public static final Set<String> PUBLIC_PERMISSIONS = ImmutableSet.of(UserRole.USER, UserRole.CODEVIEWER);
/**
- * All the component permissions values, ordered from {@link UserRole#USER} to {@link GlobalPermissions#SCAN_EXECUTION}.
+ * All the component permissions values
*/
- public static final List<String> ALL = ImmutableList.of(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION, UserRole.USER);
+ public static final List<String> ALL = ImmutableList.of(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN,
+ GlobalPermissions.SCAN_EXECUTION, UserRole.USER);
public static final String ALL_ON_ONE_LINE = Joiner.on(", ").join(ProjectPermissions.ALL);
@Test
public void all_permissions() {
- assertThat(ProjectPermissions.ALL).containsExactly(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION, UserRole.USER);
+ assertThat(ProjectPermissions.ALL).containsExactly(UserRole.ADMIN, UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION, UserRole.USER);
}
@Test
public void all_permissions_as_string() {
- assertThat(ProjectPermissions.ALL_ON_ONE_LINE).isEqualTo("admin, codeviewer, issueadmin, scan, user");
+ assertThat(ProjectPermissions.ALL_ON_ONE_LINE).isEqualTo("admin, codeviewer, issueadmin, securityhotspotadmin, scan, user");
}
}
.from(Issue.STATUS_OPEN).to(Issue.STATUS_OPEN)
.conditions(new HasType(RuleType.SECURITY_HOTSPOT))
.functions(new SetType(RuleType.VULNERABILITY))
- .requiredProjectPermission(UserRole.ISSUE_ADMIN) // TODO need to check new permission
+ .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
.build())
.transition(Transition.builder(DefaultTransitions.DETECT)
.from(Issue.STATUS_REOPENED).to(Issue.STATUS_OPEN)
.conditions(new HasType(RuleType.SECURITY_HOTSPOT))
.functions(new SetType(RuleType.VULNERABILITY))
- .requiredProjectPermission(UserRole.ISSUE_ADMIN) // TODO need to check new permission
+ .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
.build())
.transition(Transition.builder(DefaultTransitions.DETECT)
.from(Issue.STATUS_RESOLVED).to(Issue.STATUS_OPEN)
.conditions(new HasType(RuleType.SECURITY_HOTSPOT), new HasResolution(Issue.RESOLUTION_WONT_FIX))
.functions(new SetType(RuleType.VULNERABILITY), new SetResolution(null))
- .requiredProjectPermission(UserRole.ISSUE_ADMIN) // TODO need to check new permission
+ .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
.build())
.transition(Transition.builder(DefaultTransitions.DISMISS)
.from(Issue.STATUS_OPEN).to(Issue.STATUS_REOPENED)
.conditions(IsManualVulnerability.INSTANCE)
.functions(new SetType(RuleType.SECURITY_HOTSPOT))
- .requiredProjectPermission(UserRole.ISSUE_ADMIN) // TODO need to check new permission
+ .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
.build())
.transition(Transition.builder(DefaultTransitions.REQUEST_REVIEW)
.from(Issue.STATUS_OPEN).to(Issue.STATUS_RESOLVED)
.from(Issue.STATUS_RESOLVED).to(Issue.STATUS_REOPENED)
.conditions(new HasType(RuleType.SECURITY_HOTSPOT), new HasResolution(Issue.RESOLUTION_FIXED))
.functions(new SetType(RuleType.VULNERABILITY), new SetResolution(null))
- .requiredProjectPermission(UserRole.ISSUE_ADMIN) // TODO need to check new permission
+ .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
.build())
.transition(Transition.builder(DefaultTransitions.ACCEPT)
.from(Issue.STATUS_RESOLVED).to(Issue.STATUS_RESOLVED)
.conditions(new HasType(RuleType.SECURITY_HOTSPOT), new HasResolution(Issue.RESOLUTION_FIXED))
.functions(new SetResolution(Issue.RESOLUTION_WONT_FIX))
- .requiredProjectPermission(UserRole.ISSUE_ADMIN) // TODO need to check new permission
