import org.sonar.db.property.PropertiesDao;
import org.sonar.db.property.PropertyDto;
import org.sonar.server.exceptions.ForbiddenException;
-import org.sonarqube.ws.MediaTypes;
import org.sonar.server.user.UserSession;
+import org.sonarqube.ws.MediaTypes;
public class GlobalAction implements BatchWsAction {
@Override
public void handle(Request request, Response response) throws Exception {
- boolean hasScanPerm = userSession.hasGlobalPermission(GlobalPermissions.SCAN_EXECUTION);
- boolean hasPreviewPerm = userSession.hasGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION);
+ boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION);
+ boolean hasPreviewPerm = userSession.hasPermission(GlobalPermissions.PREVIEW_EXECUTION);
if (!hasPreviewPerm && !hasScanPerm) {
throw new ForbiddenException(Messages.NO_PERMISSION);
}
import org.sonar.server.component.ComponentFinder;
import org.sonar.server.issue.index.IssueDoc;
import org.sonar.server.issue.index.IssueIndex;
-import org.sonarqube.ws.MediaTypes;
import org.sonar.server.user.UserSession;
+import org.sonarqube.ws.MediaTypes;
import static com.google.common.collect.Maps.newHashMap;
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION);
+ userSession.checkPermission(GlobalPermissions.PREVIEW_EXECUTION);
final String moduleKey = request.mandatoryParam(PARAM_KEY);
response.stream().setMediaType(MediaTypes.PROTOBUF);
}
public ProjectRepositories load(ProjectDataQuery query) {
- boolean hasScanPerm = userSession.hasGlobalPermission(GlobalPermissions.SCAN_EXECUTION);
+ boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION);
checkPermission(query.isIssuesMode());
DbSession session = dbClient.openSession(false);
"Project or module with key '%s' is not found", query.getModuleKey());
// Scan permission is enough to analyze all projects but preview permission is limited to projects user can access
- if (query.isIssuesMode() && !userSession.hasProjectPermissionByUuid(UserRole.USER, module.projectUuid())) {
+ if (query.isIssuesMode() && !userSession.hasComponentUuidPermission(UserRole.USER, module.projectUuid())) {
throw new ForbiddenException("You're not authorized to access to project '" + module.name() + "', please contact your SonarQube administrator.");
}
}
private void checkPermission(boolean preview) {
- boolean hasScanPerm = userSession.hasGlobalPermission(GlobalPermissions.SCAN_EXECUTION);
- boolean hasPreviewPerm = userSession.hasGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION);
+ boolean hasScanPerm = userSession.hasPermission(GlobalPermissions.SCAN_EXECUTION);
+ boolean hasPreviewPerm = userSession.hasPermission(GlobalPermissions.PREVIEW_EXECUTION);
if (!hasPreviewPerm && !hasScanPerm) {
throw new ForbiddenException(Messages.NO_PERMISSION);
}
import org.sonar.api.server.ws.WebService;
import org.sonar.batch.protocol.input.BatchInput;
import org.sonar.core.permission.GlobalPermissions;
-import org.sonarqube.ws.MediaTypes;
import org.sonar.server.user.UserSession;
import org.sonar.server.user.index.UserDoc;
import org.sonar.server.user.index.UserIndex;
+import org.sonarqube.ws.MediaTypes;
public class UsersAction implements BatchWsAction {
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkGlobalPermission(GlobalPermissions.PREVIEW_EXECUTION);
+ userSession.checkPermission(GlobalPermissions.PREVIEW_EXECUTION);
List<String> logins = request.mandatoryParamAsStrings(PARAM_LOGINS);
response.stream().setMediaType(MediaTypes.PROTOBUF);
DbSession session = dbClient.openSession(false);
try {
ComponentDto projectOrModule = getByKey(session, projectOrModuleKey);
- userSession.checkProjectUuidPermission(UserRole.ADMIN, projectOrModule.projectUuid());
+ userSession.checkComponentUuidPermission(UserRole.ADMIN, projectOrModule.projectUuid());
dbClient.resourceKeyUpdaterDao().updateKey(projectOrModule.getId(), newKey);
session.commit();
DbSession session = dbClient.openSession(false);
try {
ComponentDto project = getByKey(projectKey);
- userSession.checkProjectUuidPermission(UserRole.ADMIN, project.projectUuid());
+ userSession.checkComponentUuidPermission(UserRole.ADMIN, project.projectUuid());
return dbClient.resourceKeyUpdaterDao().checkModuleKeysBeforeRenaming(project.getId(), stringToReplace, replacementString);
} finally {
session.close();
DbSession session = dbClient.openSession(true);
try {
ComponentDto project = getByKey(session, projectKey);
- userSession.checkProjectUuidPermission(UserRole.ADMIN, project.projectUuid());
+ userSession.checkComponentUuidPermission(UserRole.ADMIN, project.projectUuid());
dbClient.resourceKeyUpdaterDao().bulkUpdateKey(session, project.getId(), stringToReplace, replacementString);
session.commit();
} finally {
}
public ComponentDto create(NewComponent newComponent) {
- userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING);
+ userSession.checkPermission(GlobalPermissions.PROVISIONING);
DbSession session = dbClient.openSession(false);
try {
}
public ComponentDto create(DbSession session, NewComponent newComponent) {
- userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING);
+ userSession.checkPermission(GlobalPermissions.PROVISIONING);
checkKeyFormat(newComponent.qualifier(), newComponent.key());
ComponentDto project = createProject(session, newComponent);
removeDuplicatedProjects(session, project.getKey());
}
private SearchWsResponse doHandle(SearchWsRequest request) {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
List<String> qualifiers = request.getQualifiers();
validateQualifiers(qualifiers);
DbSession session = dbClient.openSession(false);
try {
ComponentDto componentDto = componentFinder.getByUuid(session, componentUuid);
- userSession.checkProjectUuidPermission(UserRole.USER, componentDto.projectUuid());
+ userSession.checkComponentUuidPermission(UserRole.USER, componentDto.projectUuid());
Set<Long> projectIds = newLinkedHashSet(dbClient.componentIndexDao().selectProjectIdsFromQueryAndViewOrSubViewUuid(session, query, componentDto.uuid()));
Collection<Long> authorizedProjectIds = dbClient.authorizationDao().keepAuthorizedProjectIds(session, projectIds, userSession.getUserId(), UserRole.USER);
private ComponentDto getComponentByUuidOrKey(DbSession dbSession, ShowWsRequest request) {
ComponentDto component = componentFinder.getByUuidOrKey(dbSession, request.getId(), request.getKey(), ParamNames.ID_AND_KEY);
String projectUuid = firstNonNull(component.projectUuid(), component.uuid());
- if (!userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) &&
- !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, projectUuid) &&
- !userSession.hasProjectPermissionByUuid(UserRole.USER, projectUuid)) {
+ if (!userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) &&
+ !userSession.hasComponentUuidPermission(UserRole.ADMIN, projectUuid) &&
+ !userSession.hasComponentUuidPermission(UserRole.USER, projectUuid)) {
throw insufficientPrivilegesException();
}
return component;
private void checkPermissions(ComponentDto baseComponent) {
String projectUuid = firstNonNull(baseComponent.projectUuid(), baseComponent.uuid());
- if (!userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) &&
- !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, projectUuid) &&
- !userSession.hasProjectPermissionByUuid(UserRole.USER, projectUuid)) {
+ if (!userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) &&
+ !userSession.hasComponentUuidPermission(UserRole.ADMIN, projectUuid) &&
+ !userSession.hasComponentUuidPermission(UserRole.USER, projectUuid)) {
throw insufficientPrivilegesException();
}
}
}
public CeTask submit(String projectKey, @Nullable String projectBranch, @Nullable String projectName, InputStream reportInput) {
- userSession.checkGlobalPermission(GlobalPermissions.SCAN_EXECUTION);
+ userSession.checkPermission(GlobalPermissions.SCAN_EXECUTION);
String effectiveProjectKey = ComponentKeys.createKey(projectKey, projectBranch);
ComponentDto project = componentService.getNullableByKey(effectiveProjectKey);
throw new ForbiddenException("Requires administration permission");
}
} else {
- userSession.checkGlobalPermission(UserRole.ADMIN);
+ userSession.checkPermission(UserRole.ADMIN);
}
}
}
public static boolean isAllowedOnComponentUuid(UserSession userSession, String componentUuid) {
- return userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid);
+ return userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid);
}
}
@Override
public void handle(Request wsRequest, Response wsResponse) {
- userSession.checkGlobalPermission(UserRole.ADMIN);
+ userSession.checkPermission(UserRole.ADMIN);
String taskId = wsRequest.mandatoryParam(PARAM_TASK_ID);
queue.cancel(taskId);
wsResponse.noContent();
@Override
public void handle(Request wsRequest, Response wsResponse) {
- userSession.checkGlobalPermission(UserRole.ADMIN);
+ userSession.checkPermission(UserRole.ADMIN);
queue.cancelAll();
wsResponse.noContent();
}
import org.sonar.server.computation.log.CeLogging;
import org.sonar.server.computation.log.LogFileRef;
import org.sonar.server.exceptions.NotFoundException;
-import org.sonarqube.ws.MediaTypes;
import org.sonar.server.user.UserSession;
+import org.sonarqube.ws.MediaTypes;
import static java.lang.String.format;
@Override
public void handle(Request wsRequest, Response wsResponse) throws Exception {
- userSession.checkGlobalPermission(UserRole.ADMIN);
+ userSession.checkPermission(UserRole.ADMIN);
String taskUuid = wsRequest.mandatoryParam(PARAM_TASK_UUID);
LogFileRef ref = loadLogRef(taskUuid);
List<CeQueueDto> dtos;
if (componentUuid == null) {
// no filters
- userSession.checkGlobalPermission(UserRole.ADMIN);
+ userSession.checkPermission(UserRole.ADMIN);
dtos = dbClient.ceQueueDao().selectAllInAscOrder(dbSession);
} else {
// filter by component
- if (userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)) {
+ if (userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN) || userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)) {
