  public void not_returned_secured_settings_with_only_preview_permission() {
+  public void not_returned_secured_settings_when_lgged_but_no_scan_permission() {
     ComponentDto project = ComponentTesting.newProjectDto();
-    userSessionRule.login("john").setGlobalPermissions(PREVIEW_EXECUTION).addProjectUuidPermissions(UserRole.USER, project.uuid());
+    userSessionRule.login("john").addProjectUuidPermissions(UserRole.USER, project.uuid());
     tester.get(DbClient.class).componentDao().insert(dbSession, project);
     addDefaultProfile();
 
@@ -442,7 +445,7 @@ public class ProjectDataLoaderMediumTest {
   }
 
   @Test
-  public void fail_if_no_permission() {
+  public void fail_when_no_browse_permission_and_no_scan_permission() {
     userSessionRule.login("john").setGlobalPermissions();
 
     ComponentDto project = ComponentTesting.newProjectDto();
@@ -458,21 +461,17 @@ public class ProjectDataLoaderMediumTest {
   }
 
   @Test
-  public void fail_when_not_preview_and_only_dry_run_permission() {
-    userSessionRule.login("john").setGlobalPermissions(PREVIEW_EXECUTION);
-
+  public void fail_when_not_preview_and_only_browse_permission_without_scan_permission() {
     ComponentDto project = ComponentTesting.newProjectDto();
     tester.get(DbClient.class).componentDao().insert(dbSession, project);
     dbSession.commit();
 
-    try {
-      underTest.load(ProjectDataQuery.create().setModuleKey(project.key()).setIssuesMode(false));
-      fail();
-    } catch (Exception e) {
-      assertThat(e).isInstanceOf(ForbiddenException.class).hasMessage(
-        "You're only authorized to execute a local (preview) SonarQube analysis without pushing the results to the SonarQube server. " +
-          "Please contact your SonarQube administrator.");
-    }
+    userSessionRule.login("john").addProjectUuidPermissions(UserRole.USER, project.projectUuid());
+
+    thrown.expect(ForbiddenException.class);
+    thrown.expectMessage("You're only authorized to execute a local (preview) SonarQube analysis without pushing the results to the SonarQube server. " +
+      "Please contact your SonarQube administrator.");
+    underTest.load(ProjectDataQuery.create().setModuleKey(project.key()).setIssuesMode(false));
   }
 
   @Test

diff --git a/server/sonar-server/src/test/java/org/sonar/server/batch/UsersActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/batch/UsersActionTest.java
index bb523efc68a1f72e3315d0cd79d3fec5f6f33aed..56616c408d84abd66389e6a747a25ed0c383a1ea 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/batch/UsersActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/batch/UsersActionTest.java
@@ -26,11 +26,12 @@ import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.sonar.api.config.Settings;
 import org.sonar.api.platform.Server;
 import org.sonar.batch.protocol.input.BatchInput.User;
-import org.sonar.core.permission.GlobalPermissions;
 import org.sonar.server.es.EsTester;
+import org.sonar.server.exceptions.UnauthorizedException;
 import org.sonar.server.tester.UserSessionRule;
 import org.sonar.server.user.index.UserDoc;
 import org.sonar.server.user.index.UserIndex;
@@ -42,8 +43,12 @@ import static org.mockito.Mockito.mock;
 
 public class UsersActionTest {
 
+  @Rule
+  public ExpectedException thrown = ExpectedException.none();
+
   @ClassRule
   public static EsTester es = new EsTester().addDefinitions(new UserIndexDefinition(new Settings()));
+
   @Rule
   public UserSessionRule userSessionRule = UserSessionRule.standalone();
 
@@ -68,7 +73,7 @@ public class UsersActionTest {
     es.putDocuments(UserIndexDefinition.INDEX, UserIndexDefinition.TYPE_USER,
       new UserDoc().setLogin("ada.lovelace").setName("Ada Lovelace").setActive(false),
       new UserDoc().setLogin("grace.hopper").setName("Grace Hopper").setActive(true));
-    userSessionRule.login("sonarqtech").setGlobalPermissions(GlobalPermissions.PREVIEW_EXECUTION);
+    userSessionRule.login("sonarqtech");
 