+ .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
.build())
.transition(Transition.builder(DefaultTransitions.CLEAR)
.from(Issue.STATUS_OPEN).to(Issue.STATUS_RESOLVED)
.conditions(new HasType(RuleType.SECURITY_HOTSPOT))
.functions(new SetResolution(Issue.RESOLUTION_WONT_FIX))
- .requiredProjectPermission(UserRole.ISSUE_ADMIN) // TODO need to check new permission
+ .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
.build())
.transition(Transition.builder(DefaultTransitions.CLEAR)
.from(Issue.STATUS_REOPENED).to(Issue.STATUS_RESOLVED)
.conditions(new HasType(RuleType.SECURITY_HOTSPOT))
.functions(new SetResolution(Issue.RESOLUTION_WONT_FIX))
- .requiredProjectPermission(UserRole.ISSUE_ADMIN) // TODO need to check new permission
+ .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
.build())
.transition(Transition.builder(DefaultTransitions.REOPEN_HOTSPOT)
.from(Issue.STATUS_RESOLVED).to(Issue.STATUS_REOPENED)
.conditions(new HasType(RuleType.SECURITY_HOTSPOT), new HasResolution(Issue.RESOLUTION_WONT_FIX))
.functions(new SetResolution(null))
- .requiredProjectPermission(UserRole.ISSUE_ADMIN) // TODO need to check new permission
+ .requiredProjectPermission(UserRole.SECURITYHOTSPOT_ADMIN)
.build());
}
* <ul>
* <li>group {@link #OWNERS_GROUP_NAME Owners} : {@link UserRole#ADMIN ADMIN}</li>
* <li>group {@link #OWNERS_GROUP_NAME Owners} : {@link UserRole#ISSUE_ADMIN ISSUE_ADMIN}</li>
+ * <li>group {@link #OWNERS_GROUP_NAME Owners} : {@link UserRole#SECURITYHOTSPOT_ADMIN SECURITYHOTSPOT_ADMIN}</li>
* <li>group {@link #OWNERS_GROUP_NAME Owners} : {@link GlobalPermissions#SCAN_EXECUTION SCAN_EXECUTION}</li>
* <li>group {@link DefaultGroupCreatorImpl#DEFAULT_GROUP_NAME members} : {@link UserRole#USER USER}</li>
* <li>group {@link DefaultGroupCreatorImpl#DEFAULT_GROUP_NAME members} : {@link UserRole#CODEVIEWER CODEVIEWER}</li>
* <ul>
* <li>project creator : {@link UserRole#ADMIN ADMIN}</li>
* <li>project creator : {@link UserRole#ISSUE_ADMIN ISSUE_ADMIN}</li>
+ * <li>project creator : {@link UserRole#SECURITYHOTSPOT_ADMIN SECURITYHOTSPOT_ADMIN}</li>
* <li>project creator : {@link GlobalPermissions#SCAN_EXECUTION SCAN_EXECUTION}</li>
* <li>group {@link DefaultGroupCreatorImpl#DEFAULT_GROUP_NAME members} : {@link UserRole#USER USER}</li>
* <li>group {@link DefaultGroupCreatorImpl#DEFAULT_GROUP_NAME members} : {@link UserRole#CODEVIEWER CODEVIEWER}</li>
import static org.sonar.api.web.UserRole.ADMIN;
import static org.sonar.api.web.UserRole.CODEVIEWER;
import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
+import static org.sonar.api.web.UserRole.SECURITYHOTSPOT_ADMIN;
import static org.sonar.api.web.UserRole.USER;
import static org.sonar.core.util.stream.MoreCollectors.uniqueIndex;
import static org.sonar.db.permission.OrganizationPermission.SCAN;
insertGroupPermission(dbSession, permissionTemplateDto, ADMIN, ownerGroup);
insertGroupPermission(dbSession, permissionTemplateDto, ISSUE_ADMIN, ownerGroup);
+ insertGroupPermission(dbSession, permissionTemplateDto, SECURITYHOTSPOT_ADMIN, ownerGroup);
insertGroupPermission(dbSession, permissionTemplateDto, SCAN.getKey(), ownerGroup);
insertGroupPermission(dbSession, permissionTemplateDto, USER, defaultGroup);
insertGroupPermission(dbSession, permissionTemplateDto, CODEVIEWER, defaultGroup);
insertProjectCreatorPermission(dbSession, permissionTemplateDto, ADMIN, now);
insertProjectCreatorPermission(dbSession, permissionTemplateDto, ISSUE_ADMIN, now);
+ insertProjectCreatorPermission(dbSession, permissionTemplateDto, SECURITYHOTSPOT_ADMIN, now);
