*/
package org.sonar.server.user;
+import java.util.EnumSet;
+import java.util.Set;
import org.sonar.db.DbClient;
import org.sonar.db.permission.GlobalPermission;
import org.sonar.db.user.TokenType;
public class TokenUserSession extends ServerUserSession {
private static final String SCAN = "scan";
+ private static final Set<GlobalPermission> GLOBAL_ANALYSIS_TOKEN_SUPPORTED_PERMISSIONS = EnumSet.of(GlobalPermission.SCAN, GlobalPermission.PROVISION_PROJECTS);
private final UserTokenDto userToken;
public TokenUserSession(DbClient dbClient, UserDto user, UserTokenDto userToken) {
//the project analysis token to work for multiple projects in case the user has Global Permissions.
return false;
case GLOBAL_ANALYSIS_TOKEN:
- return GlobalPermission.SCAN.equals(permission) &&
- super.hasPermissionImpl(permission);
+ return GLOBAL_ANALYSIS_TOKEN_SUPPORTED_PERMISSIONS.contains(permission) && super.hasPermissionImpl(permission);
default:
throw new IllegalArgumentException("Unsupported token type " + tokenType.name());
}
assertThat(userSession.hasPermission(GlobalPermission.SCAN)).isTrue();
}
+ @Test
+ public void test_hasProvisionProjectsGlobalPermission_for_GlobalAnalysisToken_returnsTrueIfUserIsGranted() {
+ UserDto user = db.users().insertUser();
+
+ db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
+ db.users().insertPermissionOnUser(user, GlobalPermission.PROVISION_PROJECTS);
+
+ TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user);
+
+ assertThat(userSession.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isTrue();
+ }
+
+ @Test
+ public void test_hasProvisionProjectsGlobalPermission_for_GlobalAnalysisToken_returnsFalseIfUserIsNotGranted() {
+ UserDto user = db.users().insertUser();
+
+ db.users().insertPermissionOnUser(user, GlobalPermission.SCAN);
+
+ TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user);
+
+ assertThat(userSession.hasPermission(GlobalPermission.PROVISION_PROJECTS)).isFalse();
+ }
+
+ @Test
+ public void test_hasAdministerGlobalPermission_for_GlobalAnalysisToken_returnsFalse() {
+ UserDto user = db.users().insertUser();
+
+ db.users().insertPermissionOnUser(user, GlobalPermission.ADMINISTER);
+
+ TokenUserSession userSession = mockGlobalAnalysisTokenUserSession(user);
+
+ assertThat(userSession.hasPermission(GlobalPermission.ADMINISTER)).isFalse();
+ }
+
private TokenUserSession mockTokenUserSession(UserDto userDto) {
return new TokenUserSession(dbClient, userDto, mockUserTokenDto());
}
return new TokenUserSession(dbClient, userDto, mockGlobalAnalysisTokenDto());
}
- private UserTokenDto mockUserTokenDto() {
+ private static UserTokenDto mockUserTokenDto() {
UserTokenDto userTokenDto = new UserTokenDto();
userTokenDto.setType(USER_TOKEN.name());
userTokenDto.setName("User Token");
return userTokenDto;
}
- private UserTokenDto mockProjectAnalysisTokenDto(ComponentDto componentDto) {
+ private static UserTokenDto mockProjectAnalysisTokenDto(ComponentDto componentDto) {
UserTokenDto userTokenDto = new UserTokenDto();
userTokenDto.setType(PROJECT_ANALYSIS_TOKEN.name());
userTokenDto.setName("Project Analysis Token");
return userTokenDto;
}
- private UserTokenDto mockGlobalAnalysisTokenDto() {
+ private static UserTokenDto mockGlobalAnalysisTokenDto() {
UserTokenDto userTokenDto = new UserTokenDto();
userTokenDto.setType(GLOBAL_ANALYSIS_TOKEN.name());
userTokenDto.setName("Global Analysis Token");
projects / sonarqube.git / commitdiff