dtos = dbClient.ceQueueDao().selectByComponentUuid(dbSession, componentUuid);
} else {
throw new ForbiddenException("Requires system administration permission");
@Override
public void handle(Request wsRequest, Response wsResponse) throws Exception {
- userSession.checkAnyGlobalPermissions(AUTHORIZED_PERMISSIONS);
+ userSession.checkAnyPermissions(AUTHORIZED_PERMISSIONS);
String taskUuid = wsRequest.mandatoryParam(PARAM_TASK_UUID);
DbSession dbSession = dbClient.openSession(false);
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbSession;
import org.sonar.db.MyBatis;
-import org.sonar.db.rule.RuleDto;
import org.sonar.db.debt.CharacteristicDto;
+import org.sonar.db.rule.RuleDto;
import org.sonar.server.db.DbClient;
import org.sonar.server.debt.DebtModelXMLExporter.DebtModel;
import org.sonar.server.debt.DebtModelXMLExporter.RuleDebt;
}
private void checkPermission() {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
}
private static class RuleDtoMatchLanguage implements Predicate<RuleDto> {
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbSession;
import org.sonar.db.MyBatis;
-import org.sonar.db.rule.RuleDto;
import org.sonar.db.debt.CharacteristicDto;
+import org.sonar.db.rule.RuleDto;
import org.sonar.server.db.DbClient;
import org.sonar.server.debt.DebtPredicates.CharacteristicDtoMatchKey;
import org.sonar.server.exceptions.BadRequestException;
}
private void checkPermission() {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
}
private static DebtCharacteristic toCharacteristic(CharacteristicDto dto) {
}
availableActions.add("plan");
String projectUuid = issue.projectUuid();
- if (projectUuid != null && userSession.hasProjectPermissionByUuid(ISSUE_ADMIN, projectUuid)) {
+ if (projectUuid != null && userSession.hasComponentUuidPermission(ISSUE_ADMIN, projectUuid)) {
availableActions.add("set_severity");
}
}
import org.sonar.server.es.SearchOptions;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.issue.actionplan.ActionPlanService;
-import org.sonarqube.ws.client.issue.IssueFilterParameters;
import org.sonar.server.issue.filter.IssueFilterService;
import org.sonar.server.search.QueryContext;
import org.sonar.server.user.UserSession;
import org.sonar.server.util.RubyUtils;
import org.sonar.server.util.Validation;
+import org.sonarqube.ws.client.issue.IssueFilterParameters;
/**
* Used through ruby code <pre>Internal.issues</pre>
}
public boolean isUserIssueAdmin(String projectUuid) {
- return userSession.hasProjectPermissionByUuid(UserRole.ISSUE_ADMIN, projectUuid);
+ return userSession.hasComponentUuidPermission(UserRole.ISSUE_ADMIN, projectUuid);
}
private enum MatchIssueFilterParameters implements Predicate<Map.Entry<String, Object>> {
private void addViewsOrSubViews(IssueQuery.Builder builder, Collection<String> componentUuids, String uniqueQualifier) {
List<String> filteredViewUuids = newArrayList();
for (String viewUuid : componentUuids) {
- if ((Qualifiers.VIEW.equals(uniqueQualifier) && userSession.hasProjectPermissionByUuid(UserRole.USER, viewUuid))
+ if ((Qualifiers.VIEW.equals(uniqueQualifier) && userSession.hasComponentUuidPermission(UserRole.USER, viewUuid))
|| (Qualifiers.SUBVIEW.equals(uniqueQualifier) && userSession.hasComponentUuidPermission(UserRole.USER, viewUuid))) {
filteredViewUuids.add(viewUuid);
}
for (Transition transition : outTransitions) {
String projectUuid = issue.projectUuid();
if (userSession.isLoggedIn() && StringUtils.isBlank(transition.requiredProjectPermission()) ||
- (projectUuid != null && userSession.hasProjectPermissionByUuid(transition.requiredProjectPermission(), projectUuid))) {
+ (projectUuid != null && userSession.hasComponentUuidPermission(transition.requiredProjectPermission(), projectUuid))) {
allowedTransitions.add(transition);
}
}
for (Transition transition : outTransitions) {
String projectKey = defaultIssue.projectKey();
if (transition.key().equals(transitionKey) && StringUtils.isNotBlank(transition.requiredProjectPermission()) && projectKey != null) {
- userSession.checkProjectPermission(transition.requiredProjectPermission(), projectKey);
+ userSession.checkComponentPermission(transition.requiredProjectPermission(), projectKey);
}
}
}
DbSession session = dbClient.openSession(false);
try {
DefaultIssue issue = getByKeyForUpdate(session, issueKey).toDefaultIssue();
- userSession.checkProjectPermission(UserRole.ISSUE_ADMIN, issue.projectKey());
+ userSession.checkComponentPermission(UserRole.ISSUE_ADMIN, issue.projectKey());
IssueChangeContext context = IssueChangeContext.createUser(new Date(), userSession.getLogin());
if (issueUpdater.setManualSeverity(issue, severity, context)) {
ComponentDto component = componentOptional.get();
ComponentDto project = dbClient.componentDao().selectOrFailByUuid(dbSession, component.projectUuid());
- userSession.checkProjectPermission(UserRole.USER, project.getKey());
+ userSession.checkComponentPermission(UserRole.USER, project.getKey());
if (!ruleKey.isManual()) {
throw new IllegalArgumentException("Issues can be created only on rules marked as 'manual': " + ruleKey);
}
}
private boolean isCurrentUserIssueAdmin(String projectKey) {
- return userSession.hasProjectPermission(UserRole.ISSUE_ADMIN, projectKey);
+ return userSession.hasComponentPermission(UserRole.ISSUE_ADMIN, projectKey);
}
@Override
public boolean apply(Transition input) {
return input.key().equals(transition) &&
(StringUtils.isBlank(input.requiredProjectPermission()) ||
- userSession.hasProjectPermission(input.requiredProjectPermission(), defaultIssue.projectKey()));
+ userSession.hasComponentPermission(input.requiredProjectPermission(), defaultIssue.projectKey()));
}
}, null) != null;
}
import org.sonar.core.issue.DefaultIssue;
import org.sonar.core.issue.IssueChangeContext;
import org.sonar.core.issue.IssueUpdater;
+import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.component.ResourceDao;
import org.sonar.db.component.ResourceDto;
import org.sonar.db.issue.ActionPlanStatsDao;
import org.sonar.db.issue.ActionPlanStatsDto;
import org.sonar.db.issue.IssueDto;
-import org.sonar.db.DbClient;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.issue.IssueStorage;
import org.sonar.server.user.UserSession;
}
private static void checkUserCanAccessProject(String projectKey, UserSession userSession) {
- userSession.checkProjectPermission(UserRole.USER, projectKey);
+ userSession.checkComponentPermission(UserRole.USER, projectKey);
}
private static void checkUserIsProjectAdministrator(String projectKey, UserSession userSession) {
- userSession.checkProjectPermission(UserRole.ADMIN, projectKey);
+ userSession.checkComponentPermission(UserRole.ADMIN, projectKey);
}
private enum ToActionPlanStats implements Function<ActionPlanStatsDto, ActionPlanStats> {
private static boolean canModifyFilter(UserSession userSession, IssueFilterDto filter) {
return userSession.isLoggedIn() &&
- (StringUtils.equals(filter.getUserLogin(), userSession.getLogin()) || userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN));
+ (StringUtils.equals(filter.getUserLogin(), userSession.getLogin()) || userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN));
}
}
}
public static void checkPermissions(UserSession userSession, ComponentDto component) {
- if (userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)) {
+ if (userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)) {
return;
}
- userSession.checkLoggedIn().checkProjectUuidPermission(UserRole.ADMIN, component.projectUuid());
+ userSession.checkLoggedIn().checkComponentUuidPermission(UserRole.ADMIN, component.projectUuid());
}
}
}
private void checkPermissions(DbSession dbSession, CustomMeasureDto customMeasure) {
- if (userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)) {
+ if (userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)) {
return;
}
ComponentDto component = dbClient.componentDao().selectOrFailByUuid(dbSession, customMeasure.getComponentUuid());
- userSession.checkLoggedIn().checkProjectUuidPermission(UserRole.ADMIN, component.projectUuid());
+ userSession.checkLoggedIn().checkComponentUuidPermission(UserRole.ADMIN, component.projectUuid());
}
}
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
String key = request.mandatoryParam(PARAM_KEY);
DbSession dbSession = dbClient.openSession(false);
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
-import org.sonar.db.metric.MetricDto;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbSession;
import org.sonar.db.MyBatis;
+import org.sonar.db.metric.MetricDto;
import org.sonar.server.db.DbClient;
import org.sonar.server.ruby.RubyBridge;
import org.sonar.server.user.UserSession;
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
DbSession dbSession = dbClient.openSession(false);
try {
List<Integer> ids = loadIds(dbSession, request);
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
int id = request.mandatoryParamAsInt(PARAM_ID);
DbSession dbSession = dbClient.openSession(false);
public static void checkGlobalAdminUser(UserSession userSession) {
userSession
.checkLoggedIn()
- .checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ .checkPermission(GlobalPermissions.SYSTEM_ADMIN);
}
public static void checkProjectAdminUserByComponentKey(UserSession userSession, @Nullable String componentKey) {
userSession.checkLoggedIn();
- if (componentKey == null || !userSession.hasProjectPermission(UserRole.ADMIN, componentKey)) {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ if (componentKey == null || !userSession.hasComponentPermission(UserRole.ADMIN, componentKey)) {
+ userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
}
}
public static void checkProjectAdminUserByComponentUuid(UserSession userSession, @Nullable String componentUuid) {
userSession.checkLoggedIn();