     WsTester.TestRequest request = tester.newGetRequest("batch", "users").setParam("logins", "ada.lovelace,grace.hopper");
 
@@ -81,4 +86,11 @@ public class UsersActionTest {
     assertThat(users).extracting("login").containsOnly("ada.lovelace", "grace.hopper");
     assertThat(users).extracting("name").containsOnly("Ada Lovelace", "Grace Hopper");
   }
+
+  @Test
+  public void fail_without_being_logged() throws Exception {
+    thrown.expect(UnauthorizedException.class);
+    tester.newGetRequest("batch", "users").setParam("logins", "ada.lovelace,grace.hopper").execute();
+  }
+
 }

diff --git a/server/sonar-server/src/test/java/org/sonar/server/computation/ws/TaskActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/computation/ws/TaskActionTest.java
index 553d900516f46978b405c967affcc071d6762eba..18c3685d0831528d425ccdaeeb329ddeb856e547 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/computation/ws/TaskActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/computation/ws/TaskActionTest.java
@@ -47,7 +47,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Matchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
-import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
+import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
 import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
 
@@ -185,7 +185,7 @@ public class TaskActionTest {
 
   @Test
   public void fail_on_queue_task_not_linked_on_project_if_not_admin_nor_scan_permission() {
-    userSession.login("john").setGlobalPermissions(PREVIEW_EXECUTION);
+    userSession.login("john").setGlobalPermissions(PROVISIONING);
 
     CeQueueDto queueDto = new CeQueueDto();
     queueDto.setTaskType("fake");

diff --git a/server/sonar-server/src/test/java/org/sonar/server/issue/filter/IssueFilterServiceTest.java b/server/sonar-server/src/test/java/org/sonar/server/issue/filter/IssueFilterServiceTest.java
index 009efc8699f9532bf45d40fb2e974e8f9a55732c..386f38a53bd32dbfe60435d4b344887c082d8f80 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/issue/filter/IssueFilterServiceTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/issue/filter/IssueFilterServiceTest.java
@@ -429,7 +429,7 @@ public class IssueFilterServiceTest {
     String currentUser = "dave.loper";
     IssueFilterDto sharedFilter = new IssueFilterDto().setId(1L).setName("My filter").setUserLogin(currentUser).setShared(true);
 
-    when(authorizationDao.selectGlobalPermissions(currentUser)).thenReturn(newArrayList(GlobalPermissions.PREVIEW_EXECUTION));
+    when(authorizationDao.selectGlobalPermissions(currentUser)).thenReturn(newArrayList(GlobalPermissions.PROVISIONING));
     when(issueFilterDao.selectById(1L)).thenReturn(sharedFilter);
 
     try {

diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeTest.java
index 61c07bb6b29a27f4cd8d0d8a549de0eb049c5aaf..54e6e3c071696c9d8c4375a272c9bd7b8ffe9c98 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/PermissionChangeTest.java
@@ -117,7 +117,7 @@ public class PermissionChangeTest {
     PermissionChange query = PermissionChange.buildFromParams(inconsistentParams);
 
     thrown.expect(BadRequestException.class);
-    thrown.expectMessage("Invalid global permission key invalid. Valid values are [admin, profileadmin, gateadmin, shareDashboard, scan, dryRunScan, provisioning]");
+    thrown.expectMessage("Invalid global permission key invalid. Valid values are [admin, profileadmin, gateadmin, shareDashboard, scan, provisioning]");
     query.validate();
   }
 

diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java
index 6f74c51cc388412803f5851c3f26ec8833c00e31..2f1651e9ecae412e17c51f85e550a008f6c9c795 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/SearchGlobalPermissionsActionTest.java
@@ -42,10 +42,9 @@ import org.sonarqube.ws.MediaTypes;
 import org.sonarqube.ws.WsPermissions;
 