insertProjectCreatorPermission(dbSession, permissionTemplateDto, SCAN.getKey(), now);
insertGroupPermission(dbSession, permissionTemplateDto, USER, defaultGroup);
insertGroupPermission(dbSession, permissionTemplateDto, CODEVIEWER, defaultGroup);
if (admins.isPresent()) {
insertGroupPermission(dbSession, template, UserRole.ADMIN, admins.get());
insertGroupPermission(dbSession, template, UserRole.ISSUE_ADMIN, admins.get());
+ insertGroupPermission(dbSession, template, UserRole.SECURITYHOTSPOT_ADMIN, admins.get());
} else {
LOG.error("Cannot setup default permission for group: " + DefaultGroups.ADMINISTRATORS);
}
"groupsCount": 0,
"withProjectCreator": false
},
+ {
+ "key": "securityhotspotadmin",
+ "usersCount": 0,
+ "groupsCount": 0,
+ "withProjectCreator": false
+ },
{
"key": "scan",
"usersCount": 0,
"groupsCount": 3,
"withProjectCreator": false
},
+ {
+ "key": "securityhotspotadmin",
+ "usersCount": 0,
+ "groupsCount": 0,
+ "withProjectCreator": false
+ },
{
"key": "scan",
"usersCount": 0,
put("projects_role.issueadmin", "Administer Issues");
put("projects_role.issueadmin.desc", "Grants the permission to perform advanced editing on issues: marking an issue " +
"False Positive / Won't Fix or changing an Issue's severity. (Users will also need \"Browse\" permission)");
+ put("projects_role.securityhotspotadmin", "Administer Security Hotspots");
+ put("projects_role.securityhotspotadmin.desc", "Detect a Vulnerability from a \"Security Hotspot\". Reject, clear, accept, reopen a \"Security Hotspot\" (users also need \"Browse\" permissions).");
put("projects_role.user", "Browse");
put("projects_role.user.desc", "Ability to access a project, browse its measures, and create/edit issues for it.");
put("projects_role.codeviewer", "See Source Code");
assertThat(dbClient.permissionTemplateDao().selectGroupPermissionsByTemplateId(dbSession, defaultTemplate.getId()))
.extracting(PermissionTemplateGroupDto::getGroupId, PermissionTemplateGroupDto::getPermission)
.containsOnly(
- tuple(ownersGroup.getId(), UserRole.ADMIN), tuple(ownersGroup.getId(), UserRole.ISSUE_ADMIN), tuple(ownersGroup.getId(), GlobalPermissions.SCAN_EXECUTION),
+ tuple(ownersGroup.getId(), UserRole.ADMIN), tuple(ownersGroup.getId(), UserRole.ISSUE_ADMIN), tuple(ownersGroup.getId(), UserRole.SECURITYHOTSPOT_ADMIN), tuple(ownersGroup.getId(), GlobalPermissions.SCAN_EXECUTION),
tuple(defaultGroupId, UserRole.USER), tuple(defaultGroupId, UserRole.CODEVIEWER));
}
assertThat(dbClient.permissionTemplateCharacteristicDao().selectByTemplateIds(dbSession, Collections.singletonList(defaultTemplate.getId())))
.extracting(PermissionTemplateCharacteristicDto::getWithProjectCreator, PermissionTemplateCharacteristicDto::getPermission)
.containsOnly(
- tuple(true, UserRole.ADMIN), tuple(true, UserRole.ISSUE_ADMIN), tuple(true, GlobalPermissions.SCAN_EXECUTION));
+ tuple(true, UserRole.ADMIN), tuple(true, UserRole.ISSUE_ADMIN), tuple(true, UserRole.SECURITYHOTSPOT_ADMIN), tuple(true, GlobalPermissions.SCAN_EXECUTION));
}
@Test
assertThat(dbClient.permissionTemplateDao().selectGroupPermissionsByTemplateId(dbSession, defaultTemplate.getId()))
.extracting(PermissionTemplateGroupDto::getGroupId, PermissionTemplateGroupDto::getPermission)
.containsOnly(
- tuple(ownersGroup.getId(), UserRole.ADMIN), tuple(ownersGroup.getId(), UserRole.ISSUE_ADMIN), tuple(ownersGroup.getId(), GlobalPermissions.SCAN_EXECUTION),
+ tuple(ownersGroup.getId(), UserRole.ADMIN), tuple(ownersGroup.getId(), UserRole.ISSUE_ADMIN), tuple(ownersGroup.getId(), UserRole.SECURITYHOTSPOT_ADMIN), tuple(ownersGroup.getId(), GlobalPermissions.SCAN_EXECUTION),