- if (componentUuid == null || !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, componentUuid)) {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ if (componentUuid == null || !userSession.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)) {
+ userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
}
}
if (provisioned == null) {
checkProjectAdminUserByComponentKey(userSession, componentKey);
} else {
- userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING);
+ userSession.checkPermission(GlobalPermissions.PROVISIONING);
}
permissionRepository.applyDefaultPermissionTemplate(session, component);
session.commit();
@Override
public void handle(Request wsRequest, Response wsResponse) {
- userSession.checkGlobalPermission(UserRole.ADMIN);
+ userSession.checkPermission(UserRole.ADMIN);
LoggerLevel level = LoggerLevel.valueOf(wsRequest.mandatoryParam(PARAM_LEVEL));
db.enableSqlLogging(level.equals(LoggerLevel.TRACE));
logging.changeLevel(level);
*/
package org.sonar.server.platform.ws;
+import java.util.Map;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.server.platform.monitoring.Monitor;
import org.sonar.server.user.UserSession;
-import java.util.Map;
-
/**
* Implementation of the {@code info} action for the System WebService.
*/
@Override
public void handle(Request request, Response response) {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
JsonWriter json = response.newJsonWriter();
writeJson(json);
json.close();
import org.sonar.api.server.ws.WebService;
import org.sonar.api.web.UserRole;
import org.sonar.server.platform.ServerLogging;
-import org.sonarqube.ws.MediaTypes;
import org.sonar.server.user.UserSession;
+import org.sonarqube.ws.MediaTypes;
public class LogsAction implements SystemWsAction {
@Override
public void handle(Request wsRequest, Response wsResponse) throws Exception {
- userSession.checkGlobalPermission(UserRole.ADMIN);
+ userSession.checkPermission(UserRole.ADMIN);
wsResponse.stream().setMediaType(MediaTypes.TXT);
File file = serverLogging.getCurrentLogFile();
if (file.exists()) {
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
pluginDownloader.cancelDownloads();
pluginRepository.cancelUninstalls();
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
String key = request.mandatoryParam(PARAM_KEY);
PluginUpdate pluginUpdate = findAvailablePluginByKey(key);
pluginDownloader.download(key, pluginUpdate.getRelease().getVersion());
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
String key = request.mandatoryParam(PARAM_KEY);
ensurePluginIsInstalled(key);
pluginRepository.uninstall(key);
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
String key = request.mandatoryParam(PARAM_KEY);
PluginUpdate pluginUpdate = findPluginUpdateByKey(key);
pluginDownloader.download(key, pluginUpdate.getRelease().getVersion());
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkGlobalPermission(UserRole.ADMIN);
+ userSession.checkPermission(UserRole.ADMIN);
List<String> uuids = request.paramAsStrings(PARAM_IDS);
List<String> keys = request.paramAsStrings(PARAM_KEYS);
private void checkPermissions(@Nullable String uuid, @Nullable String key) {
if (missPermissionsBasedOnUuid(uuid) || missPermissionsBasedOnKey(key)) {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
}
}
private boolean missPermissionsBasedOnKey(@Nullable String key) {
- return key != null && !userSession.hasProjectPermission(UserRole.ADMIN, key) && !userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ return key != null && !userSession.hasComponentPermission(UserRole.ADMIN, key) && !userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN);
}
private boolean missPermissionsBasedOnUuid(@Nullable String uuid) {
- return uuid != null && !userSession.hasProjectPermissionByUuid(UserRole.ADMIN, uuid) && !userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ return uuid != null && !userSession.hasComponentUuidPermission(UserRole.ADMIN, uuid) && !userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN);
}
}
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkGlobalPermission(UserRole.ADMIN);
+ userSession.checkPermission(UserRole.ADMIN);
DbSession dbSession = dbClient.openSession(false);
SearchOptions searchOptions = new SearchOptions()
.setPage(request.mandatoryParamAsInt(Param.PAGE),
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkGlobalPermission(GlobalPermissions.PROVISIONING);
+ userSession.checkPermission(GlobalPermissions.PROVISIONING);
SearchOptions options = new SearchOptions().setPage(
request.mandatoryParamAsInt(Param.PAGE),
request.mandatoryParamAsInt(Param.PAGE_SIZE)
}
private void checkPermission() {
- userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
}
private void checkPermission(Long projectId, DbSession session) {
ComponentDto project = componentDao.selectOrFailById(session, projectId);
- if (!userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasProjectPermission(UserRole.ADMIN, project.key())) {
+ if (!userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasComponentPermission(UserRole.ADMIN, project.key())) {
throw new ForbiddenException("Insufficient privileges");
}
}
}
private void checkScanOrAdminPermission() {
- userSession.checkAnyGlobalPermissions(newHashSet(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.SYSTEM_ADMIN));
+ userSession.checkAnyPermissions(newHashSet(GlobalPermissions.SCAN_EXECUTION, GlobalPermissions.SYSTEM_ADMIN));
}
}
}
private static void checkPermission(UserSession userSession) {
- userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
}
private static void checkPermission(UserSession userSession, String projectKey) {
- if (!userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasProjectPermission(UserRole.ADMIN, projectKey)) {
+ if (!userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN) && !userSession.hasComponentPermission(UserRole.ADMIN, projectKey)) {
throw new ForbiddenException("Insufficient privileges");
}
}
import java.util.Collection;
import java.util.List;
import java.util.Map;
-
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
-
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.search.SearchHit;
import org.sonar.api.server.ServerSide;
private void verifyAdminPermission() {
userSession.checkLoggedIn();
- userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
}
public Result<QProfileActivity> searchActivities(QProfileActivityQuery query, SearchOptions options) {
import org.sonar.api.server.ws.WebService.NewAction;
import org.sonar.api.server.ws.WebService.NewController;
import org.sonar.core.permission.GlobalPermissions;
-import org.sonar.db.DbSession;
import org.sonar.db.DbClient;
+import org.sonar.db.DbSession;
import org.sonar.server.qualityprofile.QProfileFactory;
import org.sonar.server.qualityprofile.RuleActivator;
import org.sonar.server.user.UserSession;
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
DbSession session = dbClient.openSession(false);
try {
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
String newName = request.mandatoryParam(PARAM_PROFILE_NAME);
String profileKey = request.mandatoryParam(PARAM_PROFILE_KEY);
import org.sonar.db.DbSession;
import org.sonar.db.qualityprofile.QualityProfileDto;
import org.sonar.server.component.ws.LanguageParamUtils;
-import org.sonarqube.ws.MediaTypes;
import org.sonar.server.qualityprofile.QProfileExporters;
import org.sonar.server.qualityprofile.QProfileFactory;
import org.sonar.server.qualityprofile.QProfileName;
import org.sonar.server.qualityprofile.QProfileResult;
import org.sonar.server.user.UserSession;
+import org.sonarqube.ws.MediaTypes;
public class CreateAction implements QProfileWsAction {
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
String name = request.mandatoryParam(PARAM_PROFILE_NAME);
String language = request.mandatoryParam(PARAM_LANGUAGE);
import org.sonar.api.server.ws.WebService.NewAction;
import org.sonar.api.server.ws.WebService.NewController;
import org.sonar.core.permission.GlobalPermissions;
-import org.sonar.db.DbSession;
import org.sonar.db.DbClient;
+import org.sonar.db.DbSession;
import org.sonar.server.qualityprofile.QProfileFactory;
import org.sonar.server.user.UserSession;
@Override
public void handle(Request request, Response response) throws Exception {
userSession.checkLoggedIn();
- userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
DbSession session = dbClient.openSession(false);
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
InputStream backup = request.paramAsInputStream(PARAM_BACKUP);
InputStreamReader reader = null;
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
String newName = request.mandatoryParam(PARAM_PROFILE_NAME);
String profileKey = request.mandatoryParam(PARAM_PROFILE_KEY);
package org.sonar.server.qualityprofile.ws;
import com.google.common.base.Preconditions;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.nio.charset.StandardCharsets;
import org.apache.commons.io.IOUtils;
import org.sonar.api.resources.Language;
import org.sonar.api.resources.Languages;
import org.sonar.server.qualityprofile.QProfileBackuper;
import org.sonar.server.user.UserSession;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.nio.charset.StandardCharsets;
-
public class RestoreAction implements QProfileWsAction {
private static final String PARAM_BACKUP = "backup";
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
InputStream backup = request.paramAsInputStream(PARAM_BACKUP);
InputStreamReader reader = null;
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
String language = request.param(PARAM_LANGUAGE);
String profileName = request.param(PARAM_PROFILE_NAME);
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbSession;
import org.sonar.db.MyBatis;
-import org.sonar.db.rule.RuleDto;
import org.sonar.db.debt.CharacteristicDto;
+import org.sonar.db.rule.RuleDto;
import org.sonar.server.db.DbClient;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.NotFoundException;