 import static org.sonar.core.permission.GlobalPermissions.DASHBOARD_SHARING;
-import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
 import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
-import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
 import static org.sonar.core.permission.GlobalPermissions.QUALITY_GATE_ADMIN;
+import static org.sonar.core.permission.GlobalPermissions.QUALITY_PROFILE_ADMIN;
 import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
 import static org.sonar.test.JsonAssert.assertJson;
@@ -87,8 +86,6 @@ public class SearchGlobalPermissionsActionTest {
     insertUserRole(newUserRoleDto(QUALITY_PROFILE_ADMIN, adminUser.getId()));
     insertUserRole(newUserRoleDto(QUALITY_GATE_ADMIN, user.getId()));
     insertUserRole(newUserRoleDto(QUALITY_GATE_ADMIN, adminUser.getId()));
-    insertUserRole(newUserRoleDto(PREVIEW_EXECUTION, adminUser.getId()));
-    insertUserRole(newUserRoleDto(PREVIEW_EXECUTION, user.getId()));
 
     db.getSession().commit();
 
@@ -135,10 +132,6 @@ public class SearchGlobalPermissionsActionTest {
     i18n.put("global_permissions.scan", "Execute Analysis");
     i18n.put("global_permissions.scan.desc", "Ability to execute analyses, and to get all settings required to perform the analysis, " +
       "even the secured ones like the scm account password, the jira account password, and so on.");
-    i18n.put("global_permissions.dryRunScan", "Execute Preview Analysis");
-    i18n.put("global_permissions.dryRunScan.desc", "Ability to execute preview analysis (results are not pushed to the server). " +
-      "This permission does not include the ability to access secured settings such as the scm account password, the jira account password, and so on. " +
-      "This permission is required to execute preview analysis in Eclipse or via the Issues Report plugin.");
     i18n.put("global_permissions.provisioning", "Provision Projects");
     i18n.put("global_permissions.provisioning.desc", "Ability to initialize project structure before first analysis.");
   }

diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/TemplateUsersActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/TemplateUsersActionTest.java
index cc68d11905e572d2fbec094864c39dfc07bb86f1..fffe754702b0c150a27445aa1d4faa9fd425ac77 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/TemplateUsersActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/TemplateUsersActionTest.java
@@ -56,8 +56,8 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.sonar.api.web.UserRole.ADMIN;
 import static org.sonar.db.permission.PermissionTemplateTesting.newPermissionTemplateDto;
 import static org.sonar.db.permission.PermissionTemplateTesting.newPermissionTemplateUserDto;
-import static org.sonarqube.ws.MediaTypes.PROTOBUF;
 import static org.sonar.test.JsonAssert.assertJson;
+import static org.sonarqube.ws.MediaTypes.PROTOBUF;
 import static org.sonarqube.ws.WsPermissions.UsersWsResponse.parseFrom;
 
 @Category(DbTests.class)
@@ -177,7 +177,7 @@ public class TemplateUsersActionTest {
   public void fail_if_not_a_project_permission() throws IOException {
     expectedException.expect(BadRequestException.class);
 
-    newRequest(GlobalPermissions.PREVIEW_EXECUTION, template1.getUuid())
+    newRequest(GlobalPermissions.PROVISIONING, template1.getUuid())
       .execute();
   }
 

diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java
index 593fa27b8bfdc2221551658b1efc7c2bdc7a6c5f..0eb3af22e32b241e207001fc3cc704ebef12b44e 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.java
@@ -64,8 +64,8 @@ import static org.sonar.db.user.GroupTesting.newGroupDto;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
 
 @Category(DbTests.class)
 public class AddGroupToTemplateActionTest {
@@ -156,7 +156,7 @@ public class AddGroupToTemplateActionTest {
   public void fail_if_not_a_project_permission() {
     expectedException.expect(BadRequestException.class);
 
-    newRequest(GROUP_NAME, permissionTemplate.getUuid(), GlobalPermissions.PREVIEW_EXECUTION);
+    newRequest(GROUP_NAME, permissionTemplate.getUuid(), GlobalPermissions.PROVISIONING);
   }
 
   @Test

diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java
index 5273aa658a45bf097329649113a68289b8f1280d..37151af94684f0f9d196253765ba7e661556549f 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/AddUserToTemplateActionTest.java
@@ -125,7 +125,7 @@ public class AddUserToTemplateActionTest {
   public void fail_if_not_a_project_permission() {
     expectedException.expect(BadRequestException.class);
 