tuple(defaultGroup.getId(), UserRole.USER), tuple(defaultGroup.getId(), UserRole.CODEVIEWER));
}
apply(new GroupPermissionChange(PermissionChange.Operation.ADD, perm, new ProjectId(privateProject), groupId));
fail("a BadRequestException should have been thrown for permission " + perm);
} catch (BadRequestException e) {
- assertThat(e).hasMessage("Invalid project permission '" + perm + "'. Valid values are [admin, codeviewer, issueadmin, scan, user]");
+ assertThat(e).hasMessage("Invalid project permission '" + perm + "'. Valid values are [admin, codeviewer, issueadmin, securityhotspotadmin, scan, user]");
}
});
}
apply(new GroupPermissionChange(PermissionChange.Operation.ADD, perm, new ProjectId(publicProject), groupId));
fail("a BadRequestException should have been thrown for permission " + perm);
} catch (BadRequestException e) {
- assertThat(e).hasMessage("Invalid project permission '" + perm + "'. Valid values are [admin, codeviewer, issueadmin, scan, user]");
+ assertThat(e).hasMessage("Invalid project permission '" + perm + "'. Valid values are [admin, codeviewer, issueadmin, securityhotspotadmin, scan, user]");
}
});
}
underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
assertThat(selectProjectPermissionsOfGroup(organization, null, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
underTest.applyDefault(session, organization.getUuid(), publicProject, null);
assertThat(selectProjectPermissionsOfGroup(organization, null, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));
assertThat(selectProjectPermissionsOfGroup(organization, group, privateProject))
- .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
underTest.applyDefault(session, organization.getUuid(), privateProject, null);
assertThat(selectProjectPermissionsOfGroup(organization, group, privateProject))
- .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
assertThat(selectProjectPermissionsOfGroup(organization, group, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
underTest.applyDefault(session, organization.getUuid(), publicProject, null);
assertThat(selectProjectPermissionsOfGroup(organization, group, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
underTest.applyAndCommit(session, permissionTemplate, singletonList(publicProject));
assertThat(selectProjectPermissionsOfUser(user, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
underTest.applyDefault(session, organization.getUuid(), publicProject, null);
assertThat(selectProjectPermissionsOfUser(user, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
underTest.applyAndCommit(session, permissionTemplate, singletonList(privateProject));
assertThat(selectProjectPermissionsOfUser(user, privateProject))
- .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
underTest.applyDefault(session, organization.getUuid(), privateProject, null);
assertThat(selectProjectPermissionsOfUser(user, privateProject))
- .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
underTest.applyDefault(session, organization.getUuid(), publicProject, user.getId());
assertThat(selectProjectPermissionsOfUser(user, publicProject))
- .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
underTest.applyDefault(session, organization.getUuid(), privateProject, user.getId());
assertThat(selectProjectPermissionsOfUser(user, privateProject))
- .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, GlobalPermissions.SCAN_EXECUTION);
+ .containsOnly("p1", UserRole.USER, UserRole.CODEVIEWER, UserRole.ADMIN, UserRole.ISSUE_ADMIN, UserRole.SECURITYHOTSPOT_ADMIN, GlobalPermissions.SCAN_EXECUTION);