private static void checkPermission(UserSession userSession) {
userSession.checkLoggedIn();
- userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
}
public static class RuleChange {
import java.util.Collection;
import java.util.List;
import java.util.Set;
-
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
-
-import org.sonar.api.server.ServerSide;
import org.sonar.api.rule.RuleKey;
+import org.sonar.api.server.ServerSide;
import org.sonar.core.permission.GlobalPermissions;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.rule.index.RuleIndex;
private void checkPermission() {
userSession.checkLoggedIn();
- userSession.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ userSession.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
}
}
}
private void addPermissions(JsonWriter json) {
- json.prop("canWrite", userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN));
+ json.prop("canWrite", userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN));
}
private void addProfiles(JsonWriter json) {
try {
final String componentKey = request.mandatoryParam("key");
final ComponentDto component = componentFinder.getByKey(session, componentKey);
- userSession.checkProjectUuidPermission(UserRole.USER, component.projectUuid());
+ userSession.checkComponentUuidPermission(UserRole.USER, component.projectUuid());
response.stream().setMediaType("text/plain");
OutputStreamWriter writer = new OutputStreamWriter(response.stream().output(), StandardCharsets.UTF_8);
DbSession dbSession = dbClient.openSession(false);
try {
ComponentDto file = componentFinder.getByUuidOrKey(dbSession, request.param(PARAM_UUID), request.param(PARAM_KEY), UUID_AND_KEY);
- userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid());
+ userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid());
int from = request.mandatoryParamAsInt(PARAM_FROM);
int to = Objects.firstNonNull(request.paramAsInt(PARAM_TO), Integer.MAX_VALUE);
DbSession dbSession = dbClient.openSession(false);
try {
ComponentDto file = componentFinder.getByKey(dbSession, fileKey);
- userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid());
+ userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid());
Optional<Iterable<String>> lines = sourceService.getLinesAsRawText(dbSession, file.uuid(), 1, Integer.MAX_VALUE);
response.stream().setMediaType("text/plain");
DbSession dbSession = dbClient.openSession(false);
try {
ComponentDto file = componentFinder.getByKey(dbSession, fileKey);
- userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid());
+ userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid());
Optional<Iterable<DbFileSources.Line>> sourceLines = sourceService.getLines(dbSession, file.uuid(), from, to);
if (!sourceLines.isPresent()) {
throw new NotFoundException(String.format("File '%s' has no sources", fileKey));
DbSession dbSession = dbClient.openSession(false);
try {
ComponentDto file = componentFinder.getByKey(dbSession, fileKey);
- userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, file.projectUuid());
+ userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, file.projectUuid());
Optional<Iterable<String>> linesHtml = sourceService.getLinesAsHtml(dbSession, file.uuid(), from, to);
if (linesHtml.isPresent()) {
import com.google.common.collect.Maps;
import java.util.Map;
import javax.annotation.CheckForNull;
-import org.sonar.api.server.ServerSide;
import org.sonar.api.measures.CoreMetrics;
+import org.sonar.api.server.ServerSide;
import org.sonar.api.utils.KeyValueFormat;
import org.sonar.api.web.UserRole;
-import org.sonar.db.measure.MeasureDto;
import org.sonar.db.DbSession;
import org.sonar.db.MyBatis;
import org.sonar.db.measure.MeasureDao;
+import org.sonar.db.measure.MeasureDto;
import org.sonar.server.user.UserSession;
@ServerSide
private void checkComponentUuidPermission(DbSession dbSession, String componentUuid) {
ComponentDto component = dbClient.componentDao().selectOrFailByUuid(dbSession, componentUuid);
- userSession.checkProjectUuidPermission(UserRole.CODEVIEWER, component.projectUuid());
+ userSession.checkComponentUuidPermission(UserRole.CODEVIEWER, component.projectUuid());
}
}
public boolean isUserAuthorized() {
boolean authorized = userRoles.length == 0;
for (String userRole : getUserRoles()) {
- authorized |= userSession.hasGlobalPermission(userRole);
+ authorized |= userSession.hasPermission(userRole);
}
return authorized;
}
public boolean isUserAuthorized(ComponentDto component) {
boolean authorized = userRoles.length == 0;
for (String userRole : getUserRoles()) {
- authorized |= userSession.hasProjectPermissionByUuid(userRole, component.uuid());
+ authorized |= userSession.hasComponentUuidPermission(userRole, component.uuid());
}
return authorized;
}
try {
ComponentDto component = componentFinder.getByKey(session, componentKey);
- userSession.checkProjectUuidPermission(UserRole.USER, component.projectUuid());
+ userSession.checkComponentUuidPermission(UserRole.USER, component.projectUuid());
SnapshotDto snapshot = dbClient.snapshotDao().selectLastSnapshotByComponentId(session, component.getId());
json.beginObject();
writeComponent(json, session, component, snapshot, userSession);
- if (userSession.hasProjectPermissionByUuid(UserRole.ADMIN, component.projectUuid()) || userSession.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)) {
+ if (userSession.hasComponentUuidPermission(UserRole.ADMIN, component.projectUuid()) || userSession.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)) {
writeConfiguration(json, component, userSession);
}
}
private void writeConfiguration(JsonWriter json, ComponentDto component, UserSession userSession) {
- boolean isAdmin = userSession.hasProjectPermissionByUuid(UserRole.ADMIN, component.projectUuid());
+ boolean isAdmin = userSession.hasComponentUuidPermission(UserRole.ADMIN, component.projectUuid());
Locale locale = userSession.locale();
json.name("configuration").beginObject();
@Override
public void handle(Request request, Response response) throws Exception {
- boolean isAdmin = userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ boolean isAdmin = userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN);
JsonWriter json = response.newJsonWriter().beginObject();
json.prop("showUpdateCenter", isAdmin && settings.getBoolean(UpdateCenterClient.ACTIVATION_PROPERTY));
- json.prop("showProvisioning", userSession.hasGlobalPermission(GlobalPermissions.PROVISIONING));
+ json.prop("showProvisioning", userSession.hasPermission(GlobalPermissions.PROVISIONING));
json.name("extensions").beginArray();
if (isAdmin) {
}
@Override
- public UserSession checkGlobalPermission(String globalPermission) {
- return checkGlobalPermission(globalPermission, null);
- }
-
- @Override
- public UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage) {
- if (!hasGlobalPermission(globalPermission)) {
- throw new ForbiddenException(errorMessage != null ? errorMessage : INSUFFICIENT_PRIVILEGES_MESSAGE);
+ public UserSession checkPermission(String globalPermission) {
+ if (!hasPermission(globalPermission)) {
+ throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);
}
return this;
}
@Override
- public UserSession checkAnyGlobalPermissions(Collection<String> globalPermissionsToTest) {
+ public UserSession checkAnyPermissions(Collection<String> globalPermissionsToTest) {
List<String> userGlobalPermissions = globalPermissions();
for (String userGlobalPermission : userGlobalPermissions) {
if (globalPermissionsToTest.contains(userGlobalPermission)) {
}
@Override
- public boolean hasGlobalPermission(String globalPermission) {
+ public boolean hasPermission(String globalPermission) {
return globalPermissions().contains(globalPermission);
}
- @Override
- public UserSession checkProjectPermission(String projectPermission, String projectKey) {
- if (!hasProjectPermission(projectPermission, projectKey)) {
- throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);
- }
- return this;
- }
-
- @Override
- public UserSession checkProjectUuidPermission(String projectPermission, String projectUuid) {
- if (!hasProjectPermissionByUuid(projectPermission, projectUuid)) {
- throw new ForbiddenException(INSUFFICIENT_PRIVILEGES_MESSAGE);
- }
- return this;
- }
-
@Override
public UserSession checkComponentPermission(String projectPermission, String componentKey) {
if (!hasComponentPermission(projectPermission, componentKey)) {
return Collections.emptyList();
}
- @Override
- public boolean hasProjectPermission(String permission, String projectKey) {
- return false;
- }
-
- @Override
- public boolean hasProjectPermissionByUuid(String permission, String projectUuid) {
- return false;
- }
-
@Override
public boolean hasComponentPermission(String permission, String componentKey) {
return false;
import com.google.common.base.Objects;
import com.google.common.base.Strings;
+import java.util.List;
+import java.util.Map;
+import javax.annotation.CheckForNull;
import org.sonar.api.user.RubyUserService;
import org.sonar.api.user.User;
import org.sonar.api.user.UserFinder;
import org.sonar.server.user.index.UserIndex;
import org.sonar.server.util.RubyUtils;
-import javax.annotation.CheckForNull;
-
-import java.util.List;
-import java.util.Map;
-
public class DefaultUserService implements RubyUserService {
private final UserIndex userIndex;
if (Strings.isNullOrEmpty(login)) {
throw new BadRequestException("Login is missing");
}
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
if (Objects.equal(userSession.getLogin(), login)) {
throw new BadRequestException("Self-deactivation is not possible");
}
import java.util.Collections;
import java.util.List;
-import org.sonar.core.permission.GlobalPermissions;
-
import java.util.Locale;
+import org.sonar.core.permission.GlobalPermissions;
/**
* Allow code to be executed with the highest privileges possible, as if executed by a {@link GlobalPermissions#SYSTEM_ADMIN} account.