-    newRequest(USER_LOGIN, permissionTemplate.getUuid(), GlobalPermissions.PREVIEW_EXECUTION);
+    newRequest(USER_LOGIN, permissionTemplate.getUuid(), GlobalPermissions.PROVISIONING);
   }
 
   @Test

diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java
index 2b45c347981ef82b3614c98b67df0e9c0088d3ce..4cb879224e455f02e601cc2e0c5b50f64b17df4c 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveGroupFromTemplateActionTest.java
@@ -61,8 +61,8 @@ import static org.sonar.db.user.GroupTesting.newGroupDto;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_ID;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_GROUP_NAME;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_PERMISSION;
-import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
 import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_ID;
+import static org.sonarqube.ws.client.permission.PermissionsWsParameters.PARAM_TEMPLATE_NAME;
 
 @Category(DbTests.class)
 public class RemoveGroupFromTemplateActionTest {
@@ -159,7 +159,7 @@ public class RemoveGroupFromTemplateActionTest {
   public void fail_if_not_a_project_permission() {
     expectedException.expect(BadRequestException.class);
 
-    newRequest(GROUP_NAME, permissionTemplate.getUuid(), GlobalPermissions.PREVIEW_EXECUTION);
+    newRequest(GROUP_NAME, permissionTemplate.getUuid(), GlobalPermissions.PROVISIONING);
   }
 
   @Test

diff --git a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java
index f224f556fb5288ad46a3a32773600ac963ee0e45..867ebcacb34bc51698d1e3a3d6045693eb4d023e 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.java
@@ -149,7 +149,7 @@ public class RemoveUserFromTemplateActionTest {
   public void fail_if_not_a_project_permission() {
     expectedException.expect(BadRequestException.class);
 
-    newRequest(USER_LOGIN, permissionTemplate.getUuid(), GlobalPermissions.PREVIEW_EXECUTION);
+    newRequest(USER_LOGIN, permissionTemplate.getUuid(), GlobalPermissions.PROVISIONING);
   }
 
   @Test

diff --git a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/ProjectStatusActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/ProjectStatusActionTest.java
index 093d1c6749ca7d72f9f3f3455948e6e24210a7ac..f383983114fa0acb79b16960ef78890ef17592b3 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/ProjectStatusActionTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/qualitygate/ws/ProjectStatusActionTest.java
@@ -47,7 +47,7 @@ import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse;
 import org.sonarqube.ws.WsQualityGates.ProjectStatusWsResponse.Status;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.sonar.core.permission.GlobalPermissions.PREVIEW_EXECUTION;
+import static org.sonar.core.permission.GlobalPermissions.PROVISIONING;
 import static org.sonar.core.permission.GlobalPermissions.SCAN_EXECUTION;
 import static org.sonar.core.permission.GlobalPermissions.SYSTEM_ADMIN;
 import static org.sonar.db.component.ComponentTesting.newProjectDto;
@@ -235,7 +235,7 @@ public class ProjectStatusActionTest {
 
   @Test
   public void fail_if_insufficient_privileges() {
-    userSession.login("john").setGlobalPermissions(PREVIEW_EXECUTION);
+    userSession.login("john").setGlobalPermissions(PROVISIONING);
 
     ComponentDto project = newProjectDto("project-uuid");
     dbClient.componentDao().insert(dbSession, project);

diff --git a/server/sonar-server/src/test/resources/org/sonar/server/batch/GlobalActionTest/not_return_secured_settings_without_scan_but_being_logged.json b/server/sonar-server/src/test/resources/org/sonar/server/batch/GlobalActionTest/not_return_secured_settings_without_scan_but_being_logged.json
new file mode 100644 (file)
index 0000000..6bc5b2d
--- /dev/null
+++ b/server/sonar-server/src/test/resources/org/sonar/server/batch/GlobalActionTest/not_return_secured_settings_without_scan_but_being_logged.json
@@ -0,0 +1,7 @@
+{
+  "timestamp": 0,
+  "metrics": [],
+  "globalSettings": {
+    "foo" : "bar"
+  }
+}