}
@Test
@Test
public void fail_to_add_global_permission_on_project() {
expectedException.expect(BadRequestException.class);
- expectedException.expectMessage("Invalid project permission 'gateadmin'. Valid values are [admin, codeviewer, issueadmin, scan, user]");
+ expectedException.expectMessage("Invalid project permission 'gateadmin'. Valid values are [admin, codeviewer, issueadmin, securityhotspotadmin, scan, user]");
UserPermissionChange change = new UserPermissionChange(ADD, org1.getUuid(), QUALITY_GATE_ADMIN, new ProjectId(privateProject), UserId.from(user1));
apply(change);
+
" }," +
" {" +
+ " \"key\": \"securityhotspotadmin\"," +
+ " \"name\": \"Administer Security Hotspots\"," +
+ " \"description\": \"Detect a Vulnerability from a \\\"Security Hotspot\\\". Reject, clear, accept, reopen a \\\"Security Hotspot\\\" (users also need \\\"Browse\\\" permissions).\"" +
+ " }," +
+ " {" +
" \"key\": \"scan\"," +
" \"name\": \"Execute Analysis\"," +
" \"description\": \"Ability to execute analyses, and to get all settings required to perform the analysis, even the secured ones like the scm account password, the jira account password, and so on.\""
assertThat(defaultTemplate.getName()).isEqualTo("Default template");
List<PermissionTemplateGroupDto> groupPermissions = selectGroupPermissions(defaultTemplate);
- assertThat(groupPermissions).hasSize(4);
+ assertThat(groupPermissions).hasSize(5);
expectGroupPermission(groupPermissions, UserRole.ADMIN, DefaultGroups.ADMINISTRATORS);
expectGroupPermission(groupPermissions, UserRole.ISSUE_ADMIN, DefaultGroups.ADMINISTRATORS);
+ expectGroupPermission(groupPermissions, UserRole.SECURITYHOTSPOT_ADMIN, DefaultGroups.ADMINISTRATORS);
expectGroupPermission(groupPermissions, UserRole.CODEVIEWER, defaultGroup.getName());
expectGroupPermission(groupPermissions, UserRole.USER, defaultGroup.getName());
*/
import { sortBy } from 'lodash';
-export const PERMISSIONS_ORDER = ['user', 'codeviewer', 'issueadmin', 'admin', 'scan'];
+export const PERMISSIONS_ORDER = [
+ 'user',
+ 'codeviewer',
+ 'issueadmin',
+ 'securityhotspotadmin',
+ 'admin',
+ 'scan'
+];
/**
* Sort list of permissions based on predefined order
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
-export const PERMISSIONS_ORDER_FOR_PROJECT = ['user', 'codeviewer', 'issueadmin', 'admin', 'scan'];
+export const PERMISSIONS_ORDER_FOR_PROJECT = [
+ 'user',
+ 'codeviewer',
+ 'issueadmin',
+ 'securityhotspotadmin',
+ 'admin',
+ 'scan'
+];
export const PERMISSIONS_ORDER_FOR_VIEW = ['user', 'admin'];
projects_role.admin.desc=Access project settings and perform administration tasks. (Users will also need "Browse" permission)
projects_role.issueadmin=Administer Issues
projects_role.issueadmin.desc=Change the type and severity of issues, resolve issues as being "won't fix" or "false-positive" (users also need "Browse" permission).
+projects_role.securityhotspotadmin=Administer Security Hotspots
+projects_role.securityhotspotadmin.desc=Detect a Vulnerability from a "Security Hotspot". Reject, clear, accept, reopen a "Security Hotspot" (users also need "Browse" permissions).
projects_role.user=Browse
projects_role.user.desc=Access a project, browse its measures and issues, confirm or resolve issues as "fixed", change the assignee, comment on issues and change tags.
projects_role.codeviewer=See Source Code
String CODEVIEWER = "codeviewer";
String ISSUE_ADMIN = "issueadmin";
+ /**
+ * @since 7.3
+ */
+ String SECURITYHOTSPOT_ADMIN = "securityhotspotadmin";
+
String[] value() default {};
}