}
@Override
- public boolean hasGlobalPermission(String globalPermission) {
+ public boolean hasPermission(String globalPermission) {
return true;
}
return Collections.emptyList();
}
- @Override
- public boolean hasProjectPermission(String permission, String projectKey) {
- return true;
- }
-
- @Override
- public boolean hasProjectPermissionByUuid(String permission, String projectUuid) {
- return true;
- }
-
@Override
public boolean hasComponentPermission(String permission, String componentKey) {
return true;
import java.util.List;
import java.util.Map;
import org.sonar.api.security.DefaultGroups;
-import org.sonar.api.utils.log.Logger;
-import org.sonar.api.utils.log.Loggers;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.component.ResourceDao;
import org.sonar.db.component.ResourceDto;
import org.sonar.db.user.AuthorizationDao;
* Part of the current HTTP session
*/
public class ServerUserSession extends AbstractUserSession<ServerUserSession>
- implements UserSession {
-
- private static final Logger LOG = Loggers.get(ServerUserSession.class);
+ implements UserSession {
private Map<String, String> projectKeyByComponentKey = newHashMap();
List<String> permissionKeys = authorizationDao.selectGlobalPermissions(login);
globalPermissions = new ArrayList<>();
for (String permissionKey : permissionKeys) {
- if (!GlobalPermissions.ALL.contains(permissionKey)) {
- LOG.warn("Ignoring unknown permission {} for user {}", permissionKey, login);
- } else {
- globalPermissions.add(permissionKey);
- }
+ globalPermissions.add(permissionKey);
}
}
return globalPermissions;
}
- @Override
- public boolean hasProjectPermission(String permission, String projectKey) {
+ private boolean hasProjectPermission(String permission, String projectKey) {
if (!projectPermissionsCheckedByKey.contains(permission)) {
Collection<String> projectKeys = authorizationDao.selectAuthorizedRootProjectsKeys(userId, permission);
for (String key : projectKeys) {
return projectKeyByPermission.get(permission).contains(projectKey);
}
- @Override
- public boolean hasProjectPermissionByUuid(String permission, String projectUuid) {
+ // To keep private
+ private boolean hasProjectPermissionByUuid(String permission, String projectUuid) {
if (!projectPermissionsCheckedByUuid.contains(permission)) {
Collection<String> projectUuids = authorizationDao.selectAuthorizedRootProjectsUuids(userId, permission);
addProjectPermission(permission, projectUuids);
@Override
public boolean hasComponentPermission(String permission, String componentKey) {
+ if (hasPermission(permission)) {
+ return true;
+ }
+
String projectKey = projectKeyByComponentKey.get(componentKey);
if (projectKey == null) {
ResourceDto project = resourceDao.getRootProjectByComponentKey(componentKey);
@Override
public boolean hasComponentUuidPermission(String permission, String componentUuid) {
+ if (hasPermission(permission)) {
+ return true;
+ }
+
String projectUuid = projectUuidByComponentUuid.get(componentUuid);
if (projectUuid == null) {
ResourceDto project = resourceDao.selectResource(componentUuid);
import java.util.Locale;
import java.util.Set;
import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
/**
* Part of the current HTTP session
}
@Override
- public UserSession checkGlobalPermission(String globalPermission) {
- return get().checkGlobalPermission(globalPermission);
+ public UserSession checkPermission(String globalPermission) {
+ return get().checkPermission(globalPermission);
}
@Override
- public UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage) {
- return get().checkGlobalPermission(globalPermission, errorMessage);
+ public UserSession checkAnyPermissions(Collection<String> globalPermissions) {
+ return get().checkAnyPermissions(globalPermissions);
}
@Override
- public UserSession checkAnyGlobalPermissions(Collection<String> globalPermissions) {
- return get().checkAnyGlobalPermissions(globalPermissions);
- }
-
- @Override
- public boolean hasGlobalPermission(String globalPermission) {
- return get().hasGlobalPermission(globalPermission);
+ public boolean hasPermission(String globalPermission) {
+ return get().hasPermission(globalPermission);
}
@Override
return get().globalPermissions();
}
- @Override
- public UserSession checkProjectPermission(String projectPermission, String projectKey) {
- return get().checkProjectPermission(projectPermission, projectKey);
- }
-
- @Override
- public UserSession checkProjectUuidPermission(String projectPermission, String projectUuid) {
- return get().checkProjectUuidPermission(projectPermission, projectUuid);
- }
-
- @Override
- public boolean hasProjectPermission(String permission, String projectKey) {
- return get().hasProjectPermission(permission, projectKey);
- }
-
- @Override
- public boolean hasProjectPermissionByUuid(String permission, String projectUuid) {
- return get().hasProjectPermissionByUuid(permission, projectUuid);
- }
-
@Override
public UserSession checkComponentPermission(String projectPermission, String componentKey) {
return get().checkComponentPermission(projectPermission, componentKey);
import java.util.Locale;
import java.util.Set;
import javax.annotation.CheckForNull;
-import javax.annotation.Nullable;
public interface UserSession {
@CheckForNull
/**
* Ensures that user implies the specified global permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
*/
- UserSession checkGlobalPermission(String globalPermission);
-
- /**
- * Ensures that user implies the specified global permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException} with
- * the specified error message.
- */
- UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage);
+ UserSession checkPermission(String globalPermission);
/**
* Ensures that user implies any of the specified global permissions, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException} with
* the specified error message.
*/
- UserSession checkAnyGlobalPermissions(Collection<String> globalPermissions);
+ UserSession checkAnyPermissions(Collection<String> globalPermissions);
/**
* Does the user have the given permission ?
*/
- boolean hasGlobalPermission(String globalPermission);
+ boolean hasPermission(String globalPermission);
List<String> globalPermissions();
/**
- * Ensures that user implies the specified project permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
- */
- UserSession checkProjectPermission(String projectPermission, String projectKey);
-
- /**
- * Ensures that user implies the specified project permission, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
- */
- UserSession checkProjectUuidPermission(String projectPermission, String projectUuid);
-
- /**
- * Does the user have the given project permission ?
- */
- boolean hasProjectPermission(String permission, String projectKey);
-
- /**
- * Does the user have the given project permission ?
- */
- boolean hasProjectPermissionByUuid(String permission, String projectUuid);
-
- /**
- * Ensures that user implies the specified project permission on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
+ * Ensures that user implies the specified permission globally or on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
+ * If the component doesn't exist and the user hasn't the global permission, throws a {@link org.sonar.server.exceptions.ForbiddenException}.