diff --git a/server/sonar-web/test/json/permissions/global-permissions.json b/server/sonar-web/test/json/permissions/global-permissions.json
index d98935ead1cec8311f9f14e801c52dee4a574af0..d1802cd29200cd8af00296be07c02e27ec803804 100644 (file)
--- a/server/sonar-web/test/json/permissions/global-permissions.json
+++ b/server/sonar-web/test/json/permissions/global-permissions.json
@@ -35,13 +35,6 @@
       "usersCount": 0,
       "groupsCount": 1
     },
-    {
-      "key": "dryRunScan",
-      "name": "Execute Preview Analysis",
-      "description": "Ability to execute preview analysis (results are not pushed to the server). This permission does not include the ability to access secured settings such as the scm account password, the jira account password, and so on.<br/>This permission is <em>required</em> to execute preview analysis in Eclipse or via the Issues Report plugin.",
-      "usersCount": 0,
-      "groupsCount": 1
-    },
     {
       "key": "provisioning",
       "name": "Provision Projects",

diff --git a/server/sonar-web/test/json/quality-profiles/user-admin.json b/server/sonar-web/test/json/quality-profiles/user-admin.json
index 0c189780380d420f3c71b75415de29530b2776c7..4ab6ee43bf16a2e20af338b1d90201c95bcb8cb0 100644 (file)
--- a/server/sonar-web/test/json/quality-profiles/user-admin.json
+++ b/server/sonar-web/test/json/quality-profiles/user-admin.json
@@ -5,7 +5,6 @@
   "permissions": {
     "global": [
       "provisioning",
-      "dryRunScan",
       "shareDashboard",
       "scan",
       "profileadmin",

diff --git a/server/sonar-web/test/json/quality-profiles/user.json b/server/sonar-web/test/json/quality-profiles/user.json
index 3d5f7c3fa20030ee0b7cc64385398b6f3cb78c97..58c4577714454d56520f602001c1b0791d645aa6 100644 (file)
--- a/server/sonar-web/test/json/quality-profiles/user.json
+++ b/server/sonar-web/test/json/quality-profiles/user.json
@@ -2,8 +2,7 @@
   "isLoggedIn": false,
   "permissions": {
     "global": [
-      "scan",
-      "dryRunScan"
+      "scan"
     ]
   }
 }

diff --git a/sonar-core/src/main/resources/org/sonar/l10n/core.properties b/sonar-core/src/main/resources/org/sonar/l10n/core.properties
index e1b2c0c7d601072ba1f9704299c18246a1f283be..4a1ac81865afabbf3291164eb98e3c1084d2c085 100644 (file)
--- a/sonar-core/src/main/resources/org/sonar/l10n/core.properties
+++ b/sonar-core/src/main/resources/org/sonar/l10n/core.properties
@@ -2837,9 +2837,6 @@ global_permissions.shareDashboard=Share Dashboards And Filters
 global_permissions.shareDashboard.desc=Ability to share dashboards, issue filters and measure filters.
 global_permissions.scan=Execute Analysis
 global_permissions.scan.desc=Ability to execute analyses, and to get all settings required to perform the analysis, even the secured ones like the scm account password, the jira account password, and so on.
-global_permissions.dryRunScan=Execute Preview Analysis
-global_permissions.dryRunScan.desc=Ability to execute preview analysis (results are not pushed to the server). This permission does not include the ability to access secured settings such as the scm account password, the jira account password, and so on.<br/>\
-This permission is <em>required</em> to execute preview analysis in an IDE or for an Issues Report.
 global_permissions.provisioning=Provision Projects
 global_permissions.provisioning.desc=Ability to initialize a project so its settings can be configured before the first analysis.
 

diff --git a/sonar-db/src/main/java/org/sonar/core/permission/GlobalPermissions.java b/sonar-db/src/main/java/org/sonar/core/permission/GlobalPermissions.java
index aa153c83276fd382d6b0a81877acfbfde2922083..b5ef8cdc1586aa95e0d95f552c1a871de4b1bc0f 100644 (file)
--- a/sonar-db/src/main/java/org/sonar/core/permission/GlobalPermissions.java
+++ b/sonar-db/src/main/java/org/sonar/core/permission/GlobalPermissions.java
@@ -34,14 +34,13 @@ public final class GlobalPermissions {
   public static final String QUALITY_GATE_ADMIN = "gateadmin";
   public static final String DASHBOARD_SHARING = "shareDashboard";
   public static final String SCAN_EXECUTION = "scan";
-  public static final String PREVIEW_EXECUTION = "dryRunScan";
   public static final String PROVISIONING = "provisioning";
 