*/
UserSession checkComponentPermission(String projectPermission, String componentKey);
/**
- * Ensures that user implies the specified component permission on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
+ * Ensures that user implies the specified component permission globally or on a component, otherwise throws a {@link org.sonar.server.exceptions.ForbiddenException}.
+ * If the component doesn't exist and the user hasn't the global permission, throws a {@link org.sonar.server.exceptions.ForbiddenException}.
*/
UserSession checkComponentUuidPermission(String permission, String componentUuid);
/**
- * Does the user have the given project permission for a component key ?
+ * Does the user have the given permission for a component key ?
+ *
+ * First, check if the user has the global permission (even if the component doesn't exist)
+ * If not, check is the user has the permission on the project of the component
+ * If the component doesn't exist, return false
*/
boolean hasComponentPermission(String permission, String componentKey);
/**
* Does the user have the given project permission for a component uuid ?
+
+ * First, check if the user has the global permission (even if the component doesn't exist)
+ * If not, check is the user has the permission on the project of the component
+ * If the component doesn't exist, return false
*/
boolean hasComponentUuidPermission(String permission, String componentUuid);
}
String previousPassword = request.mandatoryParam(PARAM_PREVIOUS_PASSWORD);
userUpdater.checkCurrentPassword(login, previousPassword);
} else {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
}
String password = request.mandatoryParam(PARAM_PASSWORD);
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
String login = request.mandatoryParam(PARAM_LOGIN);
String password = request.mandatoryParam(PARAM_PASSWORD);
import org.sonar.api.server.ws.WebService.NewAction;
import org.sonar.api.utils.text.JsonWriter;
import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.MyBatis;
-import org.sonar.db.DbClient;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.user.UserSession;
import org.sonar.server.user.UserUpdater;
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
String login = request.mandatoryParam(PARAM_LOGIN);
if (login.equals(userSession.getLogin())) {
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
String login = request.mandatoryParam(PARAM_LOGIN);
int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE);
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.text.JsonWriter;
import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.MyBatis;
-import org.sonar.db.DbClient;
import org.sonar.server.user.UpdateUser;
import org.sonar.server.user.UserSession;
import org.sonar.server.user.UserUpdater;
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
String login = request.mandatoryParam(PARAM_LOGIN);
UpdateUser updateUser = UpdateUser.create(login);
}
private void writeGroupsIfNeeded(JsonWriter json, Collection<String> groups, @Nullable Collection<String> fields) {
- if (isFieldNeeded(FIELD_GROUPS, fields) && userSession.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)) {
+ if (isFieldNeeded(FIELD_GROUPS, fields) && userSession.hasPermission(GlobalPermissions.SYSTEM_ADMIN)) {
json.name(FIELD_GROUPS).beginArray();
for (String groupName : groups) {
json.value(groupName);
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
WsGroupRef wsGroupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request);
String login = request.mandatoryParam(PARAM_LOGIN);
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
String name = request.mandatoryParam(PARAM_NAME);
String description = request.param(PARAM_DESCRIPTION);
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
WsGroupRef groupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request);
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
WsGroupRef wsGroupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request);
String login = request.mandatoryParam(PARAM_LOGIN);
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
Long groupId = request.mandatoryParamAsLong(PARAM_ID);
String name = request.param(PARAM_NAME);
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
WsGroupRef wsGroupRef = WsGroupRef.newWsGroupRefFromUserGroupRequest(request);
int pageSize = request.mandatoryParamAsInt(Param.PAGE_SIZE);
}
private WsUserTokens.GenerateWsResponse doHandle(GenerateWsRequest request) {
- userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkPermission(GlobalPermissions.SYSTEM_ADMIN);
DbSession dbSession = dbClient.openSession(false);
try {
}
private void doHandle(RevokeWsRequest request) {
- userSession.checkLoggedIn().checkGlobalPermission(SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(SYSTEM_ADMIN);
DbSession dbSession = dbClient.openSession(false);
try {
}
private SearchWsResponse doHandle(SearchWsRequest request) {
- userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
+ userSession.checkLoggedIn().checkPermission(GlobalPermissions.SYSTEM_ADMIN);
DbSession dbSession = dbClient.openSession(false);
try {
import org.junit.Rule;
import org.junit.Test;
import org.sonar.api.issue.Issue;
+import org.sonar.api.web.UserRole;
import org.sonar.core.issue.DefaultIssue;
import org.sonar.core.issue.IssueChangeContext;
-import org.sonar.api.web.UserRole;
import org.sonar.core.issue.IssueUpdater;
-import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.tester.AnonymousMockUserSession;
+import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.user.UserSession;
import static com.google.common.collect.Maps.newHashMap;
@Test
public void should_support_only_unresolved_issues() {
- when(userSessionMock.hasProjectPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true);
+ when(userSessionMock.hasComponentPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true);
assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar").setResolution(null))).isTrue();
assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar").setResolution(Issue.RESOLUTION_FIXED))).isFalse();
}
@Test
public void should_support_only_issues_with_issue_admin_permission() {
- when(userSessionMock.hasProjectPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true);
+ when(userSessionMock.hasComponentPermission(UserRole.ISSUE_ADMIN, "foo:bar")).thenReturn(true);
assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar").setResolution(null))).isTrue();
assertThat(action.supports(new DefaultIssue().setProjectKey("foo:bar2").setResolution(null))).isFalse();
}
@Mock
IssueStorage issueStorage;
- String projectKey = "org.sonar.Sample";
+ static final String PROJECT_KEY = "org.sonar.Sample";
+ static final String PROJECT_UUID = "ABCD";
- UserSession projectAdministratorUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.ADMIN, projectKey);
- UserSession projectUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.USER, projectKey);
+ UserSession projectAdministratorUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.ADMIN, PROJECT_KEY);
+ UserSession projectUserSession = new MockUserSession("nicolas").setName("Nicolas").addProjectPermissions(UserRole.USER, PROJECT_KEY);
UserSession unauthorizedUserSession = new MockUserSession("nicolas").setName("Nicolas");
private ActionPlanService actionPlanService;
@Test
public void create() {
- when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l));
+ when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setUuid(PROJECT_UUID).setId(1l));
ActionPlan actionPlan = DefaultActionPlan.create("Long term");
actionPlanService.create(actionPlan, projectAdministratorUserSession);
@Test
public void create_required_admin_role() {
- when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l));
+ when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l));
ActionPlan actionPlan = DefaultActionPlan.create("Long term");
try {
@Test
public void set_status() {
- when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey));
- when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l));
+ when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY));
+ when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l));
ActionPlan result = actionPlanService.setStatus("ABCD", "CLOSED", projectAdministratorUserSession);
verify(actionPlanDao).update(any(ActionPlanDto.class));
@Test
public void update() {
- when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l));
+ when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l));
ActionPlan actionPlan = DefaultActionPlan.create("Long term");
actionPlanService.update(actionPlan, projectAdministratorUserSession);
@Test
public void delete() {
- when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey));
- when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l));
+ when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY));
+ when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l));
actionPlanService.delete("ABCD", projectAdministratorUserSession);
verify(actionPlanDao).delete("ABCD");
}
@Test
public void unplan_all_linked_issues_when_deleting_an_action_plan() {
- when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey));
- when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l));
+ when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY));
+ when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l));
IssueDto issueDto = new IssueDto().setId(100L).setStatus(Issue.STATUS_OPEN).setRuleKey("squid", "s100").setIssueCreationDate(new Date());
when(issueDao.selectByActionPlan(session, "ABCD")).thenReturn(newArrayList(issueDto));
@Test
public void find_by_key() {
- when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(projectKey));
- when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l));
+ when(actionPlanDao.selectByKey("ABCD")).thenReturn(new ActionPlanDto().setKey("ABCD").setProjectKey_unit_test_only(PROJECT_KEY));