   /**
    * All the global permissions values, ordered from {@link #SYSTEM_ADMIN} to {@link #PROVISIONING}.
    */
   public static final List<String> ALL = ImmutableList.of(
-    SYSTEM_ADMIN, QUALITY_PROFILE_ADMIN, QUALITY_GATE_ADMIN, DASHBOARD_SHARING, SCAN_EXECUTION, PREVIEW_EXECUTION, PROVISIONING);
+    SYSTEM_ADMIN, QUALITY_PROFILE_ADMIN, QUALITY_GATE_ADMIN, DASHBOARD_SHARING, SCAN_EXECUTION, PROVISIONING);
   public static final String ALL_ON_ONE_LINE = Joiner.on(", ").join(GlobalPermissions.ALL);
 
   private GlobalPermissions() {

diff --git a/sonar-db/src/main/resources/org/sonar/db/version/rows-h2.sql b/sonar-db/src/main/resources/org/sonar/db/version/rows-h2.sql
index 8689c67cc305edefdbe68f84fd6039e33593111c..caa404a40bafa2a02edbc84b1393efb69464eb75 100644 (file)
--- a/sonar-db/src/main/resources/org/sonar/db/version/rows-h2.sql
+++ b/sonar-db/src/main/resources/org/sonar/db/version/rows-h2.sql
@@ -9,9 +9,8 @@ INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (2, 1, null, 'pr
 INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (3, 1, null, 'gateadmin');
 INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (4, 1, null, 'shareDashboard');
 INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (5, null, null, 'scan');
-INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (6, null, null, 'dryRunScan');
-INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (7, null, null, 'provisioning');
-INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (8, 1, null, 'provisioning');
+INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (6, null, null, 'provisioning');
+INSERT INTO GROUP_ROLES(ID, GROUP_ID, RESOURCE_ID, ROLE) VALUES (7, 1, null, 'provisioning');
 ALTER TABLE GROUP_ROLES ALTER COLUMN ID RESTART WITH 9;
 
 INSERT INTO GROUPS_USERS(USER_ID, GROUP_ID) VALUES (1, 1);

diff --git a/sonar-db/src/test/java/org/sonar/db/user/RoleDaoTest.java b/sonar-db/src/test/java/org/sonar/db/user/RoleDaoTest.java
index aba3ec458a1b70ad3514674dc837317d86f3ad24..808b732d9f561d14000378a8b051406a30cea0f3 100644 (file)
--- a/sonar-db/src/test/java/org/sonar/db/user/RoleDaoTest.java
+++ b/sonar-db/src/test/java/org/sonar/db/user/RoleDaoTest.java
@@ -64,10 +64,10 @@ public class RoleDaoTest {
       GlobalPermissions.QUALITY_PROFILE_ADMIN,
       GlobalPermissions.DASHBOARD_SHARING);
     assertThat(underTest.selectGroupPermissions(db.getSession(), "sonar-users", null)).containsOnly(GlobalPermissions.DASHBOARD_SHARING);
-    assertThat(underTest.selectGroupPermissions(db.getSession(), DefaultGroups.ANYONE, null)).containsOnly(GlobalPermissions.PREVIEW_EXECUTION,
+    assertThat(underTest.selectGroupPermissions(db.getSession(), DefaultGroups.ANYONE, null)).containsOnly(GlobalPermissions.PROVISIONING,
       GlobalPermissions.SCAN_EXECUTION);
-    assertThat(underTest.selectGroupPermissions(db.getSession(), "anyone", null)).containsOnly(GlobalPermissions.PREVIEW_EXECUTION, GlobalPermissions.SCAN_EXECUTION);
-    assertThat(underTest.selectGroupPermissions(db.getSession(), "AnYoNe", null)).containsOnly(GlobalPermissions.PREVIEW_EXECUTION, GlobalPermissions.SCAN_EXECUTION);
+    assertThat(underTest.selectGroupPermissions(db.getSession(), "anyone", null)).containsOnly(GlobalPermissions.PROVISIONING, GlobalPermissions.SCAN_EXECUTION);
+    assertThat(underTest.selectGroupPermissions(db.getSession(), "AnYoNe", null)).containsOnly(GlobalPermissions.PROVISIONING, GlobalPermissions.SCAN_EXECUTION);
   }
 