+ when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l));
ActionPlan result = actionPlanService.findByKey("ABCD", projectUserSession);
assertThat(result).isNotNull();
@Test
public void find_open_by_project_key() {
- when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l));
+ when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l));
when(actionPlanDao.selectOpenByProjectId(1l)).thenReturn(newArrayList(new ActionPlanDto().setKey("ABCD")));
- Collection<ActionPlan> results = actionPlanService.findOpenByProjectKey(projectKey, projectUserSession);
+ Collection<ActionPlan> results = actionPlanService.findOpenByProjectKey(PROJECT_KEY, projectUserSession);
assertThat(results).hasSize(1);
assertThat(results.iterator().next().key()).isEqualTo("ABCD");
}
@Test
public void find_open_by_project_key_required_user_role() {
- when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(projectKey).setId(1l));
+ when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setKey(PROJECT_KEY).setId(1l));
when(actionPlanDao.selectOpenByProjectId(1l)).thenReturn(newArrayList(new ActionPlanDto().setKey("ABCD")));
try {
- actionPlanService.findOpenByProjectKey(projectKey, unauthorizedUserSession);
+ actionPlanService.findOpenByProjectKey(PROJECT_KEY, unauthorizedUserSession);
fail();
} catch (Exception e) {
assertThat(e).isInstanceOf(ForbiddenException.class);
@Test
public void find_action_plan_stats() {
- when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setId(1L).setKey(projectKey));
+ when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(new ResourceDto().setId(1L).setKey(PROJECT_KEY));
when(actionPlanStatsDao.selectByProjectId(1L)).thenReturn(newArrayList(new ActionPlanStatsDto()));
- Collection<ActionPlanStats> results = actionPlanService.findActionPlanStats(projectKey, projectUserSession);
+ Collection<ActionPlanStats> results = actionPlanService.findActionPlanStats(PROJECT_KEY, projectUserSession);
assertThat(results).hasSize(1);
}
public void throw_exception_if_project_not_found_when_find_open_action_plan_stats() {
when(resourceDao.selectResource(any(ResourceQuery.class))).thenReturn(null);
- actionPlanService.findActionPlanStats(projectKey, projectUserSession);
+ actionPlanService.findActionPlanStats(PROJECT_KEY, projectUserSession);
}
}
public MockUserSession addProjectPermissions(String projectPermission, String... projectKeys) {
this.projectPermissionsCheckedByKey.add(projectPermission);
this.projectKeyByPermission.putAll(projectPermission, newArrayList(projectKeys));
+ for (String projectKey : projectKeys) {
+ this.projectKeyByComponentKey.put(projectKey, projectKey);
+ }
return this;
}
public MockUserSession addProjectUuidPermissions(String projectPermission, String... projectUuids) {
this.projectPermissionsCheckedByUuid.add(projectPermission);
this.projectUuidByPermission.putAll(projectPermission, newArrayList(projectUuids));
+ for (String projectUuid : projectUuids) {
+ this.projectUuidByComponentUuid.put(projectUuid, projectUuid);
+ }
return this;
}
return globalPermissions;
}
- @Override
- public boolean hasProjectPermission(String permission, String projectKey) {
- return projectPermissionsCheckedByKey.contains(permission) && projectKeyByPermission.get(permission).contains(projectKey);
- }
-
- @Override
- public boolean hasProjectPermissionByUuid(String permission, String projectUuid) {
- return projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid);
- }
-
@Override
public boolean hasComponentPermission(String permission, String componentKey) {
String projectKey = projectKeyByComponentKey.get(componentKey);
return projectKey != null && hasProjectPermission(permission, projectKey);
}
+ private boolean hasProjectPermission(String permission, String projectKey) {
+ return hasPermission(permission) || (projectPermissionsCheckedByKey.contains(permission) && projectKeyByPermission.get(permission).contains(projectKey));
+ }
+
@Override
public boolean hasComponentUuidPermission(String permission, String componentUuid) {
String projectUuid = projectUuidByComponentUuid.get(componentUuid);
return projectUuid != null && hasProjectPermissionByUuid(permission, projectUuid);
}
+
+ private boolean hasProjectPermissionByUuid(String permission, String projectUuid) {
+ return hasPermission(permission) || (projectPermissionsCheckedByUuid.contains(permission) && projectUuidByPermission.get(permission).contains(projectUuid));
+ }
}
return currentUserSession.globalPermissions();
}
- @Override
- public boolean hasProjectPermission(String permission, String projectKey) {
- return currentUserSession.hasProjectPermission(permission, projectKey);
- }
-
- @Override
- public boolean hasProjectPermissionByUuid(String permission, String projectUuid) {
- return currentUserSession.hasProjectPermissionByUuid(permission, projectUuid);
- }
-
@Override
public boolean hasComponentPermission(String permission, String componentKey) {
return currentUserSession.hasComponentPermission(permission, componentKey);
}
@Override
- public UserSession checkGlobalPermission(String globalPermission) {
- return currentUserSession.checkGlobalPermission(globalPermission);
- }
-
- @Override
- public UserSession checkGlobalPermission(String globalPermission, @Nullable String errorMessage) {
- return currentUserSession.checkGlobalPermission(globalPermission, errorMessage);
- }
-
- @Override
- public UserSession checkAnyGlobalPermissions(Collection<String> globalPermissions) {
- return currentUserSession.checkAnyGlobalPermissions(globalPermissions);
- }
-
- @Override
- public boolean hasGlobalPermission(String globalPermission) {
- return currentUserSession.hasGlobalPermission(globalPermission);
+ public UserSession checkPermission(String globalPermission) {
+ return currentUserSession.checkPermission(globalPermission);
}
@Override
- public UserSession checkProjectPermission(String projectPermission, String projectKey) {
- return currentUserSession.checkProjectPermission(projectPermission, projectKey);
+ public UserSession checkAnyPermissions(Collection<String> globalPermissions) {
+ return currentUserSession.checkAnyPermissions(globalPermissions);
}
@Override
- public UserSession checkProjectUuidPermission(String projectPermission, String projectUuid) {
- return currentUserSession.checkProjectUuidPermission(projectPermission, projectUuid);
+ public boolean hasPermission(String globalPermission) {
+ return currentUserSession.hasPermission(globalPermission);
}
@Override
// verify the session used inside Privileged task
assertThat(catcher.userSession.isLoggedIn()).isFalse();
- assertThat(catcher.userSession.hasGlobalPermission("any permission")).isTrue();
- assertThat(catcher.userSession.hasProjectPermission("any permission", "any project")).isTrue();
+ assertThat(catcher.userSession.hasPermission("any permission")).isTrue();
+ assertThat(catcher.userSession.hasComponentPermission("any permission", "any project")).isTrue();
// verify session in place after task is done
assertThat(threadLocalUserSession.get()).isSameAs(session);
// verify the session used inside Privileged task
assertThat(catcher.userSession.isLoggedIn()).isFalse();
- assertThat(catcher.userSession.hasGlobalPermission("any permission")).isTrue();
- assertThat(catcher.userSession.hasProjectPermission("any permission", "any project")).isTrue();
+ assertThat(catcher.userSession.hasPermission("any permission")).isTrue();
+ assertThat(catcher.userSession.hasComponentPermission("any permission", "any project")).isTrue();
}
}
import java.util.Arrays;
import org.junit.Test;
import org.sonar.api.web.UserRole;
-import org.sonar.db.component.ComponentDto;
import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.db.component.ComponentDto;
+import org.sonar.db.component.ComponentTesting;
import org.sonar.db.component.ResourceDao;
import org.sonar.db.component.ResourceDto;
import org.sonar.db.user.AuthorizationDao;
-import org.sonar.db.component.ComponentTesting;
import org.sonar.server.exceptions.ForbiddenException;
import static com.google.common.collect.Lists.newArrayList;
import static org.mockito.Mockito.when;
public class ServerUserSessionTest {
+ static final String LOGIN = "marius";
+ static final String PROJECT_KEY = "com.foo:Bar";
+ static final String PROJECT_UUID = "ABCD";
+ static final String FILE_KEY = "com.foo:Bar:BarFile.xoo";
+ static final String FILE_UUID = "BCDE";
+
AuthorizationDao authorizationDao = mock(AuthorizationDao.class);
ResourceDao resourceDao = mock(ResourceDao.class);
@Test
public void has_global_permission() {
- UserSession session = newServerUserSession().setLogin("marius");
+ UserSession session = newServerUserSession().setLogin(LOGIN);
- when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin"));
+ when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList("profileadmin", "admin"));
- assertThat(session.hasGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)).isTrue();
- assertThat(session.hasGlobalPermission(GlobalPermissions.SYSTEM_ADMIN)).isTrue();
- assertThat(session.hasGlobalPermission(GlobalPermissions.DASHBOARD_SHARING)).isFalse();
+ assertThat(session.hasPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN)).isTrue();
+ assertThat(session.hasPermission(GlobalPermissions.SYSTEM_ADMIN)).isTrue();
+ assertThat(session.hasPermission(GlobalPermissions.DASHBOARD_SHARING)).isFalse();
}
@Test
public void check_global_Permission_ok() {
- UserSession session = newServerUserSession().setLogin("marius");
+ UserSession session = newServerUserSession().setLogin(LOGIN);
- when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin"));
+ when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList("profileadmin", "admin"));
- session.checkGlobalPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
+ session.checkPermission(GlobalPermissions.QUALITY_PROFILE_ADMIN);
}
@Test(expected = ForbiddenException.class)
public void check_global_Permission_ko() {
- UserSession session = newServerUserSession().setLogin("marius");
+ UserSession session = newServerUserSession().setLogin(LOGIN);
- when(authorizationDao.selectGlobalPermissions("marius")).thenReturn(Arrays.asList("profileadmin", "admin"));
+ when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList("profileadmin", "admin"));
- session.checkGlobalPermission(GlobalPermissions.DASHBOARD_SHARING);
+ session.checkPermission(GlobalPermissions.DASHBOARD_SHARING);
}
@Test
- public void has_project_permission() {
- UserSession session = newServerUserSession().setLogin("marius").setUserId(1);
- when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar"));
-
- assertThat(session.hasProjectPermission(UserRole.USER, "com.foo:Bar")).isTrue();
- assertThat(session.hasProjectPermission(UserRole.CODEVIEWER, "com.foo:Bar")).isFalse();
- assertThat(session.hasProjectPermission(UserRole.ADMIN, "com.foo:Bar")).isFalse();
- }
+ public void has_component_permission() {
+ UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1);
- @Test
- public void has_project_permission_by_uuid() {
- UserSession session = newServerUserSession().setLogin("marius").setUserId(1);
- when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList("ABCD"));
+ String componentKey = FILE_KEY;
+ when(resourceDao.getRootProjectByComponentKey(componentKey)).thenReturn(new ResourceDto().setKey(componentKey));
+ when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(componentKey));
- assertThat(session.hasProjectPermissionByUuid(UserRole.USER, "ABCD")).isTrue();
- assertThat(session.hasProjectPermissionByUuid(UserRole.CODEVIEWER, "ABCD")).isFalse();
- assertThat(session.hasProjectPermissionByUuid(UserRole.ADMIN, "ABCD")).isFalse();
+ assertThat(session.hasComponentPermission(UserRole.USER, componentKey)).isTrue();
+ assertThat(session.hasComponentPermission(UserRole.CODEVIEWER, componentKey)).isFalse();
+ assertThat(session.hasComponentPermission(UserRole.ADMIN, componentKey)).isFalse();
}
@Test
- public void check_project_permission_ok() {
- UserSession session = newServerUserSession().setLogin("marius").setUserId(1);
- when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar"));
+ public void has_component_uuid_permission() {
+ UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1);
- session.checkProjectPermission(UserRole.USER, "com.foo:Bar");
- }
-
- @Test(expected = ForbiddenException.class)
- public void check_project_permission_ko() {
- UserSession session = newServerUserSession().setLogin("marius").setUserId(1);
- when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar2"));
+ String componentUuid = FILE_UUID;
+ when(resourceDao.selectResource(componentUuid)).thenReturn(new ResourceDto().setUuid(componentUuid).setProjectUuid(PROJECT_UUID));
+ when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(PROJECT_UUID));
- session.checkProjectPermission(UserRole.USER, "com.foo:Bar");
+ assertThat(session.hasComponentUuidPermission(UserRole.USER, componentUuid)).isTrue();
+ assertThat(session.hasComponentUuidPermission(UserRole.CODEVIEWER, componentUuid)).isFalse();
+ assertThat(session.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)).isFalse();
}
@Test
- public void check_project_uuid_permission_ok() {
- UserSession session = newServerUserSession().setLogin("marius").setUserId(1);
+ public void has_component_permission_with_only_global_permission() {
+ UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1);
- ComponentDto project = ComponentTesting.newProjectDto();
- when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(project.uuid()));
+ String componentKey = FILE_KEY;
+ when(resourceDao.getRootProjectByComponentKey(componentKey)).thenReturn(new ResourceDto().setKey(componentKey));
+ when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList(UserRole.USER));
- session.checkProjectUuidPermission(UserRole.USER, project.uuid());
+ assertThat(session.hasComponentPermission(UserRole.USER, componentKey)).isTrue();
+ assertThat(session.hasComponentPermission(UserRole.CODEVIEWER, componentKey)).isFalse();
+ assertThat(session.hasComponentPermission(UserRole.ADMIN, componentKey)).isFalse();
}
- @Test(expected = ForbiddenException.class)
- public void check_project_uuid_permission_ko() {
- UserSession session = newServerUserSession().setLogin("marius").setUserId(1);
+ @Test
+ public void has_component_uuid_permission_with_only_global_permission() {
+ UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1);
- ComponentDto project = ComponentTesting.newProjectDto();
- when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(project.uuid()));
+ String componentUuid = FILE_UUID;
+ when(resourceDao.selectResource(componentUuid)).thenReturn(new ResourceDto().setUuid(componentUuid).setProjectUuid(PROJECT_UUID));
+ when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList(UserRole.USER));
- session.checkProjectUuidPermission(UserRole.USER, "another project");
+ assertThat(session.hasComponentUuidPermission(UserRole.USER, componentUuid)).isTrue();
+ assertThat(session.hasComponentUuidPermission(UserRole.CODEVIEWER, componentUuid)).isFalse();
+ assertThat(session.hasComponentUuidPermission(UserRole.ADMIN, componentUuid)).isFalse();
}
@Test
- public void has_component_permission() {
- UserSession session = newServerUserSession().setLogin("marius").setUserId(1);
+ public void check_component_key_permission_ok() {
+ UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1);
- String componentKey = "com.foo:Bar:BarFile.xoo";
- when(resourceDao.getRootProjectByComponentKey(componentKey)).thenReturn(new ResourceDto().setKey(componentKey));
- when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(componentKey));
+ when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(new ResourceDto().setKey(PROJECT_KEY));
+ when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(PROJECT_KEY));
- assertThat(session.hasComponentPermission(UserRole.USER, componentKey)).isTrue();
- assertThat(session.hasComponentPermission(UserRole.CODEVIEWER, componentKey)).isFalse();
- assertThat(session.hasComponentPermission(UserRole.ADMIN, componentKey)).isFalse();
+ session.checkComponentPermission(UserRole.USER, FILE_KEY);
}
@Test
- public void check_component_key_permission_ok() {
- UserSession session = newServerUserSession().setLogin("marius").setUserId(1);
+ public void check_component_key_permission_with_only_global_permission_ok() {
+ UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1);
- when(resourceDao.getRootProjectByComponentKey("com.foo:Bar:BarFile.xoo")).thenReturn(new ResourceDto().setKey("com.foo:Bar"));
- when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar"));
+ when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(new ResourceDto().setKey(PROJECT_KEY));
+ when(authorizationDao.selectGlobalPermissions(LOGIN)).thenReturn(Arrays.asList(UserRole.USER));
- session.checkComponentPermission(UserRole.USER, "com.foo:Bar:BarFile.xoo");
+ session.checkComponentPermission(UserRole.USER, FILE_KEY);
}
@Test(expected = ForbiddenException.class)
public void check_component_key_permission_ko() {
- UserSession session = newServerUserSession().setLogin("marius").setUserId(1);
+ UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1);
- when(resourceDao.getRootProjectByComponentKey("com.foo:Bar:BarFile.xoo")).thenReturn(new ResourceDto().setKey("com.foo:Bar2"));
- when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList("com.foo:Bar"));
+ when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(new ResourceDto().setKey("com.foo:Bar2"));
+ when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(PROJECT_KEY));
- session.checkComponentPermission(UserRole.USER, "com.foo:Bar:BarFile.xoo");
+ session.checkComponentPermission(UserRole.USER, FILE_KEY);
}
@Test
public void check_component_uuid_permission_ok() {
- UserSession session = newServerUserSession().setLogin("marius").setUserId(1);
+ UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1);
ComponentDto project = ComponentTesting.newProjectDto();
ComponentDto file = ComponentTesting.newFileDto(project, "file-uuid");
@Test(expected = ForbiddenException.class)
public void check_component_uuid_permission_ko() {
- UserSession session = newServerUserSession().setLogin("marius").setUserId(1);
+ UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1);
ComponentDto project = ComponentTesting.newProjectDto();
- ComponentDto file = ComponentTesting.newFileDto(project, "file-uuid");
when(resourceDao.selectResource("file-uuid")).thenReturn(new ResourceDto().setProjectUuid(project.uuid()));
when(authorizationDao.selectAuthorizedRootProjectsUuids(1, UserRole.USER)).thenReturn(newArrayList(project.uuid()));
@Test(expected = ForbiddenException.class)
public void check_component_key_permission_when_project_not_found() {
- UserSession session = newServerUserSession().setLogin("marius").setUserId(1);
+ UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1);
- when(resourceDao.getRootProjectByComponentKey("com.foo:Bar:BarFile.xoo")).thenReturn(null);
+ when(resourceDao.getRootProjectByComponentKey(FILE_KEY)).thenReturn(null);
- session.checkComponentPermission(UserRole.USER, "com.foo:Bar:BarFile.xoo");
+ session.checkComponentPermission(UserRole.USER, FILE_KEY);
}
@Test(expected = ForbiddenException.class)
public void check_component_dto_permission_ko() {
- UserSession session = newServerUserSession().setLogin("marius").setUserId(1);
+ UserSession session = newServerUserSession().setLogin(LOGIN).setUserId(1);
ComponentDto project = ComponentTesting.newProjectDto();
when(authorizationDao.selectAuthorizedRootProjectsKeys(1, UserRole.USER)).thenReturn(newArrayList(project.uuid()));
projects / sonarqube.git / commitdiff