   @Test

diff --git a/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/deleteGroupPermissionsByGroupId-result.xml b/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/deleteGroupPermissionsByGroupId-result.xml
index a9effb1ea4781c4bd58065e7a189757a5d01831b..6bfa48a7c78fed6403f55eaf6ab1084774bda47f 100644 (file)
--- a/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/deleteGroupPermissionsByGroupId-result.xml
+++ b/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/deleteGroupPermissionsByGroupId-result.xml
@@ -6,7 +6,7 @@
   <group_roles id="4" group_id="101" role="shareDashboard" resource_id="[null]"/>
 
   <group_roles id="5" group_id="[null]" role="scan" resource_id="[null]"/>
-  <group_roles id="6" group_id="[null]" role="dryRunScan" resource_id="[null]"/>
+  <group_roles id="6" group_id="[null]" role="provisioning" resource_id="[null]"/>
 
   <group_roles id="7" group_id="102" role="admin" resource_id="1"/>
 

diff --git a/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/deleteGroupPermissionsByGroupId.xml b/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/deleteGroupPermissionsByGroupId.xml
index f05b0aebecfb3091944371163de1c47f59b4c6fd..5de7bc48230a706089b489e97652cce73bc461e9 100644 (file)
--- a/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/deleteGroupPermissionsByGroupId.xml
+++ b/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/deleteGroupPermissionsByGroupId.xml
@@ -11,7 +11,7 @@
   <group_roles id="4" group_id="101" role="shareDashboard" resource_id="[null]"/>
 
   <group_roles id="5" group_id="[null]" role="scan" resource_id="[null]"/>
-  <group_roles id="6" group_id="[null]" role="dryRunScan" resource_id="[null]"/>
+  <group_roles id="6" group_id="[null]" role="provisioning" resource_id="[null]"/>
 
   <group_roles id="7" group_id="102" role="admin" resource_id="1"/>
 

diff --git a/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/globalGroupPermissions-result.xml b/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/globalGroupPermissions-result.xml
index d87bfe95e0710a18224bd8ec202b8bcd39fe28bc..a351f9d9de8f43e904faa7fe34adc9cffe3f371a 100644 (file)
--- a/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/globalGroupPermissions-result.xml
+++ b/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/globalGroupPermissions-result.xml
@@ -9,7 +9,7 @@
 
   <!-- Group 'anyone' has a NULL group_id -->
   <group_roles id="5" group_id="[null]" role="scan" resource_id="[null]"/>
-  <group_roles id="6" group_id="[null]" role="dryRunScan" resource_id="[null]"/>
+  <group_roles id="6" group_id="[null]" role="provisioning" resource_id="[null]"/>
 
   <group_roles id="7" group_id="102" role="admin" resource_id="1"/>
 

diff --git a/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/globalGroupPermissions.xml b/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/globalGroupPermissions.xml
index 2e76afcd3be08c378f3ec3c7ecfad8b36bcde36a..812849436f1dd46dd5df42fdab40fd0acabf58cf 100644 (file)
--- a/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/globalGroupPermissions.xml
+++ b/sonar-db/src/test/resources/org/sonar/db/user/RoleDaoTest/globalGroupPermissions.xml
@@ -10,7 +10,7 @@
 
   <!-- Group 'anyone' has a NULL group_id -->
   <group_roles id="5" group_id="[null]" role="scan" resource_id="[null]"/>
-  <group_roles id="6" group_id="[null]" role="dryRunScan" resource_id="[null]"/>
+  <group_roles id="6" group_id="[null]" role="provisioning" resource_id="[null]"/>
 
   <!-- Component permission, it should not be returned with global permissions -->
   <group_roles id="7" group_id="102" role="admin" resource_id="1